Cisco Firewall :: Pix 535 Enabling RIP On The Firewall

Aug 8, 2012

I am getting this error on my PIX 535 with 8.0.4 code. The error is b Error : OSPF/RIP cannot be enabled on failover interface, I am getting this error while trying to enable RIP on the firewall. The context is single mode and failover is enabled. When I am disabling the failover the Firewall is accepting the RIP configurations.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5510 / Enabling Firewall To Send Logging Information?

Jun 22, 2011

I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Enabling SYS Log ID

May 28, 2013

I'm having a problem with an ASA 5510 and software from Manage Engine (Firewall Analyzer).  They are saying that sys log 113019 is not getting data over to the server where the firewall analyzer is installed.  I'm checking the config and I see it enabled.  Why this particular sys log info isn't making it to the reporting software when other data is.

View 4 Replies View Related

Cisco Firewall :: 5510 Enabling Ping For Dmz

Mar 4, 2011

I currently have an ASA 5510 unit. I have a dmz setup which house some web servers and an inside interface. The web servers contain multiple public ip addresses which I have natted and access is fine.What is the most simple way to enable ping for my dmz from the outside. Meaning if someone outside the network pings one of the servers by its public ip address I would like it to respond to ping.

View 1 Replies View Related

Cisco Firewall :: Enabling IPS On 2911 Router?

Sep 20, 2012

I enable the IPS  on the 2911 router .  I am using the Basic IPS signatures that are inbulid on the routers . But sill it showing , that no signature is active .
 
ip ips signature-category
  category all
      retired true 
ip ips signature-category
   category ios_ips basic
      retired false

[code]....

View 1 Replies View Related

Cisco Firewall :: Telnet Not Work After Enabling AAA On FWSM 3.2

Oct 7, 2011

After enabling AAA FWSM lost opportunity telnet session. FWSM version 3.2(5). In the logs show that resets itself FWSM telnet session.

Conf.,aaa-server TACACS+ (management) host 192.2.151.111
key aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
[Code] .....

View 3 Replies View Related

Cisco Firewall :: Enabling Outbound Traffic Through ASA 5520 8.4(4)1

Apr 4, 2013

We've got a proyect that requires a few thin clients to connect to a remote PCoIP server.
 
Looking to the documentation, the only port required to be open through Firewalls is TCP/UDP 4172, however, we've seen (making interface captures) that it somehow also uses ESP (IP protocol 50).
 
We've got a static NAT translation translating those thin clients to a public IP address, we've created ACLs to allow inbound (shouldn't be necessary as our user is connecting to a remote server) and outbound traffic for TCP/UDP 4172 and ESP and I cannot make it work.
 
I've also enabled IPSec pass-through Inspection to no avail.
 
how should we configure our ASA to enable this kind of traffic?

View 4 Replies View Related

Cisco Firewall :: ASDM V6.4 / Enabling History Metrics

Mar 5, 2013

I am currently using ASDM v6.4 and would like to enable the historic metrics feature to view/produce graphs/tables for interface using the Last 5 days, every 2 hours option. how this will impact performance and storage space on the device?

View 1 Replies View Related

Cisco Firewall :: Enabling Microsoft LDAP With ASA 5520

Oct 27, 2012

I am trying to implement Microsoft LDAP server with our ASA 5520. The client is using Cisco VPN client and when I am trying to connect I am receiving the following error message:
 
"Secure VPN connection terminated locally by the client. Reason 413:User authentication failed"
 
I triggered the debug on the ASA 5520 and everything looks fine .The LDAP server is sending the right information without any error message.
  
Googled this error message and I found that I need to enable the simultaneous logins to enable. I enabled it but I got the same error message. This configuration is under remote access vpn>group-policies>General>more options.

View 64 Replies View Related

Cisco Firewall :: Enabling Traffic On E0/2 And E0/3 Ethernet Ports - ASA 5510

Aug 10, 2011

enabling traffic between interfaces on the ASA 5510. Of course I have an outside interface E0/0 and an inside interface (E0/1) for normal operation. The idea was to enable one of the remaining interfaces on the 5510 to attach an internal network resource to for management in case we lost our switch. I am using E0/0 as the outside interface and the inside interface is E0/1. I am wanting to attached a management device on the same inside network IP address range for simplicity. I have E0/2 configured for the same security level (100) as the other inside interface and I also have enabled same-security-traffic permit inter-interface as well but I still cannot access the device on that port. Is there something else I am missing? I guess the best way to explain this is that I want ports E0/2 and E0/3 to act like a "switch" so to say...... The ASA 5505 lets you do this pretty easy but having trouble on the 5510. 

