Cisco Firewall :: Restore Configuration To New ASA5505 On Different ASDM Version
May 27, 2013
so we have been using our current ASA5505 for a long time. Since it only support up to 10 VPN licenses, so we buy a new ASA5505-SEC-BUN-K9(support up to 25 users).
the old ASA are running: 8.0.3 and ASDM 6.0.3
the new ASA are running: 8.2.5 and ASDM 6.4.5
I thought it would be simple as export and import the config file, but when i tried to restore, the new one is looking for a zip file but the old one doesn;t backup file in ZIP. It looks like i need to update the ASA version or/and ASDM?
I am pretty new to this and never upgrade any of these versions since I am aware of the upgrade may mess things up. So do I need to upgrade both the ASA version and the ASDM in order to restore my config? any effect if i do the upgrade? I also read some articles, we need to upgrade on the version one by one, like 8.0 to 8.1 then 8.2?
View 4 Replies
ADVERTISEMENT
Nov 24, 2012
configuring the ASA particulary after the change to how NAT is implemented. What I am trying to accomplish logically seems fairly simple, yet I cannot get it to work. I have a Synology NAS at home that I am trying to reach via the internet. Prior to using my ASA, I had Verizon's FIOS router as my gateway and everything forwarded with no issues. The ports I need forwarded or reachable via the internet are TCP port 80 and 5000.I can also configure it via command line if that's the easier/preferred method.
View 11 Replies
View Related
Jan 9, 2012
I am wondering if it's possible to convert a Pix 501 configuration running version 6.3(5) to a new ASA5505 which we just purchased? We have site to site VPN on this device and i am just trying to save some time. I believe Cisco TAC might have a tool to do this but i am not sure.
View 4 Replies
View Related
Mar 21, 2013
i have test to access the firewall of ASA5510 with ASA845-K8/asa902-k8bin + asdm-712.bin +JAVA6 / 7, is completely no problem
When i try to install a new ASA5505 existing IOS is asdm825-k8 and also asdm-712 with JAVA7 is not allow to access the firewall with ASDM
After i type in username password, it stuck on the page loading , sometimes it will come up with cannnot to the device something like that.
telnet and SSH is no problem, i still can download the IOS with TFTP.
I think may be the java problem, because i just to connect with wrong ip and password, it also stuck in this page.
View 8 Replies
View Related
Sep 10, 2012
Running ASA 5505
ASA Version: asa844-1-k8.bin
ASDM: Cisco ASDM 6.2(1)
I updated my ASA with version asa844-1-k8.bin.
However, whenever I try and run the ASDM client, I get the following error:
"Your ASA image has a version number 8.4(4)1 which is not supported by ASDM 6.2(1)."
How do I get the latest version installed on my Mac desktop? I know that I can connect via the web interface and run the ASDM client, but the same error persists. I have the asdm-649-103.bin file, but cannot connect to the ASA to install (I don't recall ever setting up SSH).
View 5 Replies
View Related
Jan 20, 2013
I've have an ASA 5505 with a inside network vlan1 (192.168.0.0/24) - i've configured an IPsec VPN profile and a VPN network of 192.168.0.50/24. I can through my VPN tunnel access inside hosts on vlan1 - but not ASDM on the ASA (192.168.0.1). Under management i've added the VPN network of 192.168.50.0/24 to have access to ASDM, but still does not work.
View 1 Replies
View Related
Aug 14, 2011
I recently upgraded Java to JRE version 1.7.0 and now when I try to login to the ASA 5510, I get the following message in the java console log.Exception in thread "AWT-EventQueue-0" java.lang.ClassCastException: sun.security.ssl.X509TrustManagerlmpl cannot be cast to com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager at com.sun.deploy.security,X509ExtendedDeployTrustManager.<init>(Unknown Source)
View 5 Replies
View Related
Mar 20, 2013
I am not able to access asdm via my browser. All is setup correctly that I can see. Here is my config
ASA Version 8.6(1)2
!
hostname DFB-ASA
enable password YWZBogZjbyvTSYf1 encrypted
passwd YWZBogZjbyvTSYf1 encrypted
names
!
interface GigabitEthernet0/0
[code]....
View 3 Replies
View Related
Sep 26, 2012
I have the configuration file of the ASA 5505 I have another exactly model that asa is new but this my first time working with an ASA.
I going to configure it an ip address in the 0/0 interface and then use TFTP to upload the config to the start-up config and the save it and reload the ASA.
is that enough? or the ASA has extra steps??
View 3 Replies
View Related
Mar 22, 2011
What is the easiest way to restore my config? I backed it up yesterday with my tftp server. Today I made some changes and messed some things up and need to restore the config from yesterday.
View 1 Replies
View Related
Jul 11, 2012
I have a network with 3 sites that are on different subnets. Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?
View 2 Replies
View Related
Apr 30, 2013
Yesterday, I configured ASA via CLI for Static PAT and created some entries in an access-list. I will be testing that setup this evening.
However on a quick double check of the settings on the device via ASDM I could not see the acess-list settings. I searched every tab and found nothing so I PuTTYed into the device and checked the running config. The rules I created were right there. Is this something I should expect? If so doesn't it defeat the point of having a GUI if it does not show a complete running config?
View 2 Replies
View Related
May 29, 2011
Have a 5510 in Routed mode, simple Static NAT to interface two networks (inside_1 is my private space, and outside_1 the larger intranet that hosts heavy traffic). outside_2 faces internet via pppoe just for VPN purposes.
It was operating fine for one year then one port broke (outside_2, internet), leaving no vpn. We followed RMA service replacement and the new unit came with upgraded SW (8.0.4) than the one the original config was created on (8.0.2).
To ease the replacement, I did downgrade the sw boot image. Then I did restore the config by tftp to the startup-config and then a reload. Everything seems to load fine.
Problem is that testing reveals some sort of issue: I can ping some of the intranet hosts but can't reach gateway, thus larger segment of hosts become unreachable. It seems as if the NAT mechanism can't find the next gateway where to hop. For debug practice, I've enabled all the icmp stuff so ping wasn't being blocked by the device.
Being given the fact that this config was up and running prior to the replacement, I've no reason to suspect any mysconfigured items (ie routes, NAT, access-list), but obviously I'm obfuscated and can't see what else I'm missing.
How is that possible that the PING only reaches certain hosts? Pinging to 10.15.5.90 works (Route is 0.0.0.0 0.0.0.0 to 10.15.5.126 (gw)), but pinging to the gateway itself doesn't (10.15.5.126) and even worse, hosts like 10.15.167.210 do not respond either.
View 2 Replies
View Related
Jun 18, 2007
while configuring my ASA 5505 I changed the IP address range of the internal network. Obviously I made an error because I cannot reach the box neither at the old nor the new address. How can I restore the interface and firewall definitions or reset the box to its initial state ? I found a doc how to reset the password, but not explaining how to restore the complete initial config.
View 10 Replies
View Related
Apr 20, 2011
I am ordering ASA5505-UL-BUN-K9. By default device comes with which IOS version?
View 3 Replies
View Related
May 9, 2013
what the upgrade path is for 5505 ASA . I have one which is version 7.2 and need to upgrade it to 8.4(5). I have read that it needs to upgraded btwn major release versions.Not sure if I need to upgrade from 7.2 - 8.0 , then form 8.0 - 8.2, then from 8.2 - 8.3 and finally 8.3 to 8.4 or can I just upgrade from 7.2 - 8.2 and then from 8.2 - 8.4 .Also what is the minimum memory requirements for vers 8.4 .my ASA running on vers 7.2 currently has 256Mb Memory and I will be upgrading this to 512MB before I do the upgrade the image above?
