A small compatibility question regarding 6500 series:
The document: [URL]
, but Dynamic Configuration Tool sais that:
"Two or more selected items are incompatible. Selected or default-included item [WS-SVC-FWM-1-K9] is incompatible with: [VS-S2T-10G]. Please change one or more items."
Where is my missunderstanding ?
Should I use Supervisor 720 ?
I am looking at getting a Cisco 4003 and get a Supervisor that can support IOS. Something like this url...I can't figure out if the the 4003 can take an IOS supported Supervisor engine. The Cisco documentation is lacking since it is EOL.
View 4 Replies View RelatedIs there any sup for 4500E with DECnet routing support?
View 2 Replies View RelatedI'm currently in the process of evaluating potential equipment options for a Core Router/Switch that will be running BGP with several Tier 1 ISP's, the table download from each ISP will be full (300,000+ Routes). I was looking at a 6509-E with dual SUP720-3BXL supervisors but after reading the below link I'm a little concerned by the maximum routes table: [URL]
Do I have to go to the VS based 720 supervisor as a minimum to support full BGP on a 6509-E? Does any experience of the above switch + supervisor combination under a full BGP table, how well does it work? I'm looking at long term using this as a consolidated core (i.e. a VRF for the Global Internet routing table + a VRF for internal data center traffic, plus maybe some more shared VRF's).
Would I be better keeping a Core switch by itself and just buying edge routers to run BGP?
1) Does the 6500 series router support supervisor module redundancy like the 7304 does? IE, can I put two identical sup720 modules in the chassis for failover?
2) Can I use any ethernet interface on any line card on the 6500 series for router interfaces? If not, which line cards work as router interfaces?
3) Differences between the 6500 series and the 7600 series? Can I use a sup720 modules from a 6500 in a 7600?
Q. Does the Supervisor 720 support all existing Cisco Catalyst 6500 series interface and services module, protecting customer investments?
View 1 Replies View RelatedCan any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and not segment it.I have done little checking on the Cisco Website and see it mention of Jumbo frames on the 5580 on 10Gig interface but didn't see mention 5510. 5580s are way over-kill and expensive for what I need is to run a mission critical one IPSec point-to-point with maximum of no more than 100Kbps so 5510 is perfect for me but not sure if it can carry the jumbo frame?
On the routers and switches it's the MTU settings and they are configurable per interface and I am OK and the circuit is T1 which the Telcos said it's OK since it's physical layer so the only unkown is the firewall.
I have a cisco 1841 router , and i want to configure zone based firewall on it. But the document of zone based firewall only said that "after 12.4(6)T" can support zone based firewall. I use the ios " c1841-ipbasek9-mz.124-15.T9.bin ", but it can't support ZFW. What kind of ios support ZFW. for example: ipbase, ent base, ip service ,advent etc.
View 2 Replies View RelatedI have an Pix 515E firewall with Pix724-33.bin IOS. I just want to know that does this IOS support SNMPV3 or I will have to upgarde it with some other version.
View 1 Replies View RelatedI am responding to a tender where the client is asking for the firewall to support an onboard disk drive for logging purposes, which is a minimum of 500 GB in size.
The other requirements all point towards the top of the range ASA 5585-X Chas w/SSP60,IPS SSP60,12GE, 8 SFP+,2 AC,3DES/AES.
I note the 5585 when configured on DCT comes with HDD blanking plates, is there an HDD supported on this?
We are currently running 8.3(2) and I'm just wondering how many network/host objects the device can support? and how big can an access-l get?
View 1 Replies View RelatedDoes 8.4(2) support snmp v3?
View 1 Replies View RelatedAny limits on the number of IPSec sessions an ASA5520 can support over a DSL connection?
Currently, as we increase the number of IPSec VPN tunnels, our LAN switches connected to the DSL/ASA start seeing CRC/input errors. Tried different LAN ports for both DSL/ASA connections - same reults (CRCs and errors). Swapped ASA for PC running 1 IPSEC w/HD video and no issues.