View 4 Replies View Related

Cisco Firewall :: Enabling RIP On PIX 535 / Error / OSPF / RIP Cannot Be Enabled On Failover Interface

Jun 29, 2012

I am getting this error on my PIX 535 with 8.0.4 code. The error is Error : OSPF/RIP cannot be enabled on failover interface, I am getting this error while trying to enable RIP on the firewall. The context is single mode and failover is enabled. When I am disabling the failover the Firewall is accepting the RIP configurations.

View 2 Replies View Related

Cisco Firewall :: 5520 - Enabling And Disabling Graphs In ADSM Dashboard?

Jun 10, 2012

I have just logged into the ASDM for my 5520 and can see under the "Firewall Dashboard" tab that I can enable these graphs/stats, why would they be disabled?  So I was wondering if I enable these and they use alot of memory how can I disable them again?

View 3 Replies View Related

Cisco Firewall :: 5520 Enabling And Disabling Graphs In ADSM Dashboard?

Oct 5, 2011

I have just logged into the ASDM for my 5520 and can see under the "Firewall Dashboard" tab that I can enable these graphs/stats, why would they be disabled?  So I was wondering if I enable these and they use alot of memory how can I disable them again?

View 1 Replies View Related

Cisco Firewall :: 5515x Apply On Firewall / Switches To Make Implementation Successful

Apr 22, 2013

I will be implementing a new firewall (cisco asa 5515x) on my existing  3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the  implementation successfull.  I will put my 3750x as my DMZ and my 2960s  as my inside.  The 3750x have multiple subnet and also the 2960s.which  features and technologies i need to know on those 3 products.  my 3750x  and 2960s don't have any ACL defined and most common features are vlan,  switchport, trunking, spanning-tree, stacking, vtp.how  my asa knows that my 3750x/2960s have multiple vlans.  my current  connection right now on 3750x and 2960s is just through 6 ports i  assigned as one trunk, below is my config [code]

my  2960s vlans are almost the same with my 3750x except vlan 160, 170,  192.  but of course when i put this in asa, i have to segragate vlan for  3750x (192, 100, 110,160, 170) and 2960s (130, 150).  for my 2960s  connection to the asa and since this will have big bandwidth, i will use  3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2  ports on my asa (and trunk it) connecting to my 3750x.  the one  internet ports and my one management ports on my asa will stay like  that.

View 2 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
 
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:

[Code].....

View 7 Replies View Related

Cisco Firewall :: 2901 - How To Avoid SMTP Inspection On Zone Based Firewall

Aug 2, 2011

We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0). The original configuration.

View 2 Replies View Related

Cisco Firewall :: 2901 To Avoid SMTP Inspection On Zone Based Firewall

Jun 21, 2011

We had a problem with SMTP inspection dropping some regular emails (Cisco 2901 IOS 15.0).Incoming mails are going thru Spam and Virus Blocker so that bypassing SMTP inspection is not security issue in this case.

View 1 Replies View Related

Cisco Firewall :: ASA 5585 / Identity Firewall With Single Forest / Multi-Domain

Dec 28, 2011

I have a question with regard to setting up the ID firewall on the ASA 5585 in a single forest, multiple domain windows network.Currently I have a semi-operational IDF at the top level but can't find users on the lower other domains, here is the setup:I have 3 domains.

[URL]
 
Both domains have a two way parent-child trust and I can look for users in AD Users/Computer on both domains.  I initially setup the ASA to look at domain1.test.com using an LDAP aaa-server per the IDF instructions, and then proceeded to configure the ad-agent.  I installed the adagent on the domain1.test.com domain controller configured the settings on that system and had no problem adding users to the firewall and getting functionality within domain1.  I looked to see if I could see domain 2 and domain 3 users and found none.  I went ahead and added the domain2 system to the adagent on the DC and the system says that it is up, but when I search for users is not pulling them from domain2.  Instead, it shows domain1 users as domain2user1.  I also configured another adserver in the ASA to search ldap on domain 2 to no avail.The cisco documentation states the following:•Before you configure even a single domain controller machine using the adacfg dc create command, ensure that the AD Agent machine is first joined to a domain (for example, domain J) that has a trust relationship with each and every domain (for example, domain D[i]) that it will monitor for user authentications (through the domain controller machines that you will be configuring on the AD Agent machine). Single Forest, Multiple Domains—All the domains in a single forest already have an inherent two-way trust relationship with each other. Thus, the AD Agent must first be joined to one of the domains, J, in this forest, with this domain J not necessarily being identical to any of the domains D[i] corresponding to the domain controller machines. Because of the inherent trust relationship between domain J and each of the domains D[i], there is no need to explicitly configure any trust relationships.Reading that it sounds like it should just work.  I had everything properly configured before I installed the adagent, but I'm guessing that there is a chance that you can't have the adagent on the top level DC and get to communicate with the lower level domains. 

View 1 Replies View Related

Cisco Firewall :: ASA Firewall Positioning In Transparent Mode Between 6509 Core Switch And WLC

Apr 26, 2011

I do have the below setup,,
 
1. I have 6509 switch
 
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
 
3. On switch side i have configured the port as Trunk
 
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
 
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
 
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?

View 2 Replies View Related

Cisco Firewall :: Monitoring ASA 5505 Firewall Active / Standby Pair Using SNMP?

Sep 7, 2011

How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
 
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?

View 1 Replies View Related

Cisco Firewall :: IOS Zone Based Firewall Websense URL Filtering Feature On 881G

Jul 27, 2011

I've been trying to configured Websense urlfiltering using ZFW feature on my Cisco 881G router. The router is running on IOS 15.0(1)M with Advanced IP Services. And I have confirmed it supports urlfilter feature.
 
This is what I tried to accomplish but IOS version 15.0x seems to have different command set.
-----------------------
class-map type inspect httptraffic
match protocol http
parameter-map type urlfilter param
server vendor websense 10.20.30.40
[Code]...

View 2 Replies View Related

Cisco Firewall :: SSM-4GE Firewall Has 5 DMZ Segments And Specific Segment For Internet Traffic

May 23, 2013

I was asked to enable netflow in an ASA Firewall for Orion/Solarwinds server monitoration. Firewall is a 5550, with 4G RAM, and no extra modules but SSM-4GE. This firewall has 5 DMZ segments and ans specific segment for internet traffic.There are segments as unique subinterfaces in physical interfaces. Other segments as individual subinterfaces in the same physical interface (but individual VLANs)Usually firewall CPU flows between 30% to 40%. Rarely to 50%.
 
1 - How dangerous or risky could be implement netflow in this firewall?...This firewall is very critical for the customer. My concern is regrading CPU, traffic generated, memory, etc
 
2 - In a month, firewall will be migrated from 8.2 software version to 8.4 software version. Is there any incompatibility in some commands?...Would be recommended to perform netflow configuration after software upgrade?
 
3 - How could it be implemented for Orion monitoring, regarding each individual sub-interface (and so, each VLAN assigned)?I there any recommendation regarding configuration, best practices?

View 6 Replies View Related

Cisco Firewall :: ASA 5510 - Users Unable To Access Internet Through Firewall

Feb 26, 2013

I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
 
HQ-ASA-01# show  running-config
: Saved
:

[Code]......

View 9 Replies View Related

Cisco Firewall :: ASA 5510 / Multiple VLANs Behind Single Firewall Segment?

Feb 5, 2012

I need to create a firewalled segment that not only separates hosts from general population, but also from each other.  The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible.  1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
 
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9 

This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).

View 1 Replies View Related

Cisco Firewall :: Support Of Jumbo Frames On ASA 5500 Firewall Appliance?

Feb 28, 2010

Can any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and not segment it.I have done little checking on the Cisco Website and see it mention of Jumbo frames on the 5580 on 10Gig interface but didn't see mention 5510. 5580s are way over-kill and expensive for what I need is to run a mission critical one IPSec point-to-point with maximum of no more than 100Kbps so 5510 is perfect for me but not sure if it can carry the jumbo frame?
 
On the routers and switches it's the MTU settings and they are configurable per interface and I am OK and the circuit is T1 which the Telcos said it's OK since it's physical layer so the only unkown is the firewall.

View 2 Replies View Related

Cisco Firewall :: Number Assigned For Firewall-group On 6509 Significant

Nov 17, 2011

Is there any significance to the parameter "firewall-group" in the command

firewall vlan-group <firewall-group> <vlan-id>…<vlan-id>?
 
