we have two ASA5520-AIP40-K8 in our office and we purchase IPS service for one only, can we also update the signature of second device before purchasing additional IPS Services for second unit
View 1 RepliesI had installed the aheros AR5B97 wireless network adapter in wondows 7, but it was not properly installed and the wireless service icon is not displayed in the network profiles.when i checked it in the device manager it showed a device status that:Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)
View 1 Replies View RelatedWe have a pair of 5510s and a pair of 5520s, each in Active/Standby mode. I'd like to upgrade the ASDM and ASA software on these, but am finding no documentation that advises on how this can be done without physical access to the devices. It so happens I am on site, but we will be deploying these throughout our network and I'd like to be able to perform this type of maintenance without travelling to each site. We utilize CSM and ASDM to manage these for the most part, but are certainly capable of configuring via CLI.
The issue may be my lack understanding of the ASA fundamentals, but I don't really get how the software can be copied to the individual ASAs of the pair so they may be reloaded and upgraded without outage. With a remote SSH connection to the pair, I'm only copying the software to the Active ASA, correct? Or is there a way to get the software to each disk individually from the single SSH connection? I'm not quite sure how to manage the Standby ASA without consoling into it... If I can indeed remotely get the software to each ASA (copying to different disks?? i.e. disk0: and disk1:?), then I also run into an issue updating the boot statement for each of them individually, though to resolve that I suppose I could just remove the old software, but that seems like bad practice before confirming the new software is ok.If there is a simpler way of deploying new code via ASDM or CSM, I'm certainly open to that.
I would like to ask whether SHA1 signature algorithm is available for FWSM. We use FWSM code version 3.2(22) in our production network where only MD5 signature algorithm is available. There is a need to upgrade to stronger algorithm SHA1. From my experience I know that this is possible on ASA firewalls running on 8.4. codes. Certificates generated on code 8.4. automatically use SHA1 with RSA Encryption.
Is it possible to have Signature algorithm SHA1 on FWSM? If so, in which code version?
hba-pf-a# sh crypto ca cert
Certificate
Status: Available
Certificate Serial Number: caf44050
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
[Code] .....
I try to change password on the ASA 5520 device and its not getting changed.
FW(config)# enable password cisco1234(config)# end
After that I perform a write memory.
But somehow I relogin again the enable password still remain as the old enable password
version : 7.2(5)2.
I have running a LMS master/slave installation with version 3.2.1 and patch for the cisco download running.Now I get on two of the three servers a NullPointerException if I want to go to the Device Update in CS.This is the output from stderr.log:
Feb 17, 2012 8:58:34 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet action threw exception
java.lang.NullPointerException
at com.cisco.nm.xms.psu.ui.gui.model.ViewProduct.getAllProducts(ViewProduct.java:45)
at com.cisco.nm.xms.psu.ui.gui.model.ProductList.getAllRegProducts(ProductList.java:21)
[code].....
I did the installation the same way on all three servers.
we are running LMS 3.0.1. When I attempt to update the devices for RME I received the following error messages.
Number of Packages Selected for Install : 82
For Product(s) : Resource Manager Essentials
Install Invoked by user : admin
The Package(s) Selected for Install :
[code]....
Everytime I try to use the Cisco.com device update I receive the error in the attached file.
I'm not sure if this is related to me not configuring the proxy settings since we do not use a proxy server.
I've configured our CCO username and password only. Is there a known issue with using the web GUI to get updates using the cisco.com option?
I have upgraded to prime LMS 4.2.2 (from 4.0.1) and can not perform system or device upgrade. Using wireshark I can see why. it looks like LMS is trying to go to this old web [URL] to get software. I believe this was fixed years ago in bug CSCto46927.
Can I reapply bug fix CSCto46927 on 4.2.3 or is there another fix?
i used the software center to download latest device packages, all downloaded to PSU_Downloads folder , i want to know how to install them with GUI if possible , as i tried to use CLI but it seems that i'm using bad syntax.
View 2 Replies View RelatedI have CiscoWorks LMS3.2 with RME4.3.1 and CS 3.3.0.
When I will update the devices and I go to Common Services - Software Center Device Update and I mark Resource Manager Essential then I receive this window:
Now I choose the Rtr2900 package (same problem for all six packages) and when I will download it, then after define the destination path for the file I see this window:
Then I have tried to download it manually with the following command: PSUCli.bat -p rme -d -dst c:psu_download -all
The six packages that are showed in the picture above were not downloaded.
I assume that there is an error on Cisco side because the size of the six packages is NA.
Or is there another possibility to download the package for the Rtr2900?
yesterday I tried to connect to our ASA 5520 using ASDM Launcher, which has alwasy worked before. For some reason ASDM Launcher is no longer working from both my Win XP desktop and Win XP laptop. I can open ASDM through the browser but not the launcher. Both desktop and laptop have Java 7 U 6. I'm not sure if I can back rev my Java.
