Cisco Firewall :: CPU Load ASA 5510 V. 8.4(4).1
Apr 26, 2013
Currently, we are monitoring a Cisco ASA which is running Software version 8.4(4).1. It is showing high cpu load (reaching 90%) at some hours, and our client (who is the owner) has asked us to troubleshoot this issue, since this is not a normal operating condition for the ASA.
We have checked over many forums and documents about "high cpu related to Dispatch Unit process", but we still don't know where to begin, and what steps we could recommend to our client. I have uploaded an archive, where I have extracted these outputs:
-show processes cpu-usage sorted non-zero
-show memory
-show service-policy global
-show interface
-show run threat
View 1 Replies
ADVERTISEMENT
May 2, 2011
Have a new ASA 5510 connected to the laptop via console. I need to load the IOS and the configure from another ASA. I have tftp client on the laptop. Do I just need to set the inside IP to the same subnet as my laptop? Will I need a crossover cable?
View 1 Replies
View Related
Sep 23, 2012
I have configured a tplink dual wan router + cisco ASA5510.
NET 1---- TP LINK ---- ASA5510 ---- COMPUTERS
NET 2----
The message: this page can not be displayed this showing. Some web pages only load when I click F5.
View 1 Replies
View Related
Jun 28, 2011
We are now using a ASA 5510 firewall and we would like to configure a internet load balance traffic in our environment.For example, some IP addresses go through local gateway for internet routing but some address go through VPN tunnel gateway.
View 1 Replies
View Related
Sep 13, 2011
Is there a way to load a spare compact flash with a running-config, ASA IOS, & ASDM software via card reader? I need to load another flash card with all of the settings necessary for normal operation. This "spare" card will replace the flash that is currently in use. The reason for the replacement is capacity and because of changes made to the running-config. The "in-use" card is 256MB, the "spare" one is 512MB. Also, the new card will have a few changes made to the running-config, so it will, in essence, be a reload.
I have a card reader for the compact flash cards. If there is a way to load up this new card using the card reader, without monkeying with the firewall, I would prefer that. Like I said in the previous paragraph, this new flash card will replace the other one, once it's ready.
Hardware: ASA 5510
CF: 256MB (wanting to upgrade to the new 512MB card)
ASA IOS: 8.4
View 15 Replies
View Related
Sep 13, 2011
Currently we have deployed site to site vpn between 2 asa 5510 model. one is corporate site and one is remote site. now we plan to use radware load balancer in which 2 isp will terminate. now if at a remote site wecreate only 1 ipsec tunnel and mention sigle isp peering. if one isp fails at corporate how remote site will be access by site to site vpn through 2 isp vpn. what thing we need to do over asa as well as load balancer at both end.
View 6 Replies
View Related
Sep 26, 2012
I have been locked out of using my VPN over the past week because of the error "Failed to Load Preferences". Whenever I open the cisco anyconnect and select the current selection or enter in a new connection I get that error. I have tried reinstalling, deleting out the cisco folder from my user account, and running cisco through the web that gives me the error "Web-based installation was unsuccessful. If you wish to install the CIsco Anyconnect VPN Client, you may download an installer package."
View 5 Replies
View Related
May 26, 2011
I've tried 3 different machines including a server.
Basically when I try to access my ASA 5510 with the ASDM software the software never loads. So I have tried to access it through the management port https://192.168.1.2 and installed the software. The software starts up, I enter the password and it connects and loads to 100% but doesn't go beyond that point. I then try the java applet, and it as well loads up to 100% and says "Please wait, the main is coming up."
I have http server enabled, and asdm image is pointed correctly
As I said, I've tried this on two Windows XP machines and a machine running Server 2008.
I can connect through CLI all day and all night, but I'd rather (read feel much safer) configuring it through ASDM.
Here is some system version info
Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)
Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
View 4 Replies
View Related
Mar 4, 2011
I have two ISP circuits and the following devices in hand:
1. Cisco ASA 5510
2. Cisco 2800 router
3. Cisco 3750 switch
I've finished a part of the configs on above equipments, please refer to the attached diagram.And I'm making a test in order to achieve the below features:
1. By default, packets from PC1 go out through ISP 1. Packets from PC2 go out through ISP 2
2. When ISP 1 is down, packets from PC1 changed its way to ISP 2 through the 2800 router. And when ISP 2 is down, Packets from PC2 changed its way to ISP 1 through ASA 5510.