In other words is the series of commands
 
firewall switch 1 module 3 vlan-group 1,2
firewall vlan-group 1 100,101,102
firewall vlan-group 2 200,201,202
 
exactly equivalent to
 
firewall switch 1 module 3 vlan-group 3
firewall vlan-group 3 100,101,102,200,201,202
 
or
 
firewall switch 1 module 3 vlan-group 1,2,3
firewall vlan-group 1 100,200
firewall vlan-group 2 101,201
firewall vlan-group 3 102,202

All three of these options associate the same set of  vlans to the FWSM but using different groupings. As far as I can tell, these groupings have no functional significance either on the switch side or the FWSM side. These are simply three different ways of specifying exactly the same thing? Am I correct?

View 2 Replies View Related

Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet

Feb 24, 2011

I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.

When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.

The ASA5505 configuration is shown below.

hostname Firewall

interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10

[Code].....

View 2 Replies View Related

Cisco Firewall :: IOS Firewall Versus ASA (5505 / 5510) For Smaller Clients (less Than 50)?

Apr 24, 2012

We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510.  One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover.  I have configured a number of isr's for this and i know it works good. 

View 1 Replies View Related

Cisco Firewall :: Unable To Edit IP Based ACL Firewall Rule In RVS4000?

Apr 8, 2012

I am a novice with networks but do have a fair understanding of networks. I have a small business network, utilizing a RVS4000 router (Firmware V2.0.27)I am attempting to set up firewall rules to block certain web sites at certain times.I have successfully set up rules using source and destination ranges, to deny service 24 hours a day everyday.
 
However and here is the problem when I attempt to edit any of the rules (I want to change the time to certain hours of the day) it allows me to edit the rule but when I attempt to save I get an error message up saying there are invalid characters and it will not save the changes?create the whole thing with the changes I want it works fine, is this a known bug?

View 1 Replies View Related

Cisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?

Feb 19, 2012

I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?

View 1 Replies View Related

Cisco Firewall :: ASA 5515X - Config Loss After Primary Firewall Reloaded

Sep 23, 2012

I have a strange issue which happened to me last weekend with two ASA 5515X on version 8.6(1)2. There was a planned power shutdown which only affected the primary firewall. Failover was configured and running successfully. The configuration was also saved after every change made. After power was shut and primary firewall went off the secondary took over like it should but unfortunately all configuration was gone. We immediately powered on the primary again but also this one lost the configuration.
 
While reconfiguring the firewall we ran into another problem. The devices won't pair although it was the correct configuration. After three times removing and adding the same failover configuration the devices accepted the failover and worked together again.
 
I went through the bug toolkit and white papers regarding ASA 5515x and this particular version but were not able to find anything.

View 2 Replies View Related

Cisco Firewall :: Setting Up ASA 5505 To Be Used As Firewall Between BT Internet And 3560 LAN Switch?

Aug 23, 2011

setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:

Network Address   Network Mask  BTnet NTE Router LAN Address
      
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.

View 21 Replies View Related

Cisco Firewall :: Ubuntu 10.04 / Firewall Starts Randomly Responding To ARP Requests For Other IPs

Aug 22, 2011

I have my firewall on IP 192.168.0.1 (for example, real IP is a class C address).  I have a web server (Ubuntu 10.04, though this happened before with an 8.04 box as well) on ip 192.168.0.101.  Everything will be functioning fine, and I won't have any issues for a while.  Then, randomly I'll have problems getting to my web server, getting disconnected from SSH sessions.  I go to one of my linux boxes and do an "arping -b 192.168.0.101" and I will get  two responses, one from my firewall and one from the box, as illustrated below.  The only way to correct the issue that I've run into is to reload the firewall, which will then behave properly again until it randomly decides to start answering ARP requests on the other IP again.
 
nwiadmin@vm-test-lx:~$ arping -b if-webdevint4-lxWARNING: interface is ignored: Operation not permittedARPING 192.168.0.101 from 192.168.0.168 eth0Unicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx]  2.309msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.434msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx]  2.280msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.377msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx]  2.129msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.221msUnicast reply from 192.168.0.101 [xx:xx:xx:xx:xx:xx]  1.839msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  1.934msSent 4 probes (4 broadcast(s))Received 8 response(s)
 
Reloaded firewall
 
nwiadmin@vm-test-lx:~$ arping -b if-webdevint4-lxWARNING: interface is ignored: Operation not permittedARPING 192.168.0.101 from 192.168.0.168 eth0Unicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.839msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  1.935msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  1.758msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.733msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  9.568msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  1.931msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.283msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  1.756msUnicast reply from 192.168.0.101 [yy:yy:yy:yy:yy:yy]  2.070msSent 9 probes (9 broadcast(s))Received 9 response(s)

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved