Cisco Firewall :: What User Specification With Asa5505 Means

Nov 30, 2011

What the user specification with the asa5505 means.there is a 50 user and an unlimited license with the asa5505. with 50 user does this mean that only 50 user can work simultaneously over the asa, or what?

View 10 Replies


ADVERTISEMENT

Cisco Firewall :: How To Create Customized User In ASA5505 Having Certain Privileges

Feb 10, 2013

How can i create customized user in Cisco ASA 5505 having the following Privileges? note i dont have AAA server.User can only perform show running, ping, traceroute, show xlate. I have review one of the firewall configuration and found two type of password defined, what is the difference b/w enable and password?

View 2 Replies View Related

Cisco Firewall :: Recover VPN Keys And User Passwords On ASA5505?

Feb 9, 2012

I'm just wondering, is it possible to find out or recover  the passwords for users and pre-shared key for tunnel-group? The VPN connection was confiigured on ASA5505 before me, but no login details were left.

View 3 Replies View Related

Cisco Firewall :: 10-User License For ASA5505 Allows DHCP To Hand Out 32 IPs?

Dec 26, 2011

My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
 
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network.  Is this possible with a 10 USER license.

View 19 Replies View Related

Cisco Firewall :: 10-User License For ASA5505 Allows DHCP To Hand Out 32 IPs

Sep 27, 2011

My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
 
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network.  Is this possible with a 10 USER license.

View 1 Replies View Related

Cisco Firewall :: 871 / 2811 / 1841 - ZBFW Default Inspection Specification

May 6, 2011

I can't find any specific information on the implementation of packet inspection in a zone based policy firewall.  In other words, is there a specification or even just a set of values that define the default inspection parameters for all protocols?  With DPI I can manage 'some' of the inspection capabilities but I have some fairly rigorous and specific requirements to meet and I need to validate that the IOS ZBFW will meet those requirements.  Specifically, I'm interested in HTTP, DNS, and ICMP but all other protocols would be useful as well.I'm working with basic routers; 871's, 2811's, 1841's, etc.  The IOS in use in most cases is adventerprisek9-mz.151-3.T.

View 4 Replies View Related

Cisco VPN :: Configure ASA5505 For Remote User Using EasyVPN Client?

Jul 5, 2011

I need to configure our ASA5505 firewall for remote access to our network using EasyVPN software installed on a laptop. That laptop will be connected in the different places, using DSL or 3G toggle or Public Wi-Fi. For some people it's very easy, but I don't have any experience with firewalls.

View 9 Replies View Related

Cisco Firewall :: 5510 - Display User Message When User Connects Using AnyConnect Client?

Apr 20, 2009

We are using an ASA 5510 and remote access (SSL VPN) using the AnyConnect client.
 
Is it possible to display a user message when a user connects using the AnyConnect client, matching a specific dynamic access policy?  Can the message be displayed when the action is "Continue" rather than "Terminate"?  I can't seem to get this to work and wondered if there was a LUA function to do this.
 
We have a DAP which gives a restricted ACL when the user's anti-virus is out of date, and I wanted to notify the user to update their anti-virus and reconnect.

View 4 Replies View Related

Cisco Firewall :: Create Local User In ASA 5520 To Allow User To Use ASDM In Read-Only Mode?

Oct 10, 2011

I want to create a local user in my Cisco ASA 5520 to allow the user to use the ASDM in Read-Only mode. I want the user to view the Dashboard only.

View 1 Replies View Related

Cisco :: 2610 Which IOS Should Take Specification Of Router

Apr 5, 2013

I'm just about to update flash on my router 2610, but I don't know which IOS i should take that's specification of my router: [code]

View 6 Replies View Related

How To Remember Ethernet Specification

Jul 5, 2011

I noticed alot of question about ethernet, distances, differences, bandwidth, throuput etc of different types. I have a list off all from 10base2 all the way upto 10000baseEW, but there are so many how am I meant to remember all the differences..?

View 8 Replies View Related

Cisco Switching/Routing :: The Specification Of Cat3550 About SVI's Mac Address

Jan 22, 2013

I would like to know why Cat3550 SVI's mac address is always same.for example if I configure interface vlan1 and vlan2.mac address is same as like 000d.bdfc.xxxx but Cat3750 is different, each SVI has unique mac address.

View 1 Replies View Related

Cisco WAN :: 7200 And 7600S / What Does VXR And S Means In These Series

Feb 26, 2011

what does VXR and S means in these series?

View 1 Replies View Related

Routers / Switches :: Electrical Specification Of Cat-5e Cable

Feb 7, 2011

electrical specification of cat-5e cable

View 1 Replies View Related

What Does Open Ports Means In Router

Sep 12, 2011

by saying "open ports" in a router or PC or other Network System what we mean basically? what is opposite terminology, "closed ports"?-used or unused-sensitive-vulnerable or non vulnerable to attacks-exploited easily and when so may attacked and have much bad/serious consequences/results

View 2 Replies View Related

Cisco WAN :: Find Website Specification Of Power Cables For ASR1002

Jun 5, 2013

I am trying to find on Cisco's web site the specification of their power cables for the ASR1002.  I am particularly interested in the NEMA specification for  the US power cable CAB-AC-RA .

View 2 Replies View Related

Cisco Wireless :: AP541N Specification For Ack Time Adjusting And Survey

Nov 8, 2010

Some deep technical questions regarding the AP541N access point?  What I want to know is, if the AP has: - Watchdog per IP - ACK time adjusting - Site Survey.

View 1 Replies View Related

Cisco Switching/Routing :: 6509 BGP X Autonomous System Specification

Mar 25, 2012

I am trying to configure BGP on 6509 IOS. I can not specify a long interger for autonomous system: ASN: 262829 (32 bits)

View 1 Replies View Related

Cisco :: Possible To Have ASDM And SSH Authenticate Via Different Means On RADIUS Server

Apr 3, 2013

Is it possible to have ASDM and SSH authenticate via different means on a RADIUS server? In particular, I have a single aaa-server group that's used for both ASDM and SSH, but I want to limit ASDM access to only a particular group in Active Directory (for example). I looked at various different requests (from the server's perspective) to see if there was a way that they (ASDM requests and SSH requests) were differentiated but was unable to find any. It would be ideal if there was something inherent about the RADIUS request coming from ASDM vs SSH so that I could build that decision making into the RADIUS server.I know I could do this by just using a different aaa-server group for each access method, but I want to avoid that if possible.

View 7 Replies View Related

Cisco WAN :: Means For Monitoring Storm On 3560E Or 7600

Dec 8, 2010

There is a port on 3560E, facing POP, this port is in the dedicated vlan, that is terminated on 7606 on SVI (peering point).There is configuration made on the 3560E port, that prevents storm of ucast or bcast kind. This is: switchport block multicast switchport port-security maximum 1000 switchport port-security switchport port-security violation restrict storm-control broadcast level bps 1m storm-control multicast level bps 1m storm-control action shutdown storm-control action trap no cdp enable no lldp transmit no lldp receive spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable. [code]

I want to get info not only about the fact of storm attack but also about at least source and destination of it (i.e. source and/or destination MAC). Perhaps this could be some logging messages.Are there any means for this on C3560E-UNIVERSAL-M (IOS ver 12.2(53)SE2) and 7606-S.

View 2 Replies View Related

Cisco WAN :: G2 3945 What Is Half Gig Switching Speed Means

Feb 17, 2012

url..This says an ISR G2 3945 can achieve 502.78 Mbits when CEF fast switching. Is this per port or total for the whole box?  Since the router will hold dozens of switch ports and several gig routed ports I don't understand what this half gig switching speed means.

View 5 Replies View Related

Cisco WAN :: 3560 What Internal DSCP Setting Means

May 29, 2013

The Cisco 3560 uses a relatively simple classification scheme, assuming you consider only what happens when the forwarding decision has been made. These switches make most internal QoS decisions based on an internal DSCP setting. The internal DSCP is determined when the frame is forwarded. What internal DSCP setting means?

View 5 Replies View Related

Cisco VPN :: 1494 / Active Crypto Means No Citrix

May 16, 2011

We run a hub&spoke network with dual GRE tunnels from each spoke site to seperate independant adsl routers at the hub.IPsec is enabled on each tunnel with crypto maps and then QOS is enabled with pre-classify for voice traffic priority. We also have defined a class for Citrix traffic by identifying port1494 traffic out and anything bound for our citrix servers IPs.Ok so the problem is that once the encryption comes up on the tunnels, the citrix programs wont connect. Take the crypto map off the tunnel and all works fine.
 
Here is the relevant config
 
crypto isakmp policy 1 encr 3des authentication pre-share group 2crypto isakmp key **** address *.*.*.*
crypto isakmp key **** address *.*.*.* 
crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to hub1
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 104 qos pre-classifycrypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to hub2
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 105 qos pre-classify

[code]....
 
I deliberately weight EIGRP to favour Tun0 and have Tun1 as a failover. I was thinking of Route-mapping the Citrix traffic to Tun1?

View 1 Replies View Related

Cisco Firewall :: Users Behind ASA5505 Firewall Are Unable To Access Internet

Feb 24, 2011

I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.

When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.

The ASA5505 configuration is shown below.

hostname Firewall

interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10

[Code].....

View 2 Replies View Related

D-Link DIR-655 :: What It Means UDHCPD Received A SIGTERM

Oct 23, 2012

Today i saw on the router dir-655 log file that "UDHCPD Received a SIGTERM" and "received signal 15, good-bye" and the ip address was renewd after 14 days. I want to understand if it's normal behavior of the unit or not. I'm connected to cable modem that is stable more than 15 days.

here is the log of my router:

Oct 23 17:49:48     debug     UDHCPD sending ACK to 192.168.0.3
Oct 23 04:01:15     debug     Debu: Joining group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 04:01:15     debug     Debu: Leaving group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 03:59:09     debug     Debu: Joining group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 03:43:58     debug     gpio create pidfile /var/run/gpio_wan_green.pid

[code]....

View 10 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related

Cisco Firewall :: ASA5505 Can't Ping New Firewall On Inside Interface

Jul 14, 2011

I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.

View 32 Replies View Related

Cisco Firewall :: Unable To Ping Internet IPs From ASA5505 Firewall

Jan 9, 2013

Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2  -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
 
1.  Internet  is connected to Juniper Ge0/0/0  via /30 IP.
 
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to  Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.

From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
 
Issue:

1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
 
Troubleshooting Done so far.
 
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3.  Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **

View 2 Replies View Related

Cisco Switching/Routing :: Finding Specification For 3750x PoE Power Supply?

Jul 11, 2012

Looking at the specs for the 3750 power supply - is the WS-C3750X-48P-S model with the 715W power supply referring to the amount for both power supplies per switch or just one power supply per switch? Meaning, is the 715 a accumulative number or, just the watts of one power supply. I would like to purchase a 3750x PoE switch with redundant power supplies. If this model is not the correct one?give me the model that offers 48 port PoE with redundant power supplies?

View 6 Replies View Related

Cisco Firewall :: ASA5505 Firewall Rule Not Blocking

Apr 1, 2013

I'm trying to troubleshoot an ASA5505.
 
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
 
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic.  I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did.  That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
 
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below.  However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
  
show ver 
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2) 
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"

[Code].....

View 4 Replies View Related

Cisco Firewall :: ASA5510 - Unable To Ping From User Desktop To Firewall Inside IP

Jun 11, 2012

I am able to ping from Switch to firewall inside ip and user desktop ip but unable to ping from user desktop to  FW Inside ip.. config is below for both switch and FW Cisco ASA5510....
 
TechCore-SW#ping 172.22.15.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.15.10, timeout is 2 seconds:

[Code].....

View 7 Replies View Related

Broadband :: Receiving MAC Address Means Ping Test Success?

Apr 8, 2011

We are trying to isolate the fault. From Aggregator a router, we are receiving MAC address of distant end ethernet interface of a SDH box and vice versa is also possible. However ther is no packet received. My question is does ping test is must to see if the path is through or just receiving MAC adress at both ends would mean that packets have to go over the path.

View 1 Replies View Related

Cisco Firewall :: Using IP Aliases On ASA5505

Nov 29, 2011

Is it possible to use IP "aliases" on an ASA5505 to use as static NAT public IPs to private IPs?  For example, I have int e0/0 connected to my ISP using a /30 subnet and I have my private LAN connected to e0/1 with a /24 subnet.  At the moment I can use the one usable IP from the /30 to NAT to the private LAN.  The ISP is also routing a /28 subnet to the one public IP of the ASA. I would like to use some of the /28 IPs for NAT also.  Can it be as easy as just adding the NAT commands? I figure I would have to add that subnet to the ASA somehow, no?  In other devices (including the SA520) they use a concept called IP aliases whereby you define what additional IPs the device can use in its NAT config.  Does the ASA support aliases?  Maybe I have to do something with VLANs?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved