Cisco Firewall :: How To Get Top Talkers On ASA 5510 / 5520

Sep 24, 2012

We ahave ASA 5510 and 5520 @ our office. We are not using any netflow tools in order to get the talk talklers.As this firewalls are shared firewall (used by different Projects), we are not able to get , which project is using more traffic and which is less.

View 3 Replies


Cisco Firewall :: Can Pull Netflow Style Data (Top Talkers / Sessions) From ASA 5505s

Aug 19, 2012

I need to know if I can pull Netflow style data (Top Talkers, Top Sessions, etc) from ASA 5505s?  We are looking at buying some but I need to be able to export this kind of data to my managment station which is also a collector. I have read on this forum that 8.2 and above should support Netflow but I have read conflicting information.

View 2 Replies View Related

Cisco Firewall :: Cannot Get RDP And Email Out Through ASA 5510 5520

Jul 24, 2012

I've been trying to switch out our old firewall which is a 5510 for our new 5520, but we keep running into this problem on both devices with almost the exact same configs. Currently I have the 5510 installed, and I cannot get our email server and RDP server to ping out to our internet gateway.
Attached is a sanitized config. From the config you can see the internal address of the email server is, external address is RDP server is internal address, external Our internet gateway is
From another computer with a 11.2.1.X address I can ping out to the internet gateway. The other two devices drop (I believe) when they hit the firewall.
Static mappings (again from config):
static (inside,outside) netmask
static (inside,outside) netmask
Original access list:
access-list outside_access_in extended permit tcp host eq smtp
access-list outside_access_in extended permit tcp host host


View 6 Replies View Related

Cisco Firewall :: Failover Between ASA 5510 And 5520?

Sep 27, 2012

Cisco still doesn't provide failover (active/standby) between two different types of ASA, right?
"The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM"

View 1 Replies View Related

Cisco Firewall :: LMS 4.0 Cannot See ASA 5520 / 5510 Configurations

Sep 30, 2012

I have an issue with the LMS 4.0, i added manually the ASA Fws 5520 and 5510, and i see them there, but i cannot see the configuration, inventory and technology details.Telnet is deactivaved in ASA´s, ssh and snmp v3 are enabled.Routers and switches were added without issues.

View 3 Replies View Related

Cisco Firewall :: Export Configuration From ASA 5510 To ASA 5520?

Oct 14, 2012

I have new ASA 5520 units currently we are using ASA 5510... I have to migrate all the configuration to the new ASA 5520 units....I am wondering is there a possible way to export and import certificates from ASA 5510 to 5520....
how to export or copy all the configurations, plug-ins, certificates from 5510 to 5520.Existing configuration snapshot...CA certificates from third party installed for authentication and identity certificate from Verisign

IPSEC tunnels

View 1 Replies View Related

Cisco Firewall :: Webfiltering On ASA 5505 / 5510 / 5520?

Feb 12, 2013

is it possible to configure a webfiltering on ASA 5505,5510,5520 ? So if its possible can you provide us a configuartion template.

View 3 Replies View Related

Cisco Firewall :: Would A 1GB 5510 Memory Stick Work In A 5520

Sep 19, 2012

Are the ASA memory DIMMs created for specific models?  Would a 1GB 5510 Memory stick work in a 5520?

View 1 Replies View Related

Cisco Firewall :: 5510 To 5520 Configure File Transfer?

Jan 3, 2013

Is it possible to import the config of a 5510 to a 5520. Trying to replace two 5510's with 5520's and wondering is there a way import the existing config files for the 5510's into the 5520's?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 / 5520 - Number Of Users That Can Be Created

Jul 5, 2012

How many user accounts i can create to a Cisco ASA box? Say for example a Cisco ASA 5510 or Cisco ASA 5520?

View 5 Replies View Related

Cisco WAN :: Configure NetFlow Top Talkers On ASR1002?

Sep 5, 2012

I am trying to configure the NetFlow Top Talkers function on an ASR1002 with ADVENTERPRISEK9-M, Version 15.2(4)S.  With this new Hardware and Software I am surprised to see that the command:
ip flow-top-talkers
top 50
sort-by packets
cannot be found on the CLI - it's just not there.  

View 1 Replies View Related

Cisco :: 2800 - Show IP Flow Top-talkers

Aug 8, 2011

I wish see the top talkers 10 at the my router 2800 IOS 12.4 (13a)
but when I run the command "show ip flow top-talkers" appear following:
% Top talkers not configured
I've set
Router(config)#ip flow-top-talkers
Router(config-flow-top-talkers)#top 10
I'm using the netflow version 9
maybe my router not support this issue ?? or it's missing some configuration.

View 2 Replies View Related

Cisco VPN :: 5510 / 5520 - 121 Ipec Vpn

Nov 1, 2012

I'm running into trouble with one of my l2l ipec vpn between a cisco 5510 and 5520 asa running version 8.2.2.
Our existing l2l vpns are connected fine and working fine. Currently SITE A ( connects to SITE B ( SITE A also connects to SITE C ( These are OK.
What's failing is when I try to connect SITE B to SITE C. The tunnel does come up and phase 1 and 2 complete successfully. However while running: 'packet-tracer input inside icmp 8 0 detailed' i get the following:
Phase: 10
Type: VPN
Subtype: encrypt
Result: DROP

Additional Information:
Forward Flow based lookup yields rule:
out id=0xad1c4500, priority=70, domain=encrypt, deny=false
hits=609, user_data=0x0, cs_id=0xad1c2e10, reverse, flags=0x0, protocol=0
src ip=, mask=, port=0
dst ip=, mask=, port=0, dscp=0x0

I noticed when the tunnel came up, the route was not added in the routing table and the cyrpto ACL was not applied on the remote ASA. I added the route manually but cant get the cryto ACL to apply.
More usefull info:
object-group network NoNatDMZ-objgrp

[Code] ......

View 7 Replies View Related

Cisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8

Nov 2, 2012

We were using ASA-5520-K9 with  ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.

View 1 Replies View Related

Cisco VPN :: Moving Identity Certificate From One ASA 5510 To 5520

Apr 18, 2012

I'm trying to export identity certificates from an ASA 5510 to 5520, I'm exporting in pkcs12 format and specifying a passphrase. When attempting to import to the 5520, I get "error import pkcs12 operation failed" from cli or asdm.

View 1 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5520 Identity Based Firewall Doesn't Work Using Citric Published

Jul 26, 2012

We are using the newest release of AD Agent (, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.

View 17 Replies View Related

Cisco Firewall :: Launch LAND Attack Against Firewall ASA 5520

Apr 15, 2013

I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.

View 1 Replies View Related

Cisco Firewall :: 5520 Single Firewall With 2 Core Switches

Jan 4, 2012

Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.

View 8 Replies View Related

Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting

May 22, 2013

I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
Can I use the following command to set ntp server?
ntp server source outside.

View 3 Replies View Related

Cisco Firewall :: Make Communication Between 2 Vlans On Firewall 5520 ASA 8.2

Jan 1, 2012

communication between 2 vlans.i have 2 vlans
Vlan 100
ip add
Vlan 200
ip add 
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Corporate Firewall Crash

Feb 27, 2011

I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
Nothing changed and firewall continue restarting by itself.
Last logs I received before crash were:
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =   0x084A619E  0x084A6512  0x084A70E1  0x084A7987  0x084A7AAA  0x08558B9B  0x08558E8A  0x083D3518  0x083CA145  0x080659D1  0x089196D9  0x08919790  0x089FF711  0x08A27468

Here the sh crash info command on module 0, after last reboot:
[Code] ......

View 12 Replies View Related

Cisco Firewall :: 5520 Firewall Management Port

Nov 29, 2011

we are having a firewall asa 5520 .we have connected the  management port and inside port to internal network and dmz port to dmz we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - NAT And Firewall Access Control

Oct 4, 2012

I have an ASA 5520 in my company which does all our NAT and Firewall access control.  Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created.  This is a test before the web app is released live.  Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through.  Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - VPN Traffic Is Getting Dropped Through Firewall

Apr 8, 2011

Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
2011-04-09 16:15:09    Local4.Info    %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE: to inside: duration 0:27:49 bytes 18653

View 1 Replies View Related

Cisco Firewall :: 5520 - Firewall Behind Two GLBP Routers

May 29, 2012

I have problem in the configuration of Cisco ASA 5520, IOS version 8.4. The connection is as follows: LAN network--> Firewall --> Routers with GLBP with virtual ip address. the clients can not ping the virtual interface of the GLBP group, but I can ping it from the firewall, and I can ping the clients from the firewall, I checked the packet tracer it gives :
Phase: 7
Type: NAT
Result: DROP
nat (inside10,outside) source dynamic LAN interface
Additional Information:(code)

View 1 Replies View Related

Cisco Firewall :: Does ASA 5520 Have Layer 7 Firewall

Oct 24, 2012

Need to know if ASA  5520 does Layer 7 firewall or  not?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 (Ver 8.2) - HTTP Behind Firewall

Jan 26, 2012

Two days ago, we changed our old 525 with asa 5520 ( ver 8.2 ). Configuration is the same, except the version. It even retains the same global interface and static public ip address as the old device.All worked well during that period.
Yesterday, one of the http applications , not tested other day, was found not to be working. To test, we switched back to the old 525 , however nothing was working when we did that.

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show  running-config
: Saved


View 9 Replies View Related

Cisco Firewall :: ASA 5510 / Multiple VLANs Behind Single Firewall Segment?

Feb 5, 2012

I need to create a firewalled segment that not only separates hosts from general population, but also from each other.  The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible.  1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts and 2 - hosts
Firewall DMZ Interface - 3 - hosts and 

This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).

View 1 Replies View Related

Cisco Firewall :: ASA 5510 / Enabling Firewall To Send Logging Information?

Jun 22, 2011

I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.

View 6 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Copyrights 2005-15, All rights reserved