View 4 Replies
View Related
Jun 10, 2012
I Have Cisco 5540 with AIP-SSM-40, recently i config AIP-SSM-40 to capture all traffic from all interface any to any with promiscous mode and if card fail traffic still flow throuh asa, but after that i can't login to cisco ASDM, the error is "Un Able To Launch Device Manager From xx.xx.xx.xx"
View 2 Replies
View Related
Jul 13, 2011
My ASA confi are as follows. i cant to do use ASDM, HTTP, Telnet from my local interface and ip 192.168.0.46 &14.My ASDM is ok as i can connect other ASA. what mismatch here i cant understant.
hostname ciscoasa
enable password DtMryzGjBATmCElZ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
[code]....
View 5 Replies
View Related
May 1, 2011
I have an issue with ASDM 6.4(1) and ASA 8.2(1). I use Windows XP 64bits, and with Java 32 or 64 bits latest version (jre 6.025). I am able to load the ASDM, but when I click on the Configuration button to check the configuration and perform changes, it starts to parse configuration, but it freezes at 77%. It also locks my NIC, and have to restart my machine.
If I connect to a machine with another different configuration, and with version 8.0, I have no issue in contacting and changing the configuration from the same computer.
View 11 Replies
View Related
Mar 1, 2012
I've run into an interesting problem.
-ASA: 8.4(2)
-ASDM: 6.4(5)
When I make a change at the CLI, syslog message ASA-5-111008 is generated and sent to the syslog servers, local buffer, and ASDM.When I make a change in ASDM, syslog message ASA-5-111008 is generated and sent to the local buffer and ASDM. It is NOT sent to the syslog server.
View 2 Replies
View Related
Feb 7, 2012
Everything was working fine till one day, when clicking on Configuration Button you see setup wizard prompt.It's ASDM ver:6.2 and ASA 8.2. Everything is working fine, but now unable to change any rules.
It there simple cure for that?
View 2 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Jun 23, 2011
I try to setting up a PIX firewall to server as firewall end point for a small network for Internet access. I had include PIX configuration setup, I had replaced IP address information by sentence which describe them since IP Address is sensitive information in our network.
For some reason NAT process doesn't work in log I always receiving this kind of messages :
106011: Deny inbound (No xlate) tcp src inside:INTERNAL_HOST_IP/2490 dst inside:HOST_PUBLIC_INTERNET_IP/80
106011: Deny inbound (No xlate) tcp src inside:INTERNAL_HOST_IP/2490 dst inside:HOST_PUBLIC_INTERNET_IP/80
106011: Deny inbound (No xlate) tcp src inside:INTERNAL_HOST_IP/2491 dst inside:HOST_PUBLIC_INTERNET_IP/80PIX Configuration
[code]...
View 1 Replies
View Related
Dec 18, 2011
We have an ASA5505 that we need to enable hairpinning on.... In the old firmware versions, we used to be able to configure a public to private static mapping along with hairpinning by using
static (inside,outside) outside_ip inside_ip netmask 255.255.255.255
static (inside,inside) outside_ip inside_ip netmask 255.255.255.255
In 8.4, if I use object nat, the hairpin functionality works perfectly,
object network obj-insideip
nat (inside,inside) static publicip
however, since object nat only allows a single nat statement, I was attempting to use a twice nat to enable the hairpin functionality, but have been unsuccessful in coming up with the right combination of parameters for the functionality.
nat (inside,inside) source static private_object public_object destination static public_object private_object
allows hairpinning to successully work from the same machine. Meaning on any given host, I can ping itself using the private or public ip, but I can't get the right combination for hairpinning from any private host to another private host via the public ip. Other combinations have yielded icmp responses, however, they specify the private IP as the source of the reply instead of the public ip.
View 1 Replies
View Related
Mar 8, 2011
Will give configuration of NAT for my internal users with 192.168.1.0/24 with single public IP.
I new to configure IOS version 8.3.
View 5 Replies
View Related
Oct 3, 2011
We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2 Before doing it I found this note in Cisco ACS user guide:
Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.
How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.
View 4 Replies
View Related
Feb 20, 2011
I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...?Also how could i do a best practise for this?