View 2 Replies
View Related
Jul 25, 2012
I have the problem, that when I want to connect to the VPN Gateway (ASA 5510) with the AnyConnect Client 3.0 I will get the error "Failed to load preferences" when I try to connect via the SSL Portal of the ASA, everthing works fine... I have tried to reinstall the Client - without any success.
View 3 Replies
View Related
Aug 17, 2011
We have two Cisco ASA 5510 Firewalls at one site, and two non-Cisco firewalls at another. Both firewall pairs are configured for high availability (Active-Passive), and both have redundant links to the Internet via routers running HSRP. In the event that one of the Internet routers were to fail, we require the VPN to dynamically move from using the old path via the failed router to using the new router with minimal downtime.
I have been looking at using VPN load balancing to achieve this but the only configuration example I can find is for Cisco VPN Client url... Is it possible to define a static crypto map with the VIP of the load balanced group as the peer IP? So in the non-Cisco devices I will define the VIP of the load balanced group?
View 1 Replies
View Related
Jan 26, 2012
now i have some problem on Cisco Switch 3750 and ASA 5510, i would like to do loandbalancing on Cisco Switch 3750 and Active/Standby on ASA 5510.
which topology that we can use on this diagram, i mean which protocol connect 3750(2unit) to ASA 5510(2unit) and ASA 5510 to 3750, which protocol 3750.
View 6 Replies
View Related
Jun 24, 2012
I have an ASA 5510 running ASDM 6.4(9) and Cisco Adaptive Security Appliance Software Version 8.4(4)1.I am trying to configure for the first time and I am accessing the ASA via its Management Interface.I am successfully able to connect to the device and get to the Cisco ASDM 6.4(9) page.When I try to run the startup wizard, a couple of prompts displays up to the point where the java applet runs and aks me to enter my IP, username and password.As it is a new system, password and username is blank so I enter and I get a message saying "loading software from cache" which later changes to "software Update completed" and then nothing happens.I am running MacOSX 10.7 Lion, Java version 1.6.0_33.I did try and run this on a Windows system and i was able to load the interface.
View 2 Replies
View Related
Aug 4, 2011
i have an ASA 5510. it was running asa708-k8.bin and i have attempted to install asa821-k8.bin. i have done this on many ASAs before effortlessly.this time i have had an issue. the ASA will not load the new image, and for some reason will not even load the old.the ASA seems to just keep crashing. i have erased disk0 (advised in forum): and attempted to load the image from tftp. please see below. i know i need to re-formaet the flash, but cannot get into the ASA at all to complete this. [code]
View 2 Replies
View Related
Jan 28, 2013
I have a new 5585x with only basic ip information on it. I can't get the ASDM to load from any interface. Browser just says cannot load page. I upgraded to 9.1 and ASDM 7.11-52. (Also did not work before I upgraded) I can ping the managment 0 interface and can tftp data to and from it. Also unable to telnet to the management interface. [code]
View 2 Replies
View Related
Mar 2, 2013
I have two Internet connections which are connected to two ISR 2951s. Also I have two ASAs 5545-Xs, which I want to use in Active/Active failover mode with multicontext. The question is: how can I configure ASAs to perform ISP load-balancing as well?
View 4 Replies
View Related
Jul 20, 2011
I was looking in the CISCO webpage how to load an IOS from a tftp server but i got some questions:
I got the information from this webpage: [URL]
rommon #1> ADDRESS=10.132.44.177 <---- Which IP address? the one that I got on my firewall?
View 3 Replies
View Related
Oct 17, 2011
I have a ASA# here that refuses to load 8.x# code. I do not have an issue loading 7.x# code at all. When I power on the ASA# it does not pass the fsck#.
Loading /asa842-k8.bin#... Booting...Platform ASA5520# Loading...IO memory blocks requested from bigphys# 32bit#: 20848dosfsck# 2.11, 12 Mar 2005, FAT32#, LFN#
I have tried 8.0, 8.2, 8.3, 8.4 codes. I have also swapped RAM and flash.
