Cisco Firewall :: What User Specification With Asa5505 Means
Nov 30, 2011
What the user specification with the asa5505 means.there is a 50 user and an unlimited license with the asa5505. with 50 user does this mean that only 50 user can work simultaneously over the asa, or what?
View 10 Replies
ADVERTISEMENT
Feb 10, 2013
How can i create customized user in Cisco ASA 5505 having the following Privileges? note i dont have AAA server.User can only perform show running, ping, traceroute, show xlate. I have review one of the firewall configuration and found two type of password defined, what is the difference b/w enable and password?
View 2 Replies
View Related
Feb 9, 2012
I'm just wondering, is it possible to find out or recover the passwords for users and pre-shared key for tunnel-group? The VPN connection was confiigured on ASA5505 before me, but no login details were left.
View 3 Replies
View Related
Dec 26, 2011
My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network. Is this possible with a 10 USER license.
View 19 Replies
View Related
Sep 27, 2011
My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network. Is this possible with a 10 USER license.
View 1 Replies
View Related
May 6, 2011
I can't find any specific information on the implementation of packet inspection in a zone based policy firewall. In other words, is there a specification or even just a set of values that define the default inspection parameters for all protocols? With DPI I can manage 'some' of the inspection capabilities but I have some fairly rigorous and specific requirements to meet and I need to validate that the IOS ZBFW will meet those requirements. Specifically, I'm interested in HTTP, DNS, and ICMP but all other protocols would be useful as well.I'm working with basic routers; 871's, 2811's, 1841's, etc. The IOS in use in most cases is adventerprisek9-mz.151-3.T.
View 4 Replies
View Related
Jul 5, 2011
I need to configure our ASA5505 firewall for remote access to our network using EasyVPN software installed on a laptop. That laptop will be connected in the different places, using DSL or 3G toggle or Public Wi-Fi. For some people it's very easy, but I don't have any experience with firewalls.
View 9 Replies
View Related
Apr 20, 2009
We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy? Can the message be displayed when the action is "Continue" rather than "Terminate"? I can't seem to get this to work and wondered if there was a LUA function to do this.
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.
View 4 Replies
View Related
Oct 10, 2011
I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.
View 1 Replies
View Related
Apr 5, 2013
I'm just about to update flash on my router 2610, but I don't know which IOS i should take that's specification of my router: [code]
View 6 Replies
View Related
Jul 5, 2011
I noticed alot of question about ethernet, distances, differences, bandwidth, throuput etc of different types. I have a list off all from 10base2 all the way upto 10000baseEW, but there are so many how am I meant to remember all the differences..?
View 8 Replies
View Related
Jan 22, 2013
I would like to know why Cat3550 SVI's mac address is always same.for example if I configure interface vlan1 and vlan2.mac address is same as like 000d.bdfc.xxxx but Cat3750 is different, each SVI has unique mac address.
View 1 Replies
View Related
Feb 26, 2011
what does VXR and S means in these series?
View 1 Replies
View Related
Feb 7, 2011
electrical specification of cat-5e cable
View 1 Replies
View Related
Sep 12, 2011
by saying "open ports" in a router or PC or other Network System what we mean basically? what is opposite terminology, "closed ports"?-used or unused-sensitive-vulnerable or non vulnerable to attacks-exploited easily and when so may attacked and have much bad/serious consequences/results
View 2 Replies
View Related
Jun 5, 2013
I am trying to find on Cisco's web site the specification of their power cables for the ASR1002. I am particularly interested in the NEMA specification for the US power cable CAB-AC-RA .
View 2 Replies
View Related
Nov 8, 2010
Some deep technical questions regarding the AP541N access point? What I want to know is, if the AP has: - Watchdog per IP - ACK time adjusting - Site Survey.
View 1 Replies
View Related
Mar 25, 2012
I am trying to configure BGP on 6509 IOS. I can not specify a long interger for autonomous system: ASN: 262829 (32 bits)
View 1 Replies
View Related
Apr 3, 2013
Is it possible to have ASDM and SSH authenticate via different means on a RADIUS server? In particular, I have a single aaa-server group that's used for both ASDM and SSH, but I want to limit ASDM access to only a particular group in Active Directory (for example). I looked at various different requests (from the server's perspective) to see if there was a way that they (ASDM requests and SSH requests) were differentiated but was unable to find any. It would be ideal if there was something inherent about the RADIUS request coming from ASDM vs SSH so that I could build that decision making into the RADIUS server.I know I could do this by just using a different aaa-server group for each access method, but I want to avoid that if possible.
View 7 Replies
View Related
Dec 8, 2010
There is a port on 3560E, facing POP, this port is in the dedicated vlan, that is terminated on 7606 on SVI (peering point).There is configuration made on the 3560E port, that prevents storm of ucast or bcast kind. This is: switchport block multicast switchport port-security maximum 1000 switchport port-security switchport port-security violation restrict storm-control broadcast level bps 1m storm-control multicast level bps 1m storm-control action shutdown storm-control action trap no cdp enable no lldp transmit no lldp receive spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable. [code]
I want to get info not only about the fact of storm attack but also about at least source and destination of it (i.e. source and/or destination MAC). Perhaps this could be some logging messages.Are there any means for this on C3560E-UNIVERSAL-M (IOS ver 12.2(53)SE2) and 7606-S.
View 2 Replies
View Related
Feb 17, 2012
url..This says an ISR G2 3945 can achieve 502.78 Mbits when CEF fast switching. Is this per port or total for the whole box? Since the router will hold dozens of switch ports and several gig routed ports I don't understand what this half gig switching speed means.
View 5 Replies
View Related
May 29, 2013
The Cisco 3560 uses a relatively simple classification scheme, assuming you consider only what happens when the forwarding decision has been made. These switches make most internal QoS decisions based on an internal DSCP setting. The internal DSCP is determined when the frame is forwarded. What internal DSCP setting means?
View 5 Replies
View Related
May 16, 2011
We run a hub&spoke network with dual GRE tunnels from each spoke site to seperate independant adsl routers at the hub.IPsec is enabled on each tunnel with crypto maps and then QOS is enabled with pre-classify for voice traffic priority. We also have defined a class for Citrix traffic by identifying port1494 traffic out and anything bound for our citrix servers IPs.Ok so the problem is that once the encryption comes up on the tunnels, the citrix programs wont connect. Take the crypto map off the tunnel and all works fine.
Here is the relevant config
crypto isakmp policy 1 encr 3des authentication pre-share group 2crypto isakmp key **** address *.*.*.*
crypto isakmp key **** address *.*.*.*
crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to hub1
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 104 qos pre-classifycrypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to hub2
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 105 qos pre-classify
[code]....
I deliberately weight EIGRP to favour Tun0 and have Tun1 as a failover. I was thinking of Route-mapping the Citrix traffic to Tun1?
View 1 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
Oct 23, 2012
Today i saw on the router dir-655 log file that "UDHCPD Received a SIGTERM" and "received signal 15, good-bye" and the ip address was renewd after 14 days. I want to understand if it's normal behavior of the unit or not. I'm connected to cable modem that is stable more than 15 days.
here is the log of my router:
Oct 23 17:49:48 debug UDHCPD sending ACK to 192.168.0.3
Oct 23 04:01:15 debug Debu: Joining group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 04:01:15 debug Debu: Leaving group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 03:59:09 debug Debu: Joining group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 03:43:58 debug gpio create pidfile /var/run/gpio_wan_green.pid
[code]....
View 10 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Jul 14, 2011
I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Jul 11, 2012
Looking at the specs for the 3750 power supply - is the WS-C3750X-48P-S model with the 715W power supply referring to the amount for both power supplies per switch or just one power supply per switch? Meaning, is the 715 a accumulative number or, just the watts of one power supply. I would like to purchase a 3750x PoE switch with redundant power supplies. If this model is not the correct one?give me the model that offers 48 port PoE with redundant power supplies?
View 6 Replies
View Related
Apr 1, 2013
I'm trying to troubleshoot an ASA5505.
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic. I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did. That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below. However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
show ver
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2)
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"
[Code].....
View 4 Replies
View Related
Jun 11, 2012
I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:
[Code].....
View 7 Replies
View Related
Apr 8, 2011
We are trying to isolate the fault. From Aggregator a router, we are receiving MAC address of distant end ethernet interface of a SDH box and vice versa is also possible. However ther is no packet received. My question is does ping test is must to see if the path is through or just receiving MAC adress at both ends would mean that packets have to go over the path.
View 1 Replies
View Related
Nov 29, 2011
Is it possible to use IP "aliases" on an ASA5505 to use as static NAT public IPs to private IPs? For example, I have int e0/0 connected to my ISP using a /30 subnet and I have my private LAN connected to e0/1 with a /24 subnet. At the moment I can use the one usable IP from the /30 to NAT to the private LAN. The ISP is also routing a /28 subnet to the one public IP of the ASA. I would like to use some of the /28 IPs for NAT also. Can it be as easy as just adding the NAT commands? I figure I would have to add that subnet to the ASA somehow, no? In other devices (including the SA520) they use a concept called IP aliases whereby you define what additional IPs the device can use in its NAT config. Does the ASA support aliases? Maybe I have to do something with VLANs?
View 2 Replies
View Related