I want to collect the logging messages about the saa5525x IPS events from devices to a server running a syslog daemon, and I have no necessary to collect any other logging messages about the firewall, how would I config the configuration logging?
View 1 RepliesOur Firewall is just new. ASA5525X
Today, during a packet_trace to debug a routing problem, the active ASA
- thsasaprd02 - crashed suddenly.
I was able to copy-paste the console - including the command that triggered it - After the reboot I ran the command again, on the same ASA - after doing a manual failover - the command succeeded normally.
I've got a client with a Management Port set up for Out-of-Band management. Here's the configuration of the interface and some relevant static routes:
interface Management0/0
description MGT
speed 100
duplex full
nameif Mgt
[code]...
The route through Mgt interface is required as my client accesses the device from a subnet that isn't local to M0/0.Unfortunately, now any traffic originating from outside and destined to 10.48.0.0/16 is choosing the Mgt interface. I had thought that the 'management-only' keyword prevents this from happening (traffic traversing between interfaces).
There is a broad scope of /16 addresses on the 'inside' so just swapping destinations won't work (the client wants to avoid a routing table with 50+ static entries, understandably)My temporary solution was to do this:
route inside 10.0.0.0 255.128.0.0 10.38.103.1
route inside 10.128.0.0 255.128.0.0 10.38.103.1
route Mgt 10.0.0.0 255.0.0.0 10.38.100.254
If 'management-only' doesn't prevent traffic from using the Mgt interface, what is the point of the command?
I have a customer, who has the SVI's configured on the Core (4500x) and this is connected to a ASA 5525x, there is a requirement of restricting traffic between different vlans. How can i use the ASA to accomplish this task. ACLs on the Switch are not stateful and hence not considering this option, Also we are not planning to configure the GW's on the ASA since there is lot of traffic between the vlan's and this will become a bottleneck
View 4 Replies View RelatedCan I configure two IPsec tunnel in a ASA5525X, when the destination is same.
View 1 Replies View RelatedWe are running ACE 20 modules in highly available active / standby (all active contexts on one module) mode. Currently they are on A2 (2.4) version. We are going to upgrade them to A2 (3.6a). The question is that how ling can we run them in two different SW levels? In otherwords can we have few days between upgrading both modules?
View 1 Replies View RelatedWe currently have two 6509's running in VSS, both switches have a WS-6748-GE module in slot 3. I'm in the processing of removing these modules. I will then be replacing them with a different module type, but I need to know how to remove the old configuration of the previous modules.
View 4 Replies View RelatedIs it possible to install Content Security and Control (CSC) Modules on ASA 5505 ? Or only AIP SSC-5 Modules are the only modules that can be installed on ASA 5505s ?
View 3 Replies View Relatedi m looking for asa 5550 product.Part # ASA5550-BUN-K9 - Cisco ASA 5550 Appliance with SW, HA, 8GE+1FE, 3DES/AES
1) does 5550 contains built in CSC / IPS modules.? why i m asking because the "quick refrence guide " indicates that expansion slots are not available.
2) can asa 5550 natively protects natively against networks attacks against virus / worms etc with out CSC OR IPS MODULE.?
Is there any option available in any of the Cisco ASA55xx series model to install both csc-ssm and aip-ssm ips modules ? If, so is it advisable to install both ? Is the throughput of ips module has any dependency with the asa chassis throughput ?
View 1 Replies View RelatedI am looking to add the IPS module to my ASA 5510's. I am contemplating only purchasing one module and placing it in the active ASA. I am willing to accept that in a failure scenario I will loose the IPS functionality until the primary ASA is recovered. I have not had a chance to talk to my SE to see if this is even possible. Has anyone attempted a deployment such as this? Will it work and is it supported?
View 3 Replies View Relatedunderstanding clear about new Cisco ASA 5515-x, 5525-x.I know that this device supports IPS which is included to this appliance without any additional modules.But can this box support IPS and content-filering (Cisco ASA CX or so..) in the same time.
The problem also in next. Can two ASA 5510 with diffrent modules (in one AIP-SSM and in other CSC-SSM) be in active/active failover design?
configure ip-sec vpn tunnel between ASA5525x and RV042
View 5 Replies View RelatedI have two 1811's connected in a lab using a ipsec vpn tunnel (using a switch to simulate an internet connection between them).I am trying to configure one of the routers as a ZBPF just to allow a remote windows login (DC on the firewalled side, workstations on the other side).I'm trying to verify that the zbpf is working, but it doesn't seem to stop anything. I had match icmp added to the class-map, but took it out to test if icmp would fail. It didn't. Basically, I don't think the firewall is working at all. Any thoughts on how I can configure this so that the policies will work between zone-pairs?
