I have an ASA 5520 with the Intrusion Prevention Module.The time displayed on the ASA is correct.The time displayed in all Intrusion Prevention gadgets is ahead exactly 4 hours.Under configuration, Time the Time Zone is correct, Eastern in my case. The sensor local time on the same page is correct and is grayed out.I only work in the ASDM as I am far from being a CLI person.I don't think the time being off is causing any issues, but it is strange.
I have an issue on an ASA 5510 that I have noticed today, when I am using the log viewer all of the information recorded only shows the high end source and destination ports. For example
Source IP 10.10.4.69 Source Port 59886
Destination IP 8.8.8.8 Destination Port 59866
So what seems to be happening is that I am seeing only half of the connection in the log viewer, I see the side with the high end ports and not the side with the ports the application uses, this example was done with a ping. All my services are working correctly and the client sending the ping gets the response expected, it just seems I have lost the logging display?
I have a problem on a Cisco ASA5520 version 8.2(5). A customer has set up a syslog to keep tracks of tcp sessions made by vpn users. On the syslog we filter %ASA-6-302013 and %ASA-6-302014 log messages, respectively: Built inbound TCP connection and Teardown TCP connection. When the connection is made by a vpn user, at the end of the log line you see the vpn username which should be the same in both the messages for the same connection. I have verified that when a user, let's say UserA, disconnects from the vpn, their tcp sessions are not properly closed; if another user, let's say UserB, establish a VPN immeditaely after and gets the same IP address previously assigned to UserA, the log sessions are recored with UserA in the %ASA-6-302013 message and UserB in the %ASA-6-302014 message. I presume this is due to the fact the tcp sessions are not tore down when the first user disconnects and it looks like a bug to me but I didn't find it referenced anywhere. Is there a way to have all tcp session tore down when a user disconnects the VPN connection?
how the Cisco VPN works, as i already have a post on here about not being able to connect an android device to my firewall, i am now struggling to get an Iphone 3gs iOS v4.3 (8F190) connected to the VPN Either.I have checked the Network (client) Access settings on the firewall, and confirmed the group names im after including the protocols it supports L2TP is Disabled so it looks like i can only connect via IPsec.so i fill out the required details in the IPhone but keep getting a message back from the phone
"The VPN Shared Secret is incorrect"
Now im sure i have this right as i use the same details on my laptop which connects to the VPN perfectly fine. but i am starting to bang my head against the wall, no matter what i try and do i cannot seem to get either device to connect to the firewall.i have a pair of ASA 5520 boxes running cisco software 8.2
I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).
I have an ACL denying traffic to a certain IP range and the logging level set to Debugging. The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no logs are ever shown.
Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.
We have a Cisco ASA 5520 and im looking for a way to monitor largest outgoing and incoming traffic per ip in real time so to know which of my internal computers are using the most of our Internet Line. Is there a way to this through ADSM ? We use version 6.3.
I have an ASA 5520 and I'm using Solar winds real time interface tool to monitor the through put of the port. It seems I can never get it to use more than 100mb, where should I check?
I have run a sh int giga 0/1 and it shows the port is 1000mb full duplex and the I have also checked the other end where it plugs into the LAN and this also says the port is running at 1000mb full duplex.
I'm both concerned and pissed off that my creepy housemate might've used our network to invade my privacy, steal expensive multimedia & valuable personal info, and may have continued access to my computers. I have a Win7Home laptop and a Win7Prof desktop. Both have a Windows password.I was attempting to back-up files from my laptop to my desktop ~2 weeks ago, so I created a Shared Folder and put files in there. After the copying was done, while I was moving the folders from the Shared Folder to a private folder on my desktop computer, there was an error message for one of the folders, saying it was open in another window... this was strange, since it definitely hadn't been opened within weeks by me. But it resolved immediately (like they got alerted). And of all the folders, it's one which my stalker roommate would def be interested in.
