Cisco Firewall :: Name Feature On ASA5550 8.4

Feb 16, 2012

I have upgraded ASA5550 version from 7.2(4) to 8.4(2).
 
On version 7, I am used to "names" command, like this:

names
name 107.25.1.10 Picard
name 107.25.2.20 Administrativa

By addition, when configuring acls it was very usefull, for example: 

access-list inside_access_out line 15 extended permit udp host Picard host 107.25.4.61 eq snmp 

On version 8, I have verified that names replacement is no more available: 

ASA(config)# access-list outside_access_in permit ip host ?

configure mode commands/options:

A.B.C.D  Source host IP address

View 5 Replies


ADVERTISEMENT

Cisco Firewall :: Can ASA5550 Run Without SSM-4GE-INC

May 30, 2012

I've inherited an ASA5550 which is missing its SSM-4GE-INC - it was taken out to upgrade a 5540, which is now in production elsewhere in the enterprise.  Trouble is, now the 5550 will not boot, it gets stuck after a panic message, and reboots:
 
Panic: Init Thread - Module SSM-4GE-INC is not present. Rebooting...
 
I'm taking this as the unit cannot function without this module installed?

View 5 Replies View Related

Cisco Firewall :: Upgrading ASA5550 From 8.2(2) To 8.4(2)

Sep 20, 2011

I are currently implementing a new patching schedule (when I say new i mean a company first!!!) and I have identified that the firewalls are all running 8.2(2).  I would like to bring these up to the latest version but am a little worried about impact!!!  I have setup a test firewall with the config from our live asa's and run the upgrade but have received multiple lines.

View 9 Replies View Related

Cisco Firewall :: ASA5550 - Set Up To Access Servers?

Nov 11, 2012

I am trying to set up an ASA5550 so that I can access the servers behind it. Simple.
 
As of now, I am unable to even create an access-list to allow traffic from my remote IP into the firewall. As far as my level of experience with Cisco firewalls, it's basically zero but I have taken the Cisco CCNAX class and feel that I have a good understanding of the fundamentals. That said, we only dealt with routers and switches, and it's not impossible that I'm missing something that would be totally obvious to most folks on this board. I've used CLI and ASDM with no success.
 
Here are the relevant parts of the config:

[code]...

View 6 Replies View Related

Cisco Firewall :: ASA5550 Doesn't Seem To Address Root

Feb 22, 2012

I have been getting overrun errors on 3 different ASA 5550 HA pairs with traffic rates less than 100Mbps total.  I was told by one TAC guy to split the traffic between the two slots so that traffic comes in one and exits the other to maximize throughput because the 5550 was designed to work that way.  Another TAC guy told me to enable ethernet flow control to alleviate the overrun errors because the traffic was bursty, but this doesn't seem to address the root cause of the problem to either.  TCP traffic is bursty by nature and has it own flow control mechanism.  I can't seem to find any detailed info on why traffic needs to be split for 100Mbps when the marketting throughput number is 1.2G.  Is this a design flaw or limitation?  Is there a way to alleviate overrun errors?

View 25 Replies View Related

Cisco Firewall :: ASA5550 Way To Block Incoming Connections From TOR

Nov 29, 2012

I need to block 4000 nodes (Ultrasurf, TOR exit nodes) and I've written a script that will ssh and copy in these objects (prob 100 at a time) into an object group and then put a blanket deny.  I don't see a flood of traffic (occassional hits every other day, etc) but I was wondering what the impact would be?  Can the ASA handle an object group of that size plus an ACL with it?  Any way to block incoming connections from TOR/Ultrasurf?

View 1 Replies View Related

Cisco Firewall :: CPU Utilization When Running Two Syslogs ASA5550

Mar 3, 2011

I want to run two syslogs, one to Loglogic for compliance and the other to Solarwinds for network administration. Currently the firewall is setup for just the one syslog device. If I add an additional device ie further IP in the config for the Loglogic box will there be any noticeable differences in the performance of the firewall, does affect the cpu utilisation, or memory in any way.  

View 1 Replies View Related

Cisco Firewall :: Bring ASA5550 To Factory Default?

Feb 2, 2012

getting step by step procedure to bring an ASA5550 to factory default setting, so that I can configure it from scratch via ASDM

View 3 Replies View Related

Cisco Firewall :: Policy Based Routing To ASA5550 Inside Interface?

Mar 4, 2011

Is it possible to establish PBR rules that set the ip next-hop to point directly to the inside interface of the ASA5550?Or, do I need to direct this PBR traffic first to a directly connected router interface and then default route to the ASA?At a high level, here's what we have:
 
ISP 1 - with /21 IP PrefixNo BGP Routing3845 Edge Router - Default Route to ISP 1PIX535 Firewalls (HA) - Default Route to Edge RouterLAN Core/Distribution - Default Route to PIX535 Inside InterfaceAll applications/services use this egress path for PAT/NAT/DMZ/VPN/Etc. 

Here's what we are adding:
 
ISP 2 - with /24 IP PrefixNo BGP Routing3925E Edge Router - Default Route to ISP 2ASA5550 Firewalls (HA) - Default Route to Edge RouterSame connectivity to LAN Core/Distribution 

Goals:Maintain ISP 1 for nowMigrate only end user Internet traffic to ISP 2No disruptions to applications/services using current DefGW to PIX535 

Question: how to best use PBR to selectively direct traffic to the ASA inside interface?

View 4 Replies View Related

Cisco Firewall :: How To Schedule Automatic Xlate Sessions Cleaning In ASA5550

Jan 27, 2013

How to schedule automatic Xlate sessions cleaning in ASA5550.  I want to clear few global nat sessions manually every week.Is there any way to automate that?

View 1 Replies View Related

Cisco Firewall :: ASA 5555X Is Compatible With ASA5550 On Active Standby Mode Or Not?

Apr 14, 2013

We have currently install single ASA 5550 and want to install one more ASA for active standby mode, but cisco discontinue or End of sale ASA 5550. can any one guide me ASA 5555X is compatible with ASA5550 on active standby mode or not.

View 2 Replies View Related

Cisco Firewall :: ASDM 7.1(2) / ASA5550 9.0(2) Multicontext - How To Get Remote Access To VPN Wizard

Mar 29, 2013

I have the latest ASDM 7.1(2) & ASA5550 9.0(2). When I try to start Remote Access VPN Wizard, it's just nothing to select in Wizards-VPN Wizards, except "Site-toSite VPN Wizard..."

View 2 Replies View Related

Cisco Firewall :: IOS Zone Based Firewall Websense URL Filtering Feature On 881G

Jul 27, 2011

I've been trying to configured Websense urlfiltering using ZFW feature on my Cisco 881G router. The router is running on IOS 15.0(1)M with Advanced IP Services. And I have confirmed it supports urlfilter feature.
 
This is what I tried to accomplish but IOS version 15.0x seems to have different command set.
-----------------------
class-map type inspect httptraffic
match protocol http
parameter-map type urlfilter param
server vendor websense 10.20.30.40
[Code]...

View 2 Replies View Related

Cisco Firewall :: ASA5550 - Implement Traffic Shaping / Policing Primarily For P2P Traffic?

Mar 10, 2011

We are looking to implement traffic shaping/policing primarily for P2P traffic. As natively the ASA5550 is only capable of p2p inspection if the traffic is tunneled via port 80 is the AIP-SSM the way forward? We have 2 5550s in active/active failover config. As a side note we are also looking to implement an IDS/IPS system so could this module cover all?Is this module going to provide the desired outcome or is there another module/device out there better suited for this? I would prefer to use the ASA5550s as opposed to implementing another product if only that we can make use of the investment we already made on these devices.

View 1 Replies View Related

Cisco Firewall :: 1841 / How To Deploy ISO Firewall Feature

Feb 13, 2012

What is the best way to deploy the IOS firewall feature?I have a Cisco 1841 router running 12.4. 

View 4 Replies View Related

Cisco Firewall :: NAT-Control Feature In ASA 8.4 (2)?

Aug 26, 2011

I'm a bit confused about new NAT functionality in Ver 8.4(2). I've gone through all the documentation as well as different blogs but still not clear about the various things.One of these is NAT-CONTROL. I understand that this has now been removed. Does this means that traffic traversing the ASA doesn't need any NAT'ing commands unless specifically required by the administrator? In other words by default traffic is allowed through the firewall without any NAT'ing.
 
My Second Query
 
I've ASA5520 running ver 8.4(2). For inside interface, I've created 13 x sub-interfaces under Gi0/1. All have same security level i.e. 100. What I want to achieve is that:Traffic from these sub-interfaces should be NATTed to outside interface when going to internetBut, intra sub-interface traffic should be allowed without NAT'ing. I'm using RFC1918 on both sides i.e. source / destination The first point is not a problem it's working, however. I'm struggling with the second point. On ver 8.2, it wasn't a problem, I used NAT 0 with access-list permitting RFC1918 addresses as source and destination.

View 3 Replies View Related

Cisco Firewall :: Active IPS Feature In ASA5500-X?

May 5, 2013

Should we active IPS feature in ASA 5500-x by useing license?in the 5500-x ordering guide:IPS is only sold as ASA-IPS combo SKUs i.e., one cannot add IPS service as an option on top of ASA SKU. For example, if IPS service is desired on ASA 5515-X appliance, the relevant SKU is ASA5515-IPS-K8 or ASA5515-IPS-K9.But my customer has actived it by using the ASA5525-IPS-SSP on ASA5525-K9.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 Dual ISP Feature

May 31, 2013

I would like to knwo if i have dual ISP feature with my ASA 5520 licence? With ASA 5505 i can see Dual ISP feature but with ASA 5520 it's not!

View 3 Replies View Related

Cisco Firewall :: ASA5505 Use Web Filtering Feature

Nov 16, 2011

i am going to implement a ASA5505 in one of my offices. I would like to use web filtering feature on it. Will it cause any performance degradation in ASA? will it utilized more memory?