VPN connection bandwidth demand 50% of DSL capacity, so not exceeding DSL bandwidth. Errors get so bad that all VPN sessions drop - sometimes VPN sessions re-establish while other instances a DSL modem reboot is required.
cause of LAN switch connections seeing errors with 4+ VPN sessions established on ASA across a DSL Internet circuit?
I have PIX515 with version 7.0 installed, so can i install version 8.3 on it?and what will be the memory requirements?
View 2 Replies View RelatedIf the 5510's support active/active ha. There is conflicting info. on the datasheet stating otherwise.
[URL]. As business needs grow, customers can install a Security Plus license, upgrading two of the Cisco ASA 5510 Adaptive Security Appliance interfaces to Gigabit Ethernet and enabling integration into switched network environments through VLAN support. This upgrade license maximizes business continuity by enabling Active/Active and Active/Standby high-availability services.
I am going to update my Windows Small Business Sercer 2003 to 2011.I currently have an ASA 5505 with the IPS installed on it. I am reviewing the migration procedures from Microsoft. Within the procedure it asks if the firewall or router supports UPnP. Does my ASA 5505/IPS support UPnP?
View 2 Replies View RelatedDoes ASA 8.3 support MAC address filtering, I want to allow a single specific laptop to login to the ASA 8.3 firewall (for management) from anywhere on the internet, I know I can do it through VPN but I want a simple MAC address access list or something......
View 3 Replies View RelatedI want to ask that does ASA 5580 support the nat-pt for IPv6?
View 2 Replies View RelatedA customer recently purchased an ASR 1001 under the impression it could replace their old 3662 router and ASA 5505. The ASA is configured for their SmartFilter proxy server (N2H2), and I am having a heck of a time finding any documention on how to configure this. I found the following: To use SmartFilter with Cisco IOS firewall, install the SmartFilter componentsand use the IFP plugin (off-box). To configure the Cisco IOS for SmartFilter,use the Cisco document Firewall N2H2 Support located on the Cisco Web site,[URL]Well, I found the Firewall N2H2 Support document [URL], but the ip inspect command doesn't seem to work on the ASR. Is there any way to make this work or does the ASA have to stay in line?...
View 3 Replies View RelatedIs it true, that the new ASA Platform 5585 does not support Multicast. Here on Page 7:[URL] because the old ASAs support Multicast.
View 2 Replies View RelatedI know the 5510 & 5520s support the CSC-SSM module for Content Filtering (Anti-Phishing, Anti Spam, URL filtering, Anti-Spyware & Antivirus), but what about content filtering for the ASA5525-K9.The problem that I have is that I need a firewall that supports up to 1 Gbps Maximum Firewall Throughput and to support 250 users with Content Filtering described above.I'm using the following doc for sizing and came across the ASA5525-K9 for 1 Gbps, but not sure about the Content filtering: url...
View 3 Replies View RelatedDoes the ASA 5505 will allow the addition of a 2nd external link to its configuration? I know the device is capable of Redundant or Backup ISP Links, but that’s not what I need. I will have two different links for two different purposes. Currently we are using the ASA 5505 just for Internet access, so only the ISP link is connected, very basic configuration. We are planning a connection to a client’s global (MPLS) network and we need to be protected against any traffic coming from that network, ergo we need to use a firewall for connection to that external link.Now with the final configuration the Internet traffic must keep being routed to the ISP link, and some other traffic must be routed to the new external link. Can the ASA 5505 be configured for this scenario?
View 7 Replies View RelatedAs LACP or even PAgP? I can't believe etherchannel is only supported on 8.4 up...
View 2 Replies View RelatedWe have a new 50/10MB Comcast Deluxe connection we are trying to set up in our environment. We have a single static IP and the Comcast provided SMC-3DG router/modem has been set to "bridge mode" by Comcast. This is then plugged into one of the interfaces and that interface has the static IP defined on it with a default route to the Comcast provided gateway IP. I wired the 2851 into our layer 3 switch, set up some static routes on the 2851 back to our existing subnets and everything traffic-wise is flowing between our existing subnets and this new router.
Since the default route on our layer 3 switch is defaulted to our older 2811 router (that I'm intending on replacing with this 2851), I set up a static route on our layer 3 switch to guide all traffic for speedtest.net and comcast.speedtest.net out to the 2851 router. Doing speed tests show 12 MB down, .5 MB up. Connecting a laptop directly to the Comcast SMC modem and setting it's IP to the static IP shows full speeds again, so the issue has to be with our configuration/equipment.
Can a Cisco 2851 support this 50mb Comcast connection and do I just have it configured wrong? Or do I need a different router altogether? At first I tried the 2811 but that had slow speeds, so I figured the 2851 with twice the throughput would do a better job but for some reason it is not currently. I have played with duplex settings (100, full, half, auto) and nothing changed. I updated the 2851 to the latest 12.4 firmware and also no change.
how many route entries can ASA5520 (8.2.1-k8) support?
View 2 Replies View RelatedJust want to ask if a PIX firewall specific with a 6.3 OS version do support Dual WAN and PBR.
View 2 Replies View RelatedBecause ASA5585X doesn't support CSC module, how can do URL filtering on ASA5585X
View 1 Replies View Relatedhow to configure a router 2900 to support connection from 2 firewall ( Active Standby connections) How can i said the router to send the traffic to the stand by when it go down the active Firewall?I was planning to use a Switch ( layer 2 capacity only) in the middle of the equipments ( between the firewalls and the router) in order to send always the traffic for 1 physical interface from the router side , and manage to route all the internatl traffic to the virtual IP of both Firewalls.Also i dont know yet how to configure a VPN site to site if i have that scheme and some Publics NAT ( Firewall - Switch - Router ), i was planning to configure a NAT in the Router in order to allow the VPN traffic to internal IP of the Firewall but still dont know if it will work.
View 2 Replies View RelatedWe are looking to deploy an ASA 5520, but I need to know if it is possible for it to work in this environment.
We have colo space, with two IP ranges. They provide two network drops, one from each switch connected to different routers. One in which has 4 usable IP's for management purposes. This address range will be used only for remote access to the ASA and VPN into the management VLAN. The management VLAN will have all internal devices such as the switches, etc. The second range is for the servers, of which will be assigned directly to the hosts and the ASA will need to act as just a firewall. I can do this on IOS, but not sure about the ASA.
I need to answer the following questions:
Does the ASA support dual network drops, and would this be a failover port configuration in order for it to work?A management VLAN with outbound internet access only, and VPN/RA capability. NAT will need to be used I'm guessing. Can we have a DMZ VLAN which has defined ports, say 80, 443 and 25 inbound and outbound. I need the hosts to have the public IP assigned to them with no NAT configuration.
I know there are some advantaged to using NAT, but I really can't use it because the applications behind prefer public IP's being assigned to them.
if I can do the following deployment using a Cisco ASA5510 security plus.
At this moment I have two interfaces in use one (outside) with the IP: 172.16.21.254/24 and the other (inside) with the IP: 192.168.4.1/24. Now the customer needs to connect another network that works with the IP segment: 192.168.0.0/22.
The IP segment 192.168.0.0/22 goes from 192.168.0.1 to 192.168.3.254 that means that there is no a overlap with the network segment 192.168.4.0/24. My question is: If I configure another interface in the ASA that works in the segment 192.168.0.0/22 the routing table will auto-summary the network and merge it with the network 192.168.4.0 or will it leave the networks apart??
I don't user dynamic routing protocols but I cannot do the changes if I have doubts because the network 192.168.0.0/22 is a the Network for the Factory Automation Systems.
What the support for WCCP on a FWSM running 4.0(7) is like, if there is any at all ?
I've read that the earliest PIX release that supports WCCP was 7.2(1) but I'm not sure how FWSM 4.0(7) aligns with the PIX versions.The only doc's i can find refrencing WCCP on a 6500 with FWSM is in the 6500 12.2 IOS guide.
Due to a cost savings campaign we are trying to use open source as much as possible. Does the ASA 5520 support a product called 'untangle' ?
View 2 Replies View RelatedI have an ASA5505 which provides internet (just internet) for about more than 600 pc/laptops. Can 5505's DHCP support this number?
View 4 Replies View Related
