Cisco Firewall :: Unknown Error On ASA 5505?
May 18, 2011
This might actually go into Networking Basics because of the nature of the problem, but I tossed it in here because of the Cisco product involved. Long story short, I need to do some detective work to figure an apporpriate IP address for a NIC.I recently started working at a company with the ASA 5505 and I need to upgrade the software image on a bunch of them. There's already a computer set up with a TFTP server and Hyper-Terminal to do it. I'm trying to use the CLI update procedur[URL] but when I get to the beginning of the actual transfer from the TFTP, I get stuck at "Accessing" and then the connection times out with the message "Unknown Error".The only thing I can think of is that somehow the ASA is not making it all the way to the TFTP server, probably because the IP address settings on the NIC for the computer is set wrong. I say this because in the config file provided me, the ASA is given an address X.Y.Z.1, subnet mask /24 (where all the letters are constants) and the TFTP server has an addess in its software config of X.Y.Z.10 mask /24, but the NIC on the computer is set to A.B.C.105, which is an entirely different network.I need to figure out what I can make the NIC IP address so I stop getting the error. I tried a couple of different X.Y.Z.x addresses, but haven't gotten anything yet.
View 1 Replies
ADVERTISEMENT
Aug 6, 2012
i have a desktop and a laptop(dell xps 14).and am using a modem to connect both using ethernet cable.my modem is showing lan connection of both computers.but there are problems which are- i cant connect to my homegroup i cant find any server on lan while playing games i cant share files
a network driver is missing.details are- property-hardware id values-ACPI/SMO8800 *SMO8800 also specified that first value is highlighted and error code is 28
View 2 Replies
View Related
Apr 24, 2013
From Chrome when I try to download from a file sharing site I get "Unknown network error". And from firefox I get "source file could not be read". From internet explorer it just stops. The downloads don't even get halfway thew before failing. I didn't have this problem with this computer previously before I moved. I'm using the same access point and same internet connection. One thing I notice is that windows network center shows at times that I'm not connected to the internet but I'm still able to browse and use the internet. The disconnected icon only lasts for a few seconds in network center.So I think its some kind of settings or access point issue. Windows 7 64bit Ultimate service pack 1 My ISP is Suddenlink(cable) located in Louisiana. I'm renting their wireless router/cable modem. The Access point I'm using for the PC is trendnet TEW-430APB.My internet security is Bitdefender total security 2013?
View 1 Replies
View Related
Oct 3, 2011
I have a dell Win XP need to connect to Belkin router
View 1 Replies
View Related
Jul 6, 2011
I have configure L2TP vpn using ASDM and now i am not able to connect my Cisco ASA 5505. it's showing error message 3Jul 07 201118:57:38IP = *.*.*.*, Error processing payload: Payload ID: 1
View 1 Replies
View Related
Dec 28, 2011
when I want to recover my 2960 switch in rommon mode with xmodem command, It shows me these errors. when I reset the switch, still shoes these errors:
Unknown cmd: 1;2c1;2c[?1;21;2c[?1;21;2c[?1;2;21;2c[?1;2[
switch: ?1;2c[?1;21;2c[?1;21;2c
switch: ccknown cmd:
*** line too large *****tch: c1;2[?1
switch:
Unknown cmd: cc?1;2c[?1;21;2c[
[code]....
View 1 Replies
View Related
Jan 16, 2011
I am get stuck on this issue, i have asa 5505 which was working more than 4 months, after power recycle the firewall is not booting now, it gives the below error. i have tried to upload the new image however the story is same.
i2c_write_byte_w_suspend() error, slot = 0x0, device = 0x40, address = 26 byte count = 1. Reason: I2C_UNPOPULATED_ERROR.
View 2 Replies
View Related
Apr 7, 2011
I use a CISCO ASA 5505 with ASA 8.3. Everything works fine, but when I type the following line I get an error message:
nat (inside,outside) source dynamic OBJ_SPECIFIC_192-168-1-0 10.1.5.5ERROR: 10.1.5.5 doesn't match an existing object or object-groupI even tried to create the missing object but it did not work. The document also explains how to use ASDM for this configuration. It seems that there an object 10.1.5.5. is created.
This is the output of "show running-config":
ASA Version 8.3(1) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 nameif outside security-level 0 ip address 10.1.5.1 255.255.255.0 !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2! interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveobject network obj_any subnet 0.0.0.0 0.0.0.0object network
[code]....