Here's an quick drawing:
Here are the configurations:
Local router:
hostname sdc-1811-LocalLab
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
[code]....
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies View RelatedWe have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shunned.
is there any fixed way to get rid of this. what commands can i use to verify related configuration on the firewall.
I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.
View 17 Replies View RelatedI am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
Here's the configuration:
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....
I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.
View 5 Replies View RelatedUsing ES2 enhanced etherswitch modules? Could not find out whether it functions identically as NM-16ESW or not. I do understand that ES3 module act like a separate device connected to the router chassis via internal interface and has its own configuration file and processor resources similar to older NME-16ES modules. What about ES2 card (e.g. SM-ES2-24)? Does it work as separate L2 switch connected to the router chassis via trunked internal interface or integrates to the router like the older NME-16ESW module did? Is it possible to turn its ports into the routed mode (no switchport) and use them for L3 forwarding with routing protocols such as OSPF?
View 2 Replies View Relatedhow many NM modules can be inserted into cisco 2821?
View 3 Replies View RelatedDoes cisco LMS v3.2 Support IPV6 in all modules ? We will be migrating from V4 to V6 in some time from now
View 1 Replies View RelatedI would like to know which 2T (like WS-X6848-TX-2T, WS-X6908-10g-2T,...) modules are supported with LMS Prime 4.1 and 4.2.
View 6 Replies View RelatedIn a 6500 or 7600 a 'show module' gives a run down on all the modules in the slots, their HW and SW versions and status. But I can't find a similar command in the ASR1006.
View 1 Replies View RelatedLooking for a show command to display the actual physical Ram modules inside a 2911 router. I believe they come with 2x ram slots and I need to know if it has 1 ram stick or 2.show version displays the total amount of ram, but not if its 2x128 or 1x256 etc.This is also production gear so I cannot open it up and have a look until the scheduled downtime.
View 3 Replies View RelatedI have a 6506 with SUP1 MSFC2, running IOS. [code] However, its not able to detect the switch module. [code]
View 6 Replies View RelatedI am facing some issue to activate ,SPA-5X1GE-V2 modules on ASR 1006.
View 1 Replies View RelatedWe had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference. Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart. The current IOS version is A2(3.2). The modules uptime was around 300 Days. Here is the log from 6509 switch during the restart. [code]
View 7 Replies View RelatedWe've recently bought a cisco asr 1001 Router and I have a number of interface slots. I want to populate these with fiber modules.
Which fiber modules are compatible? Are the regular SFPs ok to use or is there a special asr series of SFPs to use?
I have a plan to replace the old routers which are EOL/EOS and i configured the new routers(2921) and modules in Cisco configurator, But i'm stuck with IOS feature set.Old routers are running with IS-IS Protocol, which IOS feature i need to select under 2921 to get the IS IS feature.
View 2 Replies View RelatedI recently purchased a Cisco 5508 WLC and I'm looking to buy some SFP modules but can't find info on which ones would be compatible with the controller on Cisco's website . Is there any module that can support 10Gb as I have a 10Gb on the other end (switch end)?
View 6 Replies View RelatedI had already posted for voice modules for cisco 2811 but not able to find it. But here are a few questions regarding i
1. I am trying to configure a cisco 2811 with FXS ports . I am using an NM-HD-2V with a VIC3-2FXS. I am using the right modules. Also I believe we need PVDM mosules installed in the NM-HD-2V. We have PVDM-12 modules. Will that work or is 2811 compatible only with PVDM2-xx modules.
2. We are also trying to configure a cisco 2811 with PRI port. We plan to use an NM-HD-2V and a VWIC-1MFT-T1/E1. If they are correct and if we need only PVDM2-xx modules.
3. Also we are trying to configure a cisco 3845 with PRI and we plan to use the same as in 2811 that is NM-HD-2V, VWIC-1MFT-T1/E1. And here also we are not sure if we need only PVDM2-xx DSP modules.
I have a WS-C4510R+E with
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 48 10/100/1000BaseT Premium POE E Series WS-X4748-RJ45V+E CAT1612L1JD
2 48 10/100/1000BaseT Premium POE E Series WS-X4748-RJ45V+E CAT1612L1JW
3 12 10GE SFP+ WS-X4712-SFP+E CAT1622L0SC
4 12 10GE SFP+ WS-X4712-SFP+E CAT1622L0RM
5 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1620L1UJ
6 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1620L1Z2
Can i add two WS-X4712-SFP+E and two 10 GE ethernet module also?
Is there 10GE ethernet module with WS-C4510R+E.