I'm having an issue, with an WS-SVC-FWM-1-K9.
The card doesn't boot properly, it tries to boot, but after a while the 6500 puts it in shutdown.
I've noticed that it has 2 RJ45 ports in the board, I've plugged my console cable, but i only get characters with the default serial configuration.
Any information about the port configurations? Is the port "PC Console" the correct one?
I have added a new NME-WAE-502-K9 in one of our remote Cisco 2811 routers. This module doesn´t boot, and it seems to be in a loop trying to boot. [code]
View 6 Replies View RelatedI have a remote customer who is having issues with their 3825 router - since I can't be on site troubleshooting is difficult but so far all that seems to happen when the device is powered on is the "SYS PWR" light goes solid green, and no other lights come on. Fans seem to be operating normally. Console access doesn't appear to be working.
View 2 Replies View RelatedI wanted to upgrade our three WLC 4402 from software version 5.0.148 to 6.0.202.0. The upgrade on the first controller was working. Unfortunately he lost all the local management users and it's MAC filters, but restoring this was not the problem. After upgrading the second controller.... the device does not boot anymore! The alarm led is RED and I don't know what to do. The only way to get connected to the controller is via the console port. There I can see a "parse error" but I don't know if that is the problem. Please look at the "log" attached. I'm not sure if the red alarm led was there before upgrading the controller software because the device is located to another place. I'm really concerned about upgrading the third controller because it's the most important wlc.
View 3 Replies View RelatedLast night we had some pretty bad lightning and thunder and our Linksys WAG160N appears to have had a bit of a fright.As I was going round unplugging items in case of a hit (this was after a flash or two, relatively nearby), all the lights on the router were off except for the ethernet light (plugged into a Linksys homeplug adaptor). Now the router doesn't appear to boot. When powered on, the power light doesn't flash or anything to indicate booting up, all you get is the ethernet light (if connected) after a few seconds, but no activity. I'm presuming something has been fried or corrupted? I'm not sure if we did have a power spike either through the mains or phone line as all other equipment seems to be fine, but I'm wondering the the homeplug connection might of had something to do with it after reading a few posts from others on the subject.I've held in the reset button while starting and it doesn't appear to have done anything. I will try the 30/30/30 reset tonight.
View 1 Replies View RelatedDue to a problem with POE+ i have tried to upgrade the IOS to Version15.0.2SE2, from 12.2.58. unfortunatly the Switch doesn't boot up anymore. It starts to decompress and install the IOS 2 Times, after the Second try it displays "unable to boot" and the switch goes in Bootloader-mode. When i look at the version i See that bootloader is still the old version 12.2.58. It seems that the bootloader doesn't geht upgraded and that's why the Switch can't Boot the new Image.
View 8 Replies View RelatedWe have small network with 15 Computers all connected to SRW224G4 . After a power brake our switch dosent "boot" anymore. I see all leds working flashing etc but no network acces, no Serial acces. When i try connecting to serial port and "reset" device the screen is blank.
View 1 Replies View RelatedMy ASA5505 is not boot up. I did upload ios from rommon mode with tftp and tftpdnld.It is uploaded successfully after reboot it stopped at cisco logo sing.
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
I deleted old ios and upload new but look same.
how to upgrade a Cisco Pix 525 boot rom from 4.0 to 4.3. Is it a physical chip or software upgrade? Is it needed to upgrade to latest IOS on Cisco Pix 525 to 8.0. Where can I find more information on it?
View 1 Replies View RelatedI have a Cisco ASA 5510 with a strange issue. When I power it ON, the following is the status of the front panel LED:
Power is OFF
Status is Amber
Active is Amber
VPN is Green
Flash is OFF
Also nothing comes up on the console. I suspected a Power supply issue and replaced it, but still it doesn't seem to work.I cant open up a TAC as I do not have a Smart Net contract.
When I power on our ASA 5510 it just hangs on "Launching BootLoader...".
I've managed to get into ROMMON before it attempts to launch the bootloader and tried to restore an ASA image but it said disk0: failed to mount.I've copied the console output but am not sure if it is useful to diagnose the problem or not (and is quite long)
I have 7604 router with FWSM module in module 3.First of all the FWSM CF has been damaged, not physically. I bought the new same compact flash (size, partnumber, etc.). Downloaded the software 3.2 for FWSM, and ASDM from Cisco website. I realized that the procedure of creating new CF for FWSM is quite diffucult: creating 1-5 partitions, where 1 - is MP, and 4th - application partition. According to cisco documentation - the default boot partition is the 4th, so I partitioned from 7604 the CF into 4 partitions (partition disk1: <1-4> maximum) and copied the software and ASDM to the 4th partition (disk1:3:). Removed the CF from the router and put it into the FWSM module.
View 1 Replies View RelatedI have an ASA 5505 that I was updating from frimware 8.04 to 8.41. Anyway, I went through the update procedure half-asleep and accidentally deleted the boot image right after I installed it (I used the CLI and put in the command del asa8*.bin then just hit enter a bunch of times, which of course means I deleted the old firmware too).
So now whenever I power up the ASA, I get the "Could not find boot file" error. Is there a guide somewhere that tells me how can upload another boot image to the ASA and set the ASA to boot it from teh ROMMON prompt?
I have a problem getting my ASA 5520 boot properly. I first though of a flash problem and did a flash erase in ROMMON, then it brought error 15 during boot (No images found in / Error 15: File not found). I then TFTPied and image from Rommon, when done loading the image and start booting, the system hangs and nothing else. Attached is the screen I got on my console during boot up. BTW, the system was in the same state before I undertook any of the above actions. I don't have a service contract, so I can't contact TAC.
View 3 Replies View RelatedWe are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
I've got an ASA 5510 running 8.4.I have a host on an inside interface, with a static NAT configured on the ASA. The inbound/return half of the NAT doesn't appear to be working. [code] I run a ping from the host (192.168.100.98) to something on the outside (1.2.3.4)Running captures, I can see the outbound ping leaving, having been NATed OK. I can see the reply coming back in to the outside interface with the correct IP address, but I never get the final NATed packet appear on the inside interface. The packet just disappears inside the ASA.
View 2 Replies View RelatedI write because my Cisco ASA 5505 doesn't start.When I connect power to the device, immediatly "Power" green Led turn on but "Status" Led is orange and not change.There is not data by Console cable.I try by another Power Supply but nothing.
View 1 Replies View RelatedI have been getting overrun errors on 3 different ASA 5550 HA pairs with traffic rates less than 100Mbps total. I was told by one TAC guy to split the traffic between the two slots so that traffic comes in one and exits the other to maximize throughput because the 5550 was designed to work that way. Another TAC guy told me to enable ethernet flow control to alleviate the overrun errors because the traffic was bursty, but this doesn't seem to address the root cause of the problem to either. TCP traffic is bursty by nature and has it own flow control mechanism. I can't seem to find any detailed info on why traffic needs to be split for 100Mbps when the marketting throughput number is 1.2G. Is this a design flaw or limitation? Is there a way to alleviate overrun errors?
View 25 Replies View RelatedI have one outside interface with global IP address 1.1.1.1 and two inside.Both inside interfaces restrict and non_restrict have private IP addresses.I tried to filter some URLs on PIX515 IOS 7.2, only on restrict interface but my filter does not work.I can access prohibited URL from restrict interface. What's wrong in my URL filtering?
Here is my config:
PIX Version 7.2(2)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
[code]....
A couple of weeks ago, one of our ASA 5505s failed, and Cisco TAC shipped out a replacement. I was on vacation, and my assistant worked with TAC to get our backed-up configuration restored to the new hardware. This backup was just a copy & paste of the "show start," rather than an export done from ASDM. Anyway, since I got back on vacation I was able to iron out all the wrinkles from the configuration restore, except one. The remote access VPN isn't quite working. This VPN is only used in emergencies, when I can't access that branch office's network via our WAN.
What's happening is that clients are getting "authentication failed" messages when connecting. On Windows, it's an error 691. The VPN is set to authentication against RADIUS (Microsoft IAS server). The IAS server reports that the connection and authentication is successful. AAA RADIUS authentication tests on the ASA succeed, as do authentication & authorization LDAP tests. Basically, everything was working fine before we swapped in the new hardware, and I've gone over the configuration with a fine-toothed comb to ensure nothing's changed -- but clearly, I'm missing something. The new ASA is otherwise operating perfectly.
I'm installing a new pack of signature on my IOS Firewall. This is what I'm doing
1.- Upload the .pak file on the flash memory.
2.- Install the package with the command copy flash:IPS/IOS-S636-CLI.pkg idconf but when the insallation finish it doesn't bring any error but when I enter the command sh ip ips sig it says S0.0
I have asa 5505 with security plus license, I configured dual ISP with two different ISP provider. I followed below cisco document to configure dual ISP [URL] The Configuration works during the testing, while removing the primary ISP cable from firewall. The problem i am facing is my primary ISP is down but the gateway is still up and it not switch over to backup ISP. For SLA which IP should i monitor so once my primary ISP is down it will fallback to Secondary.
View 5 Replies View RelatedI have a ASA5520 with 4 Port channel interfaces and ASA Version 8.4.(2). There are many vlan interfaces but in the DMZ I have one Server who has a Static NAT to all other interfaces.
Why the first ping works and the others doesn´t work?
I have a server in a network DMZ (IP 192.168.40.43) need to do discovery of other IP address to update the IPAM tool. It should not be done source NAT so I´m trying to use the configuration below with Policy NAT but isn´t working:
nameif ethernet1 inside security100
nameif ethernet5 dmz8 security55
!
ip address inside 10.56.12.93 255.255.252.0
[Code]....
It´s following message appears "% PIX-3-305005: No translation group found for icmp dmz8 srv: 192.168.40.43 dst inside: 10.38.36.50 (type 13, code 0)".
I'm using DIR 600 for home use. Recently, I noticed that I have trouble connecting to some websites (Twitpic.com, 4shared.com) which I never had any problems before I used the wireless router. It doesn't exactly block the websites but rather it won't load completely (i.e., with Twitpic, I can load the site but not the images; for 4shared I really can't load the page itself).Initially, I had problems updating JDownloader after installation. I tried using our old Edimax wired router, and the JDownloader update worked flawlessly. I also tried loading Twitpic while connected via LAN, and it also worked properly.I'm assuming the problem lies with the wireless router but when I set it up for use I only tinkered with the WPA/WPA2 security for a password-secured wifi connection at home, and nothing more since I can't understand the other features.
View 5 Replies View RelatedI have an ASA 5585 in transparent mode, multi-context. It seems that the option to configure a BVI in one of the traffic contexts isn't there. In other words, while I see the option to configure a bridge group interface in the admin context, no such option comes up in the traffic context.
[CODE]....
I have a ASA 5510. I setup basic configuration to test internet with 2 ISPs. My first line works with out any problem. But my second line doesn't work. Even when i wipe the configuration, and setup only my second isp. Internet doesn't work. Can you tell me if there is anything wrong with this config?
CaaaA01# sh run
: Saved
:
ASA Version 8.3(1)
!
hostname CaaaA01
domain-name example.com
[code].....
my 5505 running on version 8.2.5 doesn't seem to recogize the simple command "ip address dhcp setroute......"
ciscoasa(config-if)# ip address dhcp
^
ERROR: % Invalid Hostname
ciscoasa(config-if)# ip address ?
configure mode commands/options: Hostname or A.B.C.D Firewall's network interface address
Why when I try to reset Cisco ASA 5505 by pressing the button behind the hardware nothing happen? Just via software I can reset it?
I bought the hardware an year ago and I've never used, the problem that I don't have the blue cable and via software connecting to PC doesn't work.
I just got a Cisco asa 5505 with the next OS and ASDM info ASA 5505 OS 8.4(3) ASDM 6.47 I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.
Problem 1 I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
Problem 2. I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
Facts: SMTP. Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.PORT 6001 (outside)this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
CONFIGURATION.
: Saved
:
ASA Version 8.4(3)
!
hostname saturn1
domain-name mydominio.com
enable password SOMEPASS encrypted
[code]....
I'm trying to setup a L2TP VPN Connection on my ASA 5510 to connect with Android/Windows (Native Clients).I'm using the newest Releases:Cisco Adaptive Security Appliance Software Version 8.3(2) Device Manager Version 6.3(5)
My asa config just the interesting part:
crypto ipsec transform-set trans esp-3des esp-sha-hmac crypto ipsec transform-set trans mode transportcrypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map dyno 10 set transform-set transcrypto map vpn 20 ipsec-isakmp dynamic dynocrypto map vpn interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400no crypto isakmp nat-traversal
[code]....
If i try to connect with a Windows 7 Client (NOT behind NAT) I get the Error 691.
I see that Phase 1/2 are working with debug:
Dec 22 16:32:16 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 1 COMPLETED
Dec 22 16:51:25 [IKEv1]: Group = DefaultRAGroup, IP = XXXXXX, PHASE 2 COMPLETED (msgid=00000001)
Then I see this "Error":
Dec 22 16:51:26 [IKEv1]: Group = DefaultRAGroup, IP = XXXXX, Session is being torn down. Reason: L2TP initiated
I don't understand why it doens't work....I tried many templates from the net but nothings works.
I need to be able to redirect some HTTP traffic to an Ironport WSA (for now) on a DMZ interface, the initial config I'm trying to test is along the lines of the following (don't have access to the ASA at the moment to cut-and-paste):
access-list 101 deny any any neq www
access-list 101 deny tcp host 10.0.2.2 any
access-list 101 permit tcp any any
route-map proxy-redirect permit 101
match ip address 101
set ip next-hop 10.0.2.2
Unfortunately the ASA does not take the "set ip next-hop" command, I get an invalid input error message and if I at the route map config prompt type "?" only the "metric" and "metric-type" commands are listed as available.
This happens both on 8.2 (ASA5510) and 8.4(2) (ASA5505). Since others are able to make this work, I assume there's something else on the ASA that I have to set to enable this command?
I've been trying to configure the threat-detection scanning-threat shun feature on my ASA5510 running 8.4(2) for some days now. From searching the support community I can see that I'm not the only one having a problem with this feature. The problem I'm having is that after configuring scanning-threat shun, no outside attacking hosts are being shunned. I'm using nmap to simulate a scanning attack. [code]
Is this the expected behavior of scanning-threat shun? If so this feature is of very little use to me as blocking my inside LAN is not my goal. I'm trying to protect my LAN from Internet attack. I can add the except command and exempt my LAN, but this still doesn't fix the problem of outside hosts not being shunned.