View 1 Replies
View Related
Apr 15, 2012
Whenever I use the following command I get an invalid input error
ciscoasa#conf t
ciscoasa (config) # crypto isakmp enable outside
ciscoasa (config) #object network net-local
ciscoasa (config-network) # subnet 192.168.101.0 255.255.255.0
^
I have reset the firewall (cisco 5505) to factory default. The marker ^ is under the subnet
View 10 Replies
View Related
Apr 1, 2012
I Have a Firewall ASA 5505 with asa 8.4(2) asdm 6.4(5) I have only one Public IP services and need to publish on the Internet
External User (Internet) -> Calls connection on port 22 Internal server 192.168.1.124
External User (Internet) -> Calls connection on port 80 of the Internal 192.168.1.124 server or other server the same inside.
In the first moment I'm just testing the access port 22.I had it working in version 8.2 but after I updated to 8.4 does not work, I've tested several different configurations.
Configuration (see asa5505_config.txt file)
object network remoto_ssh
host 189.120.190.229
object network linux_ssh
host 192.168.1.124
nat (inside,outside) static remoto_ssh
access-list outside_access_in line 1 extended permit tcp any object linux_ssh eq ssh
ERROR: Address 189.120.190.229 overlaps with outside interface address.
ERROR: NAT Policy is not downloaded
View 12 Replies
View Related
Apr 4, 2010
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password EhxQ5dBfvkyaUj52 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.10.8 W2K3-X32-SP
[code]....
I have a problem with a dmz vlan. I can´t surf over internet on a remote host.The dmz vlan links with remote network on host 192.168.20.3 .
INSIDE (192.168.10.0) -------------- Outside (88.88.88.0) -------------- DMZ (192.168.20.0)
^
|---------- Remote network (192.168.9.0)
View 8 Replies
View Related
Jan 16, 2013
When downloading files using chrome I keep getting "unknown network error" before the download is complete. Why is this happening and what can I do about it? I am using vista on an acer aspire 5535 laptop. I tried using internet explorer a few times instead but it has also happened there.
View 1 Replies
View Related
Jul 7, 2011
I have connected an ASA 5505 to an ADSL router that is able to assign the IP address and the also the DNS servers for the ISP for the outside interface. The ASA is loaded up with IOS "asa842-k8.bin"
I am using vpnclient with a hostname as oppose to an IP address to connect to a headend remote server. If I hardcode the DNS servers IPs in the "dns server-group DefaultDNS" I am able to resolve the hostname. If I then remove the IPs from the group and rely on the dhcp to assign them, when I try to resolve the name I have an error at the console "ERROR: % Invalid Hostname"
View 2 Replies
View Related
Feb 14, 2013
I set the asa Vpn to connect to the other firewall, the VPN is ok but when i see the logs of bytesTX and BytesRX the asa receive a lot of packages in BytesRX but dont send anything in BytesTX.
View 1 Replies
View Related
Jul 5, 2011
My customer had 2 asa5520 version:8.0(5)20 and LMS 4.0.1.Two Firewall are "unknow" on LMS, why ?Normally, LMS manages ASA with version 7 min.
View 1 Replies
View Related
Nov 26, 2012
I have a pair of ASA5510s in a failover configuration where I see these 2 logs repeated every 15 seconds.
105008 1 Nov 27 2012 10:39:27 (Primary) Testing Interface management
105009 1 Nov 27 2012 10:39:28 (Primary) Testing on interface management Passed
I have read other threads where these are accompanied by "105005, Lost Failover communications with mate on interface". But I'm only getting these 2. The other thing that is confusing is that the "management" interface is not the failover interface. So why do I see 105008/9 logs about it?
Output of "sh fail":
5510a# sh fail
Failover On
Failover unit Primary
[Code].....
View 6 Replies
View Related
Apr 27, 2011
I am using ASA 5505 with firmware 8.2(2). My ISP uses PPPoE as a WAN connection protocol. There is a problem with getting PPPoE session started on my ASA 5505. The debug output says that after negotiation of PPP-authentication protocol ASA receives a PADT packet from ISP’s concentrator. To get more information I captured all packets on outside interface with WireShark. Packet-dumps (in .pcap format) are attached in this post. I have tried all possible combinations of PAP/CHAP/MSCHAP values in “vpdn group MYGROUP ppp authentication” command. If you take a look at the packet-dumps you can see, that in case of “PAP” – ISP’s concentrator rejects negotiation (PAP is not supported by my ISP). In case of CHAP/MSCHAP (that ARE supported by my ISP) – ASA acknowledges the using of MSCHAP v.2 PPP-auth protocol, which is actually not supported by it…
Judging by MAC-addresses of ISP’s concentrators it is visible that Cisco’s equipment also is used.
The questions is: Why ASA acknowledges using of unsupported ppp-auth protocol during negotiation and what I need to do to resolve this issue? (ISP’s support says, that they cannot change PPP-auth protocol negotiation order. Also they says that I need to contact with manufacturer of my equipment).
View 3 Replies
View Related
Apr 12, 2011
I am unable to connect to the vpn I set up on my ASA 5505 using the Cisco VPN Client on a Windows machine. The log of the vpn client and the config of the ASA 5505 are below.
LOG CISCO VPN CLIENT
Cisco Systems VPN Client Version 5.0.06.0160
Copyright (C) 1998-2009 Cisco Systems, Inc. All Rights Reserved.
[Code]......
View 2 Replies
View Related
Oct 19, 2009
I get the following error when trying to connect a vpn client through an ASA5505 with an already configured ipsec AES/256 site to site connection:
regular translation creation failed for protocol 50 src:inside:192.168.1.167 dst:outside:xx.xxx.x.64
The site to site addressing is not relevant, I'm not trying to pass traffic over the site-to-site, but rather create a new vpn from inside client to outside external vpn box that's not under my control. The client is able to create a connection, but no traffic is passed, when I try to ping / rdp, the above message is returned to me. If I add the rule static(inside, outside) interface 192.168.1.167 netmask 255.255.255.255 then it works, everything works, but ONLY from this computer.
Been Google for hours, but with no result as of yet.
View 6 Replies
View Related
Feb 24, 2012
Just installed an ASA 5505 with AnyConnect Essentials. AnyConnect installation works fine on some windows boxes (All flavors) but have a couple machines with issues. This makes it clearly a computer side issue. When I try to log into the ASA to download the client with IE 9 the ASA just keeps asking for my logon credentials. If I I use Firefox my credentials work and I get as far as the "Using Sun java for installation" with instructions to click yes on the java security warning. The Java Security warning never arrives like on machines that don't have this problem. Firefox just hangs and has to be killed by task maanger. Remove and reinstall of both Java and Firefox fail to correct the problem. Any AnyConnect clientside recovery tips beyond Java and Browser reinstall?
A Google search show a few folks using Ubuntu and old PPC Macs seeing the same java error I get on these couple of windows boxen. [code]
View 2 Replies
View Related
Nov 6, 2011
I'm trying to set up a 5505 (running 8.3) so that i can use the client vpn through RADIUS authentication.I have set up a new local RAIDUS windows box and used the ASDM asistant and a few other guides to setup the 5505.
View 3 Replies
View Related
Jan 9, 2013
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem.
The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
ASA Version 9.1(1)
!
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
[Code] .....
View 9 Replies
View Related
Jul 19, 2011
I recently had some trouble with my ASA 5505 in that the running config would not be saved after a reboot. Definitely looked like a hardware problem with the flash memory. I have since bought a new flash memory card and copied the contents of the old card to the new card. 1st problem I have is that I can see the image on the new card, but for some reason it wont boot into that image. I get /file not found
I then successfully load a new image to the device and it boots successfully. I then follow it with a
Cisco asa# config t
Cisco(config)# boot system disk0:/asa831-k8.bin
(to ensure it boots from the flash in the future) and I get
WARNING: BOOT variable added, but unable to find disk0:/asa831-k8.bin
I have since tried
ciscoasa# fsck disk0:
Unsupported file system type!
%Error checking disk0: (No such file or directory)
When ever I try to do anything with Disk0: i get the same error. (No such file or directory). I have also tried putting the old flash card in the ASA and I now get the same response.
View 11 Replies
View Related
Nov 16, 2012
[OK] webvpn
webvpn
[ERROR] anyconnect image disk0:/anyconnect-win-3.0.08057-k9.pkg 2
copying 'disk0:/anyconnect-win-3.0.08057-k9.pkg' to a temporary ramfs file failed
Trying to add the windows anyconnect to the list of usable software for clients and that error happened. What is going wrong? I assume I dont have enough RAM...
View 1 Replies
View Related
Apr 28, 2011
Connection denied due to NAT reverse path failure
View 2 Replies
View Related
Sep 7, 2011
How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
View 1 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Feb 19, 2012
I have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Feb 27, 2013
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
View 5 Replies
View Related
Dec 22, 2011
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
View 7 Replies
View Related
May 3, 2011
I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???
View 4 Replies
View Related
May 28, 2012
I have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.
View 4 Replies
View Related