Also, I recently noticed that there are Remote Desktop Connection icons on both my computers (with "Allow" checked on laptop only). They were created 49 seconds apart, that NEXT morning. They reside in the same parent folder as where the shared folder resides (Documents folder on laptop and a Partition on the desktop). It is possible that I created the RDCs by accident while amateurly trying to network the my PCs, or could they be offspring from a trojan/DLL file which was placed in the Shared folder by my creepy roommate...? As "admin" over our router, would he have been alerted to the fact that I shared a folder? I'd enabled "Home" network and discovery for my computers. Could he access other NONshared folders if my computer was visible? Can router admins view a window that can constantly track network computer activity?
When the ARP Poisoning attack has successfully taken place, a data packet is redirected to the attacker's computer and then forwarded to the original destination by the attacker. During this process does the data packet reach the original destination in 2 hops or a single hop?
When the ARP Poisoning attack has successfully taken place, a data packet is redirected to the attacker's computer and then forwarded to the original destination by the attacker. During this process does the data packet reach the original destination in 2 hops or a single hop?
When we setup a connection between two hosts we receive the message "TCP checksum incorrect" , This is between a settop box on the outside and a server inside the firewall. This STB used to communicate with the server on port 443 which is NAT-en to port 12697.With a new settop box image which uses on the inside and outside port 12697 we receive this TCP checksum incorrect on the Firewall with wireshark.
Strange is that on the outside of the firewall we see an MSS of 1460 and on the inside it is 1380 (don't know if there is a relation with this and the issue we have)
we replaced our PIX525 firewall with an ASA 5540 firewall, and now we see some strange behavior in ASDM.ASDM does not display all the rules, but i see all all the rules in cli.
Region : Romania Model : TL-WR740N Hardware Version : V4 Firmware Version : ISP : AKTA
Network isn't working on pc or on wireless devices. I restarted, reinstalled, rebooted but isn't working. LEDs light up normally but I don't receive internet connection on devices.
We've recently shut down an interface on one of our ASA 5510s as we no longer use that service provider. The dashboard, however, still insists on showing traffic usage on this interface. How do I change the dashboard to display a more meaningful interface?
I have a ASA5540 firewall set-up with an interface MTU of 1500.
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this. Any command that can be run on the firewall to display the MTU packet size being received on an interface?
We are also running Solar Winds so could query an OID if such a variable exists.
We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.
I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
Nothing changed and firewall continue restarting by itself.
Last logs I received before crash were:
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack = %ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack = 0x084A619E 0x084A6512 0x084A70E1 0x084A7987 0x084A7AAA 0x08558B9B 0x08558E8A 0x083D3518 0x083CA145 0x080659D1 0x089196D9 0x08919790 0x089FF711 0x08A27468
Here the sh crash info command on module 0, after last reboot: [Code] ......
we are having a firewall asa 5520 .we have connected the management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.
I have an ASA 5520 in my company which does all our NAT and Firewall access control. Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created. This is a test before the web app is released live. Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through. Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?
Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
2011-04-09 16:15:09 Local4.Info 172.16.1.68 %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE:68.22.26.66/4500 to inside:172.16.9.10/4410 duration 0:27:49 bytes 18653
I have problem in the configuration of Cisco ASA 5520, IOS version 8.4. The connection is as follows: LAN network--> Firewall --> Routers with GLBP with virtual ip address. the clients can not ping the virtual interface of the GLBP group, but I can ping it from the firewall, and I can ping the clients from the firewall, I checked the packet tracer it gives :
Phase: 7 Type: NAT Subtype: Result: DROP Config: nat (inside10,outside) source dynamic LAN interface Additional Information:(code)
4GE SSM just have only additional ports with Ethernet (RJ-45) or SFP (fiber optic) Can I config 2 ports use default type (RJ45) and config 2 ports use SFP ?
For Example.
G1/0 and G1/1 = Default type G1/2 and G1/3 = Media-type sfp G1/0G1/1G1/2G1/3G1/0G1/1G1/2G1/3RJ45RJ45SFPSFP
