Cisco Firewall :: Configuration Migration From ASA 5540 Running 7.2 To 5525X Running 9.1
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
ADVERTISEMENT
Jun 11, 2013
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
View 9 Replies
View Related
Jan 9, 2012
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
View 4 Replies
View Related
Feb 16, 2011
We have ASA 5540, running IOS 8.2.(4). For some reason, I kept getting email notification about this message
"<155>Feb 17 2011 04:59:16: %ASA-3-106014: Deny inbound icmp src Outside:74.125.24.179 dst Inside:74.125.20.1 (type 3, code 1)".
Sometimes, I get this email notification 3 times within 1 minute interval. What caused this type of error message and how to fix it? No one was logging in to Cisco VPN client when this error occurred.
View 25 Replies
View Related
Jun 26, 2011
we have a pix 515E firewall with software version Cisco PIX Security Appliance Software Version 7.0(4) and ASDM version Device Manager Version 5.0(4). we are in a process of upgrading the software. Kindly suggest the software and ASDM version most fit for the device. Also the software should be compatilbe for the current configuation running.
View 3 Replies
View Related
Aug 7, 2011
We have ASA 5540. We setup Site-to-Site VPN and Remote Access VPN (Cisco VPN client). If are running full tunnel on the Cisco VPN client, the internet access is slow. For example, when we are running full-tunnel, the internet speed is 16 Mbps based on Speedtest.net. When we go to Speedtest.net, some of the graphics do not load. If we are running Split-tunnel, the internet access speed is 78 Mbps based on Speedtest.net and the Speedtest.net web site loads all the graphics.
View 6 Replies
View Related
Oct 25, 2011
Would it be possible to change output style of "sh running-config" in SF-300 switches to Cisco IOS-like format (eg.: options related to the specific interface put together, add tabs) in the next release?
View 24 Replies
View Related
Jun 22, 2011
There are some troubles in my 7206 vxr . The process of this problem below.
LOG:
Self decompressing the image : ####################################################################################################################################################################################################################################################################################################################################################################
[Code]...
View 2 Replies
View Related
Jul 13, 2011
command to get running config of Cisco VPN 3000 concentrator.
View 3 Replies
View Related
Feb 3, 2013
I'm running LMS3.2 and RME 4.3.1. I deployed a netconfig job to our network which consisted of approximately 800 devices.The report said that the job completed successfully however some of the devices didn't save thier running config to startup.
Is it possible to add a command or issue another netconfig job just to save the running config, so I can identify if the job fails on some devices? Using the tick box in the netconfig job doesn't seem to alert you if its not successful.
View 2 Replies
View Related
Apr 28, 2013
I've recently received this new Cisco 1921 routers with Cisco CP loaded, so it comes up with the annoying change username and password at first access. I've removed all of those files from the flash memory, and rebooted it, and it came up with the proper initial configuration dialog, which is what I wanted. But, whenever I configure the router with a set of basic configuration, like interface, routing, and snmp loggings, and hit wr mem, it doesn't display at all when I do "sh run". It's weird cause when I do sh run | sec rip or any other stuff that I have configured, it shows up , but not in sh run at all.
What's the deal with the new routers? Even sh version doesn't show the config-register or memory allocation details.
xxxxx#sh ver
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[Code].....
View 5 Replies
View Related
Mar 21, 2012
We were having a discussion in my group about startup vs running configs, and how often some network managers forget to "click save" when they configure a switch. Is there a way to configure Ciscoworks to copy the running config to the startup?
View 2 Replies
View Related
May 24, 2012
I am using ACS5.2 I want user to access the device with all necessary command like show run/ver/int/log… I try to set user privilege using Shell from 1 to 10 but show run doesn't work.
View 15 Replies
View Related
Aug 7, 2008
We have a bunch of switches that are running fine but the running-config file is missing and we can't save the config to the tftp server. IOS is c3550-ipbasek9-mz.122-37.SE1. I've got lots of these switches running the same code that are just fine.
View 8 Replies
View Related
Jan 11, 2012
Just picked up the E4200 and used Cisco Connect to install. Wanted to know a few things?
-Windows 7, 64 bit
-E4200 router
-AE2500 adapter
1) How can I tell if its running at optimal configuration?
2) Before with my previous router (netgear) I didn't see my router in Device Manager. Now its under Network Infrastructure Devices. It lists the name of my router, under that it lists Microsoft Wireless Router Module??
3) Before with my previous adapter (belkin) I would see my Network Adapter in Device Manager. I see my network adapter listed, under that Realtek PCI (LAN), but now there is another new device? Microsoft Virtual WiFi Miniadapter??
Why are these Microsoft devices showing in Device Manager? Did they not get installed correctly?
View 2 Replies
View Related
Jul 28, 2012
My issue is that when trying to run the setup software for my new cisco 4500 router, an error message comes up which states that the new mac operating system 10.8 aka mountain lion is not supported. so now i had no choice but to leave my network unprotected as i cannot run setup. I was just wondering if there was another method by which i can configure the router without running the setup cd.
View 3 Replies
View Related
Apr 2, 2012
My company is beginning to have a lot of sites were we are stacking 3 to 4 C2960S-48 switche.This is making "show running-config" very very long because of the 4 x 48 interfaces.I can’t find a CLI command that show me the running-config of a ranges of interfaces. If I for example would like to see running-config for switch 3 (interfaces 3/0/1-52)The Show Running-config will show all the interfaces (for the two first swtiche = 104 interfaces), which take a time before I reach to switch 3.I miss a CLI command like: show Running-config switch 3, or module 3, or show running-config interface range x/x/x-x ?I’m well aware of the CLI command show running-config interface x/x/x, but this will only show me one interface.
View 3 Replies
View Related
Oct 14, 2012
I have a new 6513 with 2 sup32's with IOS. This chassis will replace a working 6513 with 2 sup2's with CatOS.I would like to convert my CatOS running configs to IOS, and I know there used to be a tool for this.
I have searched around and found many broken links to an old Cisco tool to convert my former configs, is there any way to get this tool today? I have tried over 20 links and not been able to find a working one yet.
View 2 Replies
View Related
Jun 22, 2012
I have on 3750X stack with a few vlan
--------------------------------------------------
vvlansw06# sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/6, Gi1/0/10, Gi2/0/5
Gi2/0/6, Gi2/0/37
10 LAN_10 active Gi1/0/16, Gi1/0/17, Gi1/0/19
[code]....
where are the others vlan?
View 3 Replies
View Related
Apr 29, 2012
What is the exact command in restoring the running-config on a Nexus 7010. Is it the same command / procedure as the Cisco IOS?
View 3 Replies
View Related
Feb 12, 2013
I have old ASA with 8.0 configuration that includes huge number of ACL, NAT , VPNs , we got a new ASA with 8.6 , and we are planning to move the configuration to the new box , I'm wondering what is the best approach to do this , I'm thinking of one of the following scenarios1- downgrade the new ASA to 8.3 , the apply the config , remove the identity nat commands and names then upgrade to 8.6 and after that reconfigure the NAT rules and object groups .2- convert the old config manually to 8.6 code including NAT , object-group ,ACL and apply it to the new ASA ( this is going to be huge task). What are the commands that I have to look at when I convert to 8.6 and will the VPN configuration be affected ?
View 5 Replies
View Related
May 26, 2013
I was going through the release notes on cisco website of ASA 8.4.6 and ASDM 7.1.3 but I just can not find a definitely answer: if ASDM 7.1.3 can run with 8.4.6?
View 2 Replies
View Related
May 15, 2012
I'm having an issue configuring NAT on an ASA running 8.3. 've managed to configure NAT from the Inside interface to the DMZ, using PAT, so that the traffic is hidden behind the IP of the DMZ interface. This seems to work ok.
object network obj_any-18
subnet 0.0.0.0 0.0.0.0
object network obj_any-18
nat (inside,dmz1.005) dynamic interface
The problem I have is when I try to configure a rule for traffic that originates in the DMZ back to the Inside. I can't seem to get any traffic to flow from the DMZ to the Inside, and sometimes I manage to stop traffic flowing in both directions!
What would be the best way to configure the return traffic from the DMZ to the Inside.
View 12 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Feb 16, 2012
What would be the command to clear the df-bit on a PIX-515e running 6.3? I have tried the following:
conf t crypto ipsec df-bit clear-df inside and it doesn't take it.
View 1 Replies
View Related
Aug 2, 2011
I'm replacing a new ASA 5505 due to a corrupted flash. On the original unit, I had the ability to SSH into the device using TeraTerm with no problems. While configuring the new device, I entered commands to enable SSH into the unit.
View 5 Replies
View Related
Feb 28, 2011
I have a Cisco ASA 5520 running 8.2.2 with the VPN Plus license. I am wondering what is the max number of sub-interfaces you can have on a physical interface. I know on the 5505 it was 20 sub-interfaces if you were running the Security Plus license. What is the magic number for the 5520. I have hit 20 sub-interfaces on gi0/1 interface and now I am starting to run into problems with sub-interface #21.
View 1 Replies
View Related
Oct 27, 2011
I have VPN up and running between two sites. Both sites have Cisco ASA 5505. I can ping across the devices from both networks. But I cannot remote into the servers on the other network.
View 8 Replies
View Related
Mar 21, 2012
I Have an asa 5510 running code 7.2 configured with ssl vpn,ssl vpn users able to connect to to portal which i have configured with the required resources,but the thing is that these ssl users unable to upload files to cifs shared directory , although they have full access to the shared folder
View 0 Replies
View Related
Mar 3, 2011
I want to run two syslogs, one to Loglogic for compliance and the other to Solarwinds for network administration. Currently the firewall is setup for just the one syslog device. If I add an additional device ie further IP in the config for the Loglogic box will there be any noticeable differences in the performance of the firewall, does affect the cpu utilisation, or memory in any way.
View 1 Replies
View Related
May 4, 2011
I will be supporting a new ASA 5585X running 8.4 and I was wondering if it's possible to apply an ACL globally instead of it as an access group that is applied to a specific interface as in or out ... below are the interfaces and ACl.
View 2 Replies
View Related
Dec 23, 2012
We just changed over to Comcast Business and after changing the outside interface to new IP and setting static route. I have access to internet and everythig appears to be good, However asdm will never fully load, alway stuck at 17% or 77%, and I always see "parsing running config".
When I do a show run it will not fully load either, always stop at certain out put. 5 seconds after pulling the Comcast cable out both asdm and running config will load fine.
View 12 Replies
View Related
Mar 22, 2011
I have a Cisco 5505 that had its disk erased (erase:disk0) and now I am trying to load a new image (822 or 813) from a tftp server.
From the ROMMON prompt I have configured the relevant parameters and run a tftp command.
The tftp transfer seems to complete successfully but then it gets stuck on "...loading".
I have tried different versions of IOS and I always experience the same problem, even though, with older versions of IOS (7.x), the device manages to reboot itself but then it crashes with the following error:
"Error : Uncompression of the image failed. invalid compressed data--format violated"
Could it be an hardware related-issue or a licensing problem maybe? or am I missing anything obvious?
also, with regards to the license: once restored, how do I get my 50 users license back?
View 5 Replies
View Related