View 4 Replies View RelatedThe router(Cisco 857) appears to be boot, and operate normally.I have tried formating the flash, re-downloading and FTP uploading the image, and also tried the latest image c850-advsecurityk9-mz.124-15.T17.bin, but this warning message persists. [code]
View 3 Replies View RelatedWe have recently purchased a Cisco ISR 2921, and on its docs it is written that this product has a License for IOS IPS Signature File, but on the product Flash Memory there is no IOS IPS Sig-File. and while i try to download the signature file from Cisco, it fails.
View 1 Replies View Relatedone of our customers wants to update the firmware of a 5508 wlc, but always gets the following error message:
Error Message %UPDATE-3-INV_FILE_SIGN: Error! Invalid image signature!. Image may be corrupt.
but the same image works fine on another 5508.the update was downloaded via a smartnet for the wlc, on which the update works fine. does the customer has to download another image for the second controller, or should the image work on both wlc?
i am setting up a LAN to LAN VPN between Cisco ASA 5520 and Juniper device. its my first time i am setting this up. What will be the peer device of my device that i need to give to the other person.. is this the outside address of my device ?
Also with the setup i have made i am getting the follwong error msg:
IKE Peer: 81.45.22.222 Type : L2L Role : responder Rekey : no State : MM_WAIT_MSG5
also i was getting Type: user intead of l2l - what does htis mean as well
I have added manually the cisco asa 5520 to lms 4.2 , because automatically the lms didn't discover it ,however when i tried to open the device using cisco.MessageCannot find applicable device package for 192.168.100.100This error could be due to one of the following:- The device package for this device type is not installed.- Device support for this device type is not available.- You are trying to open a component inside a device.To correct the problem, either install a device package for the device type, or open the parent device to manage the component.
View 1 Replies View RelatedI'll have to replace an old WS-C3550-24. Reasons for this: EOL/EOS & we'll need a NAT capable device...
As I understood, the only L3 catalyst that is able to perform NAT is a 6500? Is that correct? If the above is correct, it seems I can only replace the setup by using a router/ASA with a L2 switch. A router with high throughput (+/- 300Mbps) is hard to find, especially as NAT will require CPU resources...
So, my best (affordable price) solution is getting an ASA5520 (450Mbps FW throughput) and a L2 switch?
I installed Windows 8 on my Dell laptop and my bluetooth device doesn't work properly. When Windows 7 was installed and my laptop and my Samsung Galaxy S3 were paired I could play songs from my phone on my computer. But now it is not possible on Windows 8.
View 1 Replies View RelatedWhen I upgrade the ios on switches, I just create int vlan1 assign it an ip and subnet, then tftp to my pc that is plugged into the switchport using the download-sw command.
I am not sure how to do this on the asa. Do I just plug my pc into port 0 which the documentation says is mapped to vlan 1 with and ip of 192.168.1.1? I tried this by making my pc's ip 192.168.1.2 but am unable to ping the asa. Do I have to change the security level or anything?
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies View RelatedI just got an ASA 5505 with Cisco Adaptive Security Appliance Software Version 8.0(4) alredy loaded on it. Should I update/upgrade it to the newest IOS release, or is the 8.0(4) good and stable?
View 3 Replies View RelatedI have problem that ASA5505 cannot update the time to the NTP which I set to local host connect with the ASA.Refer to the picture below, the ASA time cannot update to 10:49 from 10:29 accordingly. I already set the NTP address to the local host IP address.It can be seen at the NTP at the ASDM as well as the command line below :ntp server 192.168.50.6 source dmz.
View 4 Replies View RelatedI'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies View RelatedWe are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
Im upgrading a asa 5510 from 8.3 to 8.4.
I know from 8.2 to 8.3 was not a mirror update because of nat and access-list but is from 8.3 to 8.4 a mirror update or is there anything which I should be aware of?
I manage one CSC from one of my customers. All ok with this module except updates for PhishTrap pattern.I reset and restarted the module. CSC have valid licence and no warnings about Maintenance Agreement.
I tried to do this operation manualy but stil receive in Update tab the output that packet 1012 it's available but failed to update to this version.In TmuDump file log i see that this .zip file it's downloaded and CSC try to merge with current file (1011) .I attached the part with this step from log file and sh ver output from CSC.
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
View 1 Replies View RelatedTwo different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.
View 8 Replies View RelatedI have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
[URL] 209.151.225.100
Can I use the following command to set ntp server?
ntp server 209.151.225.100 source outside.
communication between 2 vlans.i have 2 vlans
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add 2.2.2.2
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.
I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
Nothing changed and firewall continue restarting by itself.
Last logs I received before crash were:
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack = 0x084A619E 0x084A6512 0x084A70E1 0x084A7987 0x084A7AAA 0x08558B9B 0x08558E8A 0x083D3518 0x083CA145 0x080659D1 0x089196D9 0x08919790 0x089FF711 0x08A27468
Here the sh crash info command on module 0, after last reboot:
[Code] ......