View 12 Replies
View Related
May 11, 2013
I am using a Cisco E4200 router today but I am moving to a ASA5505. I have a device that sets up a VPN tunnel that I want to put in my DMZ. It's called the ATT Gateway. I have attached the diagram. When I use a Cisco E4200 all I do is put the outside private ip address of 192.168.0.99 of the ATT Gateway into the DMZ of the E4200 and the VPN tunnel of the ATT Gateway comes right up. I cannot configure the DMZ to do the same with the ASA. I also need to have the laptop behind the gateway access the printers in the inside network.
View 15 Replies
View Related
Sep 28, 2011
I am trying to configure a trunk between the above two devices. I like to have vlan11 on ASA. Then I like to connect a host to my switch, and have it communicate with other devices in VLAN 11 or other vlans that reside on the ASA. Below is the config that I currently have.
ASA:
ciscoasa# show run interface Ethernet0/1
!
interface Ethernet0/1
[Code].....
View 5 Replies
View Related
Dec 27, 2012
I have an E4200 router with 3 WET610N access points. I did the firmware update on the E4200 router about 2 weeks ago so my son could use his xbox when he got home after 4 months of being away. Everything seemed to work OK as far as I could tell....but when he went to sign into xbox live and watch Netflix, it will load to 98% and stop. A friend of his came over with the new Slim xbox 360 with built in wireless and it will connect fine on its own, if we hook up one of the 610N's to it, it will load to 98% on Netflix and stop again with error code R8152. Both of my older xbox's will hook up and play on xbox live, just not work with Netflix.
I also noticed, it shows the WET610N as a hard wire on xbox and will not search for any wireless networks, I have 2. The newer Slim xbox360 will search out both networks on its own if you allow it to use its internal wireless. This only happened since the firmware update. And this equipment was working fine before this. Is there a way I can restore the previous version of firmware?
View 4 Replies
View Related
Dec 26, 2011
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers
Final config on ASA5505
host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......
View 3 Replies
View Related
Apr 26, 2011
nat global entry not showing up in ASDM but it does via CLI see blow, it's a policy NAT.
nat (inside) 5 access-list inside_nat_outbound_4
global (outside) 5 ************-OUTSIDE netmask 255.0.0.0
Global 5 doesnt show in ASDM 6.1 (5) the globals only go up to 3
View 1 Replies
View Related
Jan 10, 2012
I recently tested the process for a customer of defaulting a Cisco WLC to factory configuration and then restoring the configuration from Cisco NCS. It was not seamless to say the least and I wonder if I have just gone about it the wrong way.
Have have set the NCS platform to configuration sync with the 5508 controllers at 04:00 every day and prior to the controller defaulting I ensured that NCS also reported that the config was in sync. I have also set NCS to complete a tftp backup of the controller every night 23:00 - interestingly though I have no idea where this is stored on the NCS platform ( a VM appliance ) or what it's file name is.
Anyway my experiences where as follows:-
1. defaulted WLC and via serial CLI ended up at the configuration wizard.
2. Set the correct LAG, management IP, host name that NCS knew this controller by.
3. To test things just created a dummy WLAN ( SSID ) as I assumed this would be overwritten ( big mistake ! ).
At this point I connected the controller to the network and tried to restore the configuration from the config sync version.
First problem - you have to remember to set up the SNMP community string you were using as it is needed by the configuration sync process. After adding this to the controller I could push the configuration to the controller.
Second problem - failed to add the first WLAN from the backup as I have added the temporary dummy W LAN via the wizard and NCS reported a conflict. So had to delete WLAN ID 1 from the WLC GUI directly and then the config push no longer reported this error.
Third problem - for some reason did not add the TACACS server details - reported the error that it could not added them. I manually added these via a template via NCS and all was well.
Fourth problem - all but the first WLAN was in the disabled state - had to re-enable all of the WLANs.
Fifth problem - any default items I had disabled or removed have not been saved - therefore I have removed the public and private SNMP communities - but these were still on the WLC after the restore. I have disabled unused ports not in the LAG as they show an error in NCS - these where not disabled after the restore.
So all in all not a very satisfactory restore process from NCS to an defaulted WLC ( meant to simulate to the customer what would be needed if they had to replace a controller due to hardware failure ).
View 1 Replies
View Related