View 1 Replies View Related

Cisco Firewall :: ASA5520 8.0(2) Does Not Have Traffic Shape Feature

Dec 21, 2011

Recently I want to apply traffic shape on my ASA5520, but after entering the configure mode of policy-map, I couldnot find the shape command.. If I type the command, the device would notify me that there is no such command..  My version is 8.0(2),PS. Police command is working fine...

View 5 Replies View Related

Cisco WAN :: Moving From Pix 515e To 2951 Router With Firewall Feature Set

Dec 29, 2011

Me to a 2951 router with fireawall featureset. Ive begun to move the ACLs that where in the pix. However some of the rules are allowed to be typed in bur when i look at the ACL afterwards they are not what i typed in.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 Does The Feature Content Filter Comes As Built In

Nov 11, 2011

In Cisco ASA Firewall 5510 does the feature content filter come built in?

View 1 Replies View Related

Cisco Routers :: RV220W - Feature Request - IPv6 Firewall?

Jan 19, 2012

At this moment (firmware 1.0.3.5) the router has no IPv6 firewall and therefore when used in a typical dual stack IPv4/IPv6 network it has no protection regarding IPv6 traffic. Hopefully this will be fixed with a firmware update before the World IPv6 Day on the 6th of June 2012.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Does Feature Content Filter Come Built In

Jun 26, 2012

In Cisco ASA Firewall 5510 does the feature content filter come built in?

View 3 Replies View Related

Cisco WAN :: ASR1001 - License For Advipservices Or Adventerprise To Activate Firewall Feature Set?

Oct 9, 2011

I have an ASR1001 installed and I want to implement the firewall feature set.The current license level is IPbase and I have the firewall feature installed. The firewall feature shows acive, Not in use. I have tried to activate it without success.  My question is: do I need to get a license for advipservices or adventerprise to activate the firewall feature set?

View 5 Replies View Related

Cisco Firewall :: Use ASA 5510 Smart Call Home Feature For Automatic Backup Creation By Email

Feb 10, 2013

I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.

OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to fcaccam@example.com...
ERROR: Connecting to SMTP server xxx.xx.xxx.xx failed: CONNECT_FAILED(33)
ERROR: Failed: CONNECT_FAILED(33)

View 1 Replies View Related

Cisco VPN :: New ASA5550 License Not Working?

Aug 10, 2011

I have a ASA5550 setup with two boxes in HA.I have purchased AnyConnect Essentials for 5000 users for both boxes.The box runs 8.4.2.I tried on one box to enter new activation key and rebooted the box. Still the output of show version is the same !? [code] If I re-enter the key it says same as running key.I then tried downgrade to 8.2.5, same same show version output.

View 6 Replies View Related

Cisco VPN :: VPN Tunnel Between ASA5550 And RV042

Jul 5, 2012

we are trying to establish VPN tunnel between ASA5550 and RV042. The tunnel is connected  but I cannot access any resources that are behind ASA5550. I can ping the servers but that is about it.

View 1 Replies View Related

Cisco WAN :: Can ASA5550 Act As A WAN Edge Router

Sep 15, 2011

If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this?  I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.

View 3 Replies View Related

Cisco VPN :: Benefits To Consolidating VPN Clients To ASA5550?

Feb 1, 2012

What are the benefits of consolidation the VPN client users to the ASA 5550? My client currently has the old VPN 3000 series concentrator. Other than it's EOL and EOS, are there any other reasons I can give them?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 3415 - Users Access Our Site Using VPN Client Connecting To ASA5550

Jun 3, 2013

I currently have a Cisco ACS 3415 appliance with 5.4. Coming from the ACS 4.2 world, I'm have a bit of a struggle creating the following and I was hoping if I could be shown clear steps I can duplicate the rest.
 
I want to creat a group ie: AIRTEMP with access time from 7:00am to 5:00pm and add 2 users to the group.
 
Users access our site using a vpn client connecting to a ASA5550. The ASA and the ACS already communicate with each other.
 
The ACS 5.4 user guide has me bouncing all over different page.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ASA5550 / ACS 5.3 - 22056 Subject Not Found In Applicable Identity?

Dec 5, 2012

I have a new ACS 5.3 configure and a ASA5550 to authenticate VPN users using a remote LDAP server. Once I try to authenticate the users with the ACS it gives me the error message "22056 Subject not found in the applicable identity store(s)."
 
I checked out the documentation and have already configure the Identity store sequences to redirect everything to the LDAP server, I also did the Bind test and it says that is ok, but I still have the same problem.
 
I validated the Access Policies Menu, and tried to create a new Service Selection Rules, but whet I get to the option of modifying the Identity option I get the error: "This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page. " and I'm not able to modify the identity, not in this new option I created, nor in the ones already created in the ACS.

View 8 Replies View Related

Cisco WAN :: 881 To Use Ntp As Feature

Jul 28, 2011

I can see that the Cisco 881 does not have NTP as standard, but can this feature be used anyway with the latest software upgrade ?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved