Cisco Firewall :: Setting Up Failover Mode On To ASA 5510s
Feb 9, 2012I've been given the task of adding a second ASA 5510 to a live ASA and making sure that the active/standby failover works, do I need a crossover cable?
View 4 Replies
ADVERTISEMENT
Cisco Firewall :: Failover Transparent Mode ASA 5520?
Sep 19, 2012Recently, I unable to configure the failover on bridge group in transparent mode . I have five interfaces .out of this only 3 is showing in the show run config . Whether I can config failover on on of the data interfaces.
I have the ASA 5520 with the version ASA Version 7.2(4) <context>
Cisco Firewall :: To Setup ASA 5525 In Active Standby Failover Mode
Feb 12, 2013I need to setup an ASA 5525 in Active/Standby failover mode. I am setting up the ASA for a company that purchased only one public IP address. The public IP address is assigned to the outside interface. My question is will failover work correctly if I don't use a secondary IP address on the failover configuration on the outside interface?
View 4 Replies View RelatedCisco Firewall :: Configuring ASA 8.4.2 In Active / Standby Failover Mode With Two Cables
Sep 15, 2011We configuring ASA 8.4.2 in Active/Standby failover mode with two cables. What would be the best design configuring etherchannel on ASAs or have one active and one standby redundant cable ?
View 1 Replies View RelatedCisco Firewall :: ASA5510 With CSC Module - Pairing It For Active / Standby Mode For Failover?
Jan 22, 2013I am a single ASA-5510 with CSC module.I want to pair it for active/standby mode for failover .... can it be done if second ASA doesn't have the module? Can I assume the in case of a failover, the traffic won't be checked, and primary does in case CSC module fails?
View 2 Replies View RelatedCisco Firewall :: Pinging Across 2 ASA 5510s
Dec 16, 2012Here's my basic setup:
Computer A:
IP- 192.168.0.3
Mask- 255.255.252.0
Gateway- 192.168.0.2
[Code]....
Computer A can ping Firewall 1 and Firewall 2, but not Computer B. Computer B can ping Firewall 1 and Firewall 2, but not Computer A. Firewall 1 can ping Firewall 2, Computer A, and Computer B. Firewall 2 can ping Firewall 1, Computer A, and Computer B.
Why can't the computers ping each other, but their default gateways can? I've specifically allowed ICMP any any on all the affected interfaces.
Cisco Firewall :: ASA5540s And 5510s - High Utilization Reported From ASA (8.4.1) To CSM (4.1)
May 30, 2011We have several ASA5540s and 5510s (v8.4.1) being managed by CSM (4.1) Every so often several of the ASAs will send SNMP messages to CSM stating very high CPU utilization reached, usually between 150% and 400% - sometimes as high as 4million %.Obviously you can't get greater than 100%.
View 1 Replies View RelatedCisco Firewall :: Use USB Ports On ASA 5510s To Copy Files Onto Flash?
Nov 9, 2011Is it possible to use the USB ports on a ASA5510's to copy files onto the flash?
I have not been able to find any ionfo on this in the users guides ?
Cisco Firewall :: Connecting ASA 5510s To A DSL Modem With Static IP Range
Feb 27, 2013I have DSL service with AT&T and I have a Motorola 3360 modem. We also have a /28 network of static IPs from AT&T. When I login using PPPoE on the modem it gets x.x.x.190 as it's address. Our range is 177-190. I have two ASA 5510s in an active/passive failover configuration with the Ethernet port of the modem and one interface of each of the ASAs on a dumb layer 2 switch.
I want to setup this DSL connection as a backup to our main Internet connection. I cannot figure out what setting on the DSL modem to use to make this happen. I know I cannot use PPPoE in a failover setting so I can't have the modem in bridged mode. There is some mode where it passes the 190 address to the connected device and when I plug in a PC directly to the modem and set it for DHCP it does get 190 as it's address. So do I configure the ASA interface as 190 with one of the other addresses as it's standby? What do I set my route on the ASA to for use of this connection? Can I then make use of these other static addresses when plugging other devices into the layer 2 switch?
Cisco WAN :: OSPF ASA 5520 In Failover Mode?
Apr 1, 2008I currently have a set of firewalls in active standby configuration running an ospf process injecting a default route into the rest of my network.I noticed when i was testing the failover that the asa's do not actually pass the route tables on failover, thus forcing the need to wait for routes to converge and for the default route to be advertised back into the network. This of course is not acceptable.
Is there a way around this or do I have to setup static default routes on every device in my network. I am trying to avoid setting up default routes on all of the devices because due to the setup of my network I have equal cost links configured in the event of hardware or link failure. So the devices then see an advertised default route from multiple paths.
Cisco Routers :: RV016 - Port VPN Setting Up A Failover
Sep 13, 2012I was wondering how does failover works on Cisco Small Business RV016. Specifically, I am interested when one WAN line stop working, and all the computers in the LAN start using another line. Does it means that IP addresses of the computers in the LAN will change, or they stay the same? If they change can I set it up that they always stay the same no matter which input WAN they are using?
View 1 Replies View RelatedCisco Switching/Routing :: 2821 - Setting Up Multiple Routes With Failover
Apr 2, 2013I'm a bit perplexed atm with trying to set up multiple failover routes on a 2821 router. Let me say that I have more experieince in a switched network as routing is seldom required where I work atm. Here's my problem. I have a routing table set up as follows but only the primary routes work. The failover routes will not kick in once the primary route is not there.
ip route 10.32.11.0 255.255.255.0 128.32.8.11
ip route 10.32.11.0 255.255.255.0 128.32.24.11 100
ip route 10.32.12.0 255.255.255.0 128.32.8.12
ip route 10.32.12.0 255.255.255.0 128.32.24.12 100
ip route 10.32.14.0 255.255.255.0 128.32.8.14
ip route 10.32.14.0 255.255.255.0 128.32.24.14 100
Ip addresses are not exact but it gets the point across.
Why the failover routes are not failing over? The failover routes work if I remove the primary route from the config.
Cisco Firewall :: ASA5510 Single Mode / Move To Multi Context Mode
Sep 16, 2012I got an ASA 5510 system currently in single context mode, with CSC SSM installed. Single ISP uplink to internet, no VPN. And now customer would like add another ISP uplink, without invest another box for HA.What come across my mind is make the current box into multi context. There's some area i need to concern and also need yours perspective on it.
Question 1: For making the firewall into multi context, am i need to do it from scratch, issue mode multiple command. Then rebuilt the current production config into one of the context, then another context meant for the new IPS uplink, and one admin context?
Question 2: For CSC -SSM licensing requirement, model ASA 5510 with security plus license is able to support 2 context. So if i split my firewall like what i mention in question, what exactly number of context do i own (admin, context A, context B)?
Question 3: For CSC-SSM module in multi context mode, so the management port of CSC SSM must attach at admin context?
Question 4: After configured all the policy and traffic to scan, how exactly i should do in order apply this policy to the interface? Should i only enable at admin context, then firewall service-policy rules, and apply it global, OR should i also do the same action on context A and Context B?
Cisco Routers :: Setting The RV042G To Router Mode?
Feb 20, 2013Is there documentation on setting the RV042G to Router Mode and what that changes to it's topography? The manual simply tells us to click the button to change the mode?!?!? A 4th grader could figure that out - but what does it do to the unit? Does it basically become a glorified switch with an internet connection? Can the 2nd WAN port be used as a switch node?
View 7 Replies View RelatedSetting Up Bridge Mode To A Satellite Receiver?
Mar 5, 2011i want the Satellite receiver to be wireless.i have a I-Link 9000 Plus Satellite reciever which has an ethernet port , where the buffalo router will be connected. (Buffalo WHR-HP-G300N Firmware: DD-WRT v24SP2-EU-US My main router is the Linksys Wireless G router WRT54G2 V1.5.
View 2 Replies View RelatedCisco VPN :: ASA 5510s / Remote VPN Users Need To Access Networks Connected By Static VPN
Oct 23, 2012I have five (5) sites all connected via static VPN tunnels. They are all using Cisco ASA 5510s running 8.4(4)1. Any internal IP on each site can ping any IP on a remote site, because of the static VPN tunnels. I have the external IP (routeable) addresses connecting to each other.
Site A: 10.1.0.0 /24
Site B: 10.2.0.0 /24
Site C: 10.3.0.0 /24
Site D: 10.5.0.0 /24
Site E: 10.10.0.0 /20
I have remote users who connect using Cisco AnyConnect 3.1 to Site E. They get a static IP within the 10.10.100.0 /24 subnet (vpnpool00) and can access anything in the 10.10.0.0 /20 subnet. So far, so good.No management wants users to access devices within the other sites, specifically Site A using teh same AnyConnect connection. In other words, they get an Ip address of say, 10.10.100.5 and now need to access a server on Site A's subnet or 10.1.0.5.I have checked my NAT statements and they appear to allow this, but so far when I do a ping I get the following: Routing failed to locate next hop for ICMP from outside: 10.10.100.5/1 to inside: 10.1.0.5/0 What am I missing? Is there a NAT statement that is wrong, or an access-list statement or possibly a static route?
Cisco Routers :: Is There Documentation On Setting RV042G To Router Mode
Feb 21, 2013Is there documentation on setting the RV042G to Router Mode and what that changes to it's topography? The manual simply tells us to click the button to change the mode?!?!? A 4th grader could figure that out - but what does it do to the unit? Does it basically become a glorified switch with an internet connection? Can the 2nd WAN port be used as a switch node?
View 1 Replies View RelatedCisco Firewall :: Failover ASA 5505 - Setup Second Inside Interface On Firewall?
Feb 19, 2012I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies View RelatedCisco Switches :: SG300 - Setting Management Interface In Layer 3 Mode
Jun 13, 2012How to set the management interface on a SG300 Switch in Layer 3 mode? I've some vlans configured on the switch with interfaces in each of them:
Vlan 100 (10.0.1.254 /24)
Vlan 200 (10.0.2.254 /24)
Vlan 300 (10.0.3.254 /24)
...
Vlan 900 (10.0.9.254 /24)
Now, the management interface is listening on all interfaces (IPs). But I would like to configure the switch to only listen on 10.0.9.254. What I need to configure or whether it is possible?
Linksys Wireless Router :: E3000 - Way To Set Up Security Mode Setting?
Feb 14, 2013I have an E3000 router guest access set up via CD. Is is possible to set up a Security Mode setting on this rather than it being open to all. I cannot find anything for Admin to set this up, it seems a glitch in security?
View 1 Replies View RelatedCisco Firewall :: Failover With PIX 525
Nov 10, 2011I got PIX 525 with failover. Due to power issue one Unit was offline for a while. During this time couple of changes was done on the Firewall.
Which Unit becomes active when I plug the Firewall unit which was offline for a while now. Each Unit has 4 Ethernet Connection
E 0/0 - connects ISP Router
E 0/1 - connects to Lan switch
E 1/0 - connects to DMZ port
E 2/0 - connects to failover unit PIX
Cisco Firewall :: ASA 5520 With Failover NAT With Two ISP?
Jun 20, 2011Currently we have one ISP1 and all traffic goes to this way. Suppose our isp1 goes down, our outside user cant get the server. All servers are nated to this ISP1.We planned to purchase a another ISP2. Shall we Configure same inside server to map this ISP2? so that one primary ISP1 goes down it will take place the outside trafficISP2.
View 1 Replies View RelatedCisco Firewall :: How To Configure ASA Failover For 8.4
Nov 23, 2011How to configure ASA failover for 8.4.
View 1 Replies View RelatedCisco Firewall :: Pix 525 Cluster Failover?
May 23, 2011a customer have 2 pix 525 with ver 7.0.1 in a failover configuration with serial cable and 2 sc fiber interface and 2 fastethernet 1 used for failover. the strange behaviour is that when i try to do traffic from inside to dmz or dmz to inside the maximum transfer is 862Kb/s to 1MB/s not more.... i don't understand what's happened. the show mem and show cpu are normal 7% mem used and 1-2% cpu used. attached you will find the configuration.
View 5 Replies View RelatedCisco Firewall :: ASA 5520 Failover With SLA?
Jul 19, 2011Is it possible to setup 2 x Cisco ASA 5520 that are in an Active/Standby failover using sla monitoring?
For example ASA1 outside interface connects to an upstream switch and you setup sla monitor with icmp echo to ping that switch. The switch goes down and you need the other ASA2 to become the Active ASA. Can the sla monitor be automatically integrated with the failover commands for this to happen?
Cisco Firewall :: ASA 5505 VPN Failover Over WAN?
Oct 9, 2011I have a ASA 5505 which is connected to a remote site which also has a ASA 5505 over a L2L VPN tunel. One of the sites has a WAN failover configured with two ISP which is working successfully.
But, when the WAN connection fails over to the backup connection the VPN link breaks as the peer site IP address has changed and the VPN can not establish a connection.
Would it be possible to configure a VPN failover so that when the connection failovers so will the VPN tunnel?
Cisco Firewall :: Failover With Asa 5505
Jun 20, 2011There are 2x Cisco ASA 5505 in an active/standby failover config. The primary asa 5505 has been reset and the secondary is now running as active. I would like to reintroduce the primary again but need to know how to do this.
Ideally I would like to remove the failover config and start from scratch. Do I just need to enter the following to disable failover on the active secondary box?
no failover
no failover lan unit secondary
no failover lan interface failover Vlan999
no failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2
Cisco Firewall :: ASA 5585 HA Failover?
Sep 24, 2012I have a pair of ASA 5585 configured with 2 contexts, C1 & C2, C1 is active on ASA-1 & C2 is active on ASA-2 i did failover test, ping was initiated to host residing behind ASA-1 in context C1 i powered of ASA-1 then both context became active on ASA-2, however during this failover.i saw 4 ping packets drop..
View 3 Replies View RelatedCisco Firewall :: ASA 5510 ISP Failover
May 31, 2011Configured ASA 5510 ISP failover and working fine.My ASA as configured as DHCP server also. So its serves IP addressing details including mask,default-gateway, DNS server IPs.Here my issue is whenever my ISP failover occurs my ASA sends previous ISP DNS server IPs to my inside clients.
Here i like to configure my ASA to serve IP addresses dynamically.Or is there any global DNS IP addresses which will work for all ISPs?
Cisco Firewall :: ASA 5505 ISP Failover?
Feb 17, 2013So we currently have a T1 connection at our location. We were looking to add a high speed cable internet and add an ASA 5505 with Security plus license to do failover between the two. I have found a few examples on how this would work but curious about a couple things.
We would want the Cable to be the primary, T1 as a backup.Currently the IAD that handles our T1 does dhcp, dns, and NAT.. Who/what would handle these items with the setup above?
Cisco :: IOS Zone - Firewall Stateful Failover?
Aug 3, 2011I've seen you can configure stateful failover between two routers running ip inspect classic firewall: url...Can the same be done yet for zone-firewall? I cannot find any documentation on it.
View 1 Replies View RelatedCisco Firewall :: Getting Failover Working Again After Upgrade From 8.2.2 To 8.4.2
Sep 6, 2011When we had 8.2.2, we bought a Mobile license to make the iPads running AnyConnect happy. I applied it, but since we'd only purchased one license, it broke failover. 8.4 lets you share tracking licenses, and since we were planning on the upgrade to 8.4.x anyway, I figured no big deal, I'll get that straightened out when I do the upgrade.
Did the upgrade this weekend, and I still can't get things happy, the boxes don't see one-another:
Here's a show failover on the primary:
Failover OnFailover unit PrimaryFailover LAN Interface: failover GigabitEthernet0/3 (up)Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1Monitored Interfaces 6 of 160
[Code].....
Cisco Firewall :: PIX 525 / Failover And Import Configuration?
Mar 27, 2011I have 2 PIX 525, which one of them, step and active failover mode the other PIX 525, leaving this off, do not know what happened may have been a power outage, but in any case I can turn it back on? And the other question I have is if I can import a configuration that I have saved on my computer. i have the PIX device manager.
View 11 Replies View Related