View 5 Replies
View Related
May 3, 2012
I recently implemented an ASA 5520 HA pair with CSC-SSM-20s in each non stateful per cisco. The CSC management sits in a management subnet 192.168.4.0/24 with the management interface of the ASA as its default gateway in the same subnet. Ever since the implementation frequently webpages will not load correctly, the formating will not look right and pictures will be red x. If you hit f5 to refresh the pages loads fine. If I add a deny any any eq 80 rule before the permit any any eq 80 the issue appears to go away. TAC can't seem to find anything worng. All we want to do is use a simple web content filter with the check boxes in the global filtering policy. ASA is running 8.2(5) and CSC is running 6.3.1172.0. Everything else works fine SVC and rules and such. [code]
View 2 Replies
View Related
Apr 24, 2013
We want to us an ISA570 and load balance between two isp connections, two of our switches will be standalones and not connected to one another. One switch will be for data and another VOIP/Data. The ISA will also do NAT and we need to make sure that the VOIP network can get out to the first isp. I assume we will need a static route for that to make sure it goes out the right isp. I just don't know if routing mode needs to be enabled in order to specify a static route, because I heard you can't have NAT and do routing mode at the same time.
View 2 Replies
View Related
Jun 26, 2012
I'm using DIR 600 for home use. Recently, I noticed that I have trouble connecting to some websites (Twitpic.com, 4shared.com) which I never had any problems before I used the wireless router. It doesn't exactly block the websites but rather it won't load completely (i.e., with Twitpic, I can load the site but not the images; for 4shared I really can't load the page itself).Initially, I had problems updating JDownloader after installation. I tried using our old Edimax wired router, and the JDownloader update worked flawlessly. I also tried loading Twitpic while connected via LAN, and it also worked properly.I'm assuming the problem lies with the wireless router but when I set it up for use I only tinkered with the WPA/WPA2 security for a password-secured wifi connection at home, and nothing more since I can't understand the other features.
View 5 Replies
View Related
Nov 15, 2011
We have an ASA 5540 running 8.4(1) on the inside of dual Internet-facing border routers. The routers run BGP facing out and EIGRP facing in, with the ASA also running EIGRP for the same AS. Both routers redistribute a default route into EIGRP. It was my understanding and expectation that the ASA would learn both of these, as they are equal cost, and load-balance the outbound traffic over the two links. This does not appear to be the case.
The routers both have:
router eigrp 100
network nn.nn.nn.nn 0.0.0.0
redistribute static
[Code].....
View 9 Replies
View Related
Oct 18, 2012
My macbook pro recently upgraded to the last version of java and now I can open the ASDM for my Cisco ASA 5505, when I try open, only show me the window of Java 7 ..., and don't load the ASDM.
View 15 Replies
View Related
Sep 26, 2011
We use Cisco ASA 5520 (in HA configuration) connected to Cisco Switch 3750, ISP connection (25 Mbps) is straight to cisco 3750 switch. Since, Internet traffic is now high, a seecond ISP will be added.Our plan is to do Internet Link Load Balancing. My understanding that AS5520 can not do balancing.What appliance do you think I can use to accomplish the link balance?Also, take in consideration that our current ASA is also our VPN server and there are two DMZ zones.
View 1 Replies
View Related
Feb 21, 2012
We want to achieve a load balancing scenario using Virtual IP on DMZ interface on a Cisco ASA 5520.
The IPs we are going to use on DMZ are 10.15.1.2 and 10.15.1.3
These IPs are going to be NATted to all inside IPs.
Lets say our outside IP is X.X.X.X
This IP points to 10.15.1.2 and 10.15.1.3 with .2 being the primary and .3 being the secondary. When I hit the outside IP, it should point me to .2 and that .2 should take me to the inside IPs.
View 1 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 5, 2012
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
View 1 Replies
View Related
Jun 22, 2011
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Oct 20, 2012
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies
View Related
Nov 15, 2012
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Nov 21, 2011
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
View 2 Replies
View Related
