I would like to schedule automatic backups of our ASA5500's OoO-hours:
1. SSH from secure server and create _FULL_ backup - what would be the CLI command(s) ?
2. SCP from secure server and retreive file(s) - what is the location of the file(s) ?
How to schedule automatic Xlate sessions cleaning in ASA5550. I want to clear few global nat sessions manually every week.Is there any way to automate that?
View 1 Replies View RelatedI have a simple wireless network in my home run through a Linksys WRT54G Router connected to a cable modem. I set up a Western Digital 1TB external hard drive as a network drive through use of a Seagate FreeAgent DockStar. (The HD connects to the DockStar by a USB cable, which in turn connects to the router by an Ethernet cable.)
The hard drive functions as a network drive and I've configured Windows 7 Home Premium on my laptop computer to recognize it at start-up so it can essentially be used read and written to like a local drive.
Is there a way to make Windows 7, either by built-in software or third party software, automatically backup certain files or directories when changes are detected?
For example, I have a folder on my internal HD where I organize the vast amount of photos that I take so that I can easily find them through the operating system instead of having to go through a photo manager. In my ideal situation, something would be monitoring to see if I have made changes in only that folder (either adding new folders, deleting photos, or modifying files) and simultaneously make the changes to the network hard drive. Effectively, I want something to mirror the changes on my local hard drive on the fly and update the network hard drive accordingly. I do this all manually at the moment and it sucks up a lot of time that could probably be done automatically.
Does any one advise the current ASA 5510 is going to EOS ?
View 1 Replies View RelatedUsing any computer and AnyConnect, I can connect to our network via ASA5500. But when I use Cius or iPAD, I always get a No License error message.
View 3 Replies View RelatedASA-5510, inside, outside, and some DMZ.Some services published with Static NAT - no problem.Now we need to add a second outside connection, with a second provider.Internet navigation only through the first provider (default gateway to the provider router "A").I need to publish some services ALSO through the second provider, ensuring the accessibility of both public IP addresses.I can set up the second NAT on the second interface, but the answer is ONLY to the first IP (the ISP "A", where I have the default gateway).By Cisco manual, it seems that there is a "lookup route" automatic with the return route of NAT, but it does not work.
View 6 Replies View RelatedShould we active IPS feature in ASA 5500-x by useing license?in the 5500-x ordering guide:IPS is only sold as ASA-IPS combo SKUs i.e., one cannot add IPS service as an option on top of ASA SKU. For example, if IPS service is desired on ASA 5515-X appliance, the relevant SKU is ASA5515-IPS-K8 or ASA5515-IPS-K9.But my customer has actived it by using the ASA5525-IPS-SSP on ASA5525-K9.
View 2 Replies View RelatedRecently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.
View 0 Replies View RelatedIt's a problem about access ASA5500 Firewall mangement port. The customer request access ASA5500 by entering the default IP address https://192.168.1.1 to monitor data tracffic in Windows 7. But after entering the default IP in IE, no any page appear.
But that way can access ASA5500 magement port successfully in Windows XP. What the different between Windows 7 and Windows XP? Is there any way or any patch can access ASA5500 manemeng port in Windows 7?
I have a large quantity of ASA5520's and ASA5540's that need to be quickly assessed and RTV'd (if need be) if they are found to be upgraded ASA5510's.
My concern is because of this recent release-note by Cisco: [URL]
Is there a way to check the amount of DIMM slots on a unit through console or do I have to physically check each and every one?
I was wondering if it is needed to license the IPsec VPN clients in the ASA5500 firewalls...I know that you have license the SSL VPN peers (AnyConnect). I am almost sure that for the IPsec you don't have to.
View 1 Replies View RelatedI am attempting to port-forward on an ASA 5500 to internal host .100. The outside interface recieves its IP via DHCP. Packets are being denied so I ran packet-tracer and get the following error from outside to ssh port on internal host.
#packet-tracer input outside tcp 79.x.x.x 1025 71.x.x.x ssh
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
[Code]...
I would like to know about asa 5500-x. Does it supports application visibility and granular control for different applications. Moreover bandwidth control based on different users and different applications
View 1 Replies View RelatedWe have ASA5500's deployed for remote access concentration.We use Cisco IPsec vpn client with a group policy the chacks for Network ICE BlackIce ersonal firewall.The powers-that-be wish to change to McAfee presonal Firewall ok..Now the Group Policy allows you to check for several pre- configured Firewalls, Cisco Integrated, Sygate, Zone Labs etc.So as McAfee are no listed then I am to assume we go for "Custom Firewall" and this is where I am struggling.To configure checking for a Custom Firewall I must have the Vendor ID and the Product ID.McAfee haven't the faintest idea what we're talking about when we ask them for these details.Or is there a way to extract them from the registry of a machine with the McAfee product installed?
View 3 Replies View RelatedI am evaluation the new Anyconnect 3.0 client against Microsoft DA. Everything looks good but I am wondering; Is it possible to have Anyconnect auto connect (based on TND) before user logon without the user activating the client manually?
View 4 Replies View RelatedI know that configuration in 8.2.x and 8.4.x is different in terms of NAT and object groups.
I just want to know is it possible to do a direct upgrade from 8.2.3 to 8.4.x ?Secondly, will ASA automatically convert all the configuration from 8.2 to 8.4 format during the reboot after the upgrade?
in the ASA Migration Guide for Version 8.3 says about real ip address: "All of the access-listcommands used for these features are automatically migrated unless otherwise noted"
But my ACL's have not been migrated to real ip address. In my migration log:
INFO: NAT migration completed. Real IP migration logs: No ACL was changed as part of Real-ip migrationWhy?So, do I have to migrate them manually?
Is it possible to automatically shutdown the OUTSIDE interface on a Cisco ASA 5520 in case of intrusion?.
In my opinion if there is an attempt of intrusion, just the device would stop it. If it cannot detect it, how can the device recognize the event and so shutdown the interface?. Am I correct?
I have been told that if an access list is created with the suffix _access_in, that if the preifx is the name of an interface, then that access list is automatically bound to that interface, even if there is no explicit command doing that. I looking at the config of an ASA 5550.
example:
Interface is Production
access list is called Production_access_in.
Is that access list automatically bound to the Production interface, even though it does not show up in any other commands?
I am trying to use the built in feature of Cisco ASA 5510 smart call home feature with the purpose of automatic backup creation by email. I found the configuration [URL]. I already configured the said instructions but when I send a test email it says it cannot contact the email server. Below is the error that I am getting from our ASA. I am new to firewall.
OGI-MNL-ASA-FW0# call-home test profile ASA_Config_Backup
INFO: Sending test message to fcaccam@example.com...
ERROR: Connecting to SMTP server xxx.xx.xxx.xx failed: CONNECT_FAILED(33)
ERROR: Failed: CONNECT_FAILED(33)
how can I enable an automatic power-on after a power failure on an ASA 5512-X?
View 5 Replies View Relatedi have a 2008 server that needs 80GB of data backed up over a VPN.i want to use backup exec 2012 i tried backing up the first 10GB but at the rate it will take two weeks to copy across we are upgrading our upload, but it still wont be viable i need to put the machine on the local network, do a full backup then point a differential backup to the same full backup (Anyway thats what i think should happen)
View 8 Replies View RelatedWith this Windows 7 & 8 needing storage device for ISO, looking for a better way to back'em up through my network... or having storage device attached to My router..?This is my router.. It has ReadyShare USB storage Access [URL] PDF Manual Router:[URL]I have available hardware 500Gb eBook device I can use???I also have a [URL]How to set these items up for best preference.
View 6 Replies View RelatedI'm configuring ACS for the first time and the config is complete and working, except backups of the view database. I've created a TFTP repositiory and if I perform a manual backup or wait for a scheduled one to occur it fails. I do get a .tar.gpg file in the TFTP server (but can not restore from it as it's not listed in "Restore" as a backup).
It works fine if I create and use a local disk repository. I get a .tar.gpg but also a catalog.xml and repolock.cfg file (which I don't in TFTP). Looking at the logs on the TFTP server I can see it tries repeatedly to read the catalog.xml file but fails:
Read request for file <DB/catalog.xml>. Mode netascii [15/07 16:05:52.167]
File <DBcatalog.xml> : error 2 in system call CreateFile The system cannot find the file specified. [15/07 16:05:52.167]
That seems correct, the file doesn't exist. However it never seems to try and create it.
I have a new installation of LMS 4.2 on the Soft Appliance and seem ot be only able to configure backups to the local disk? There is no option to select any of the configured repositories like there is in ACS. I can backup to /local disk, after change to filesystem as below:
chgrp casusers -R /local disk chmod 0775 /local disk
But the issue is, how to I get this off the box in an automated fashion so it can be part of our corporate backup schedule?
I understand that a full backup backs up everything, and a differential backs up all changes since a full backup, and an incremental backup backs up all changes since the previous incremental.My belief is that I can do a full backup on Sunday, then differentials Mon- Fri. Then, if everything crashes, I can restore the full, then the most recent differential (As opposed to a full restore, an a bunch of incrementals to catch up)My question is if I do a full backup on Sunday, on Tuesday user Mary creates a file, on Wednesday she deletes it by mistake, then on Friday she realizes it and calls me.Will that file still exist on Thursday night's differential? Or do I need to load up Wednesday night's backup?The reason I am asking is because I am trying to go off of tapes and use a NAS instead. I would like to have a Sunday full backup, then have one differential backup that gets overridden nightly, to save space.By doing this, I will only have a full backup and the most recent differential. The alternative is to have a weekly backup and 5 differentials, which takes up more space?
View 1 Replies View RelatedI've noticed, that ACS 5.1 is writing .gpg archives for backups. I'm about to upgrade an evaluation system and the Installation and Upgrade Guide tells me to do a full backup and restore in order to upgrade an eval to a production system. [URL] (second note in section "Evaluating ACS 5.1)
Question: can the production system sucessfully decrypt the backup? According to my personal gpg it is CAST5 encrypted with one passphrase. Is this passphrase constant for all ACS 5.x?
I have been trying, so far unsucessfully, to trigger backups to a TFTP server of our SGE201 switches. I have testesd TFTP backups via the web interface, and that does work. I need SNMP as I need a scriptable method to trgiger the backups on a regular schedule. I am running the SNMP query from a RedHat Linux server. So far I have the following query work out, but it is failing: [code] The error I am getting is generic, and the same query failed on multiple switches running Software Version 3.0.0.18. The switch is set with the community having full SNMP-admin access from the server's IP address.
View 3 Replies View RelatedAlthough I have no problem with backup/restore in ISA550 when I do it in the same device, I do have problems when restoring in one unit the backup of another unit, i.e. when cloning devices in order to avoid having to configure every device from scratch. Lets call A the master device and B and C the devices I try to clone (to save most of the configuration) to modify them later. I get two different situations here, but none of them works:
Situation 1.B reads without complaining the backup from A and gets the same configurations settings than A, but once modified appropriately to stablish a VPN Site-to-Site tunnel with A, ther is no way to make it work. Furthermore, this unit cannot be configured to VPN with A, even using the Site-to-Site wizzard (which resets all VPN settings).
Situation 2.C complaints when reading the backup from A and does not read it. However, this unit can be configured by hand using the wizzard and the VPN works fine.
So, I suspect that something in the backup identifies the unit in such way that VPN gets in troubles. What it does work is doing a FULL RESET of the unit B and then configure it manually.
I have reported the issue but the Cisco agent closed it simply saying that this cannot be done. I have serious dificulties believing that in you have N devices you have to do N configurations from scratch. I am aware that perhaps some codes must be removed before doing a backup, or that should be something like an "anonymous backup" for such objective, but I cannot accept that it is impossible to do.
I had a pair of Dell R710's and need to revamp our battery backups badly. Having almost no budget has its difficulties.These are 2x 120v 2200 smart ups. The servers both run win2k8r2. Not looking for run time, looking for safe shut down. Thinking 1 server per.
View 19 Replies View RelatedI have a dir-655 and have two schedules set up, one for weekend and one for week days, for wireless access. Is there a way to switch from one schedule to the other automatically?
View 1 Replies View RelatedWe have two 5508s in a boarding school environment and about 5 wireless networks. Administration wants to know how can we shut down the student networks @ 11:30pm and then have them come on @ 6:00am. Othern than doing it manually is there another way?
View 3 Replies View RelatedI have ACS 5.2 and would like to know if I can schedule a report to be sent to my email address each Sunday for example for all the failed and succeeded attempts for devices authentication.
View 3 Replies View Related