Cisco Firewall :: Setup Port Mirroring On An ASA 5510?

Sep 14, 2011

I'm trying to setup port mirroring on a Cisco ASA 5510, but when I try to use the switchport monitor command, that command is not recognized.I've selected what interface I want to configure (conf-if), but the switchport command seems to not be part of the IOS.I'm running ASA version 8.2(1)

View 9 Replies


Cisco Switches :: Reconfigure Port Mirroring From Port FE17 To FE3 / SF200 Web Interface Crash

Mar 14, 2013

i was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.i have supressed this port mirroring.when i try to reconfigure a port mirroring from port FE17 to FE3. The SF200 web interface crash. the SF200 seems to reboot.
i have updated the SF200 firmware from V1.1.2.0 to V1. when i was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.But  after having suppressed this port mirroring again, i was not able to  reconfigure a new port mirroring from port FE1 to FE3 (the SF200 hangs).
i have also tried to return to default factory setting but this does not solve the issue.i am working on SF200-24P

View 2 Replies View Related

Cisco WAN :: ASR 1006 Supported Span Port Or Port Mirroring?

Mar 2, 2011

is ASR 1006 supported span port or port mirroring? Any config about that?

View 2 Replies View Related

Cisco :: Port Mirroring On Switches?

Oct 31, 2011

I have a Cisco Catalyst 3750X switch, and I have configured port mirroring on it. Traffic from 12 of the 1G ports will be mirrored to both 10G ports, and I have connected both 10G ports to a server that captures the traffic.

Currently, I have one of the 12 1G ports connected to another server that replays a pcap file once at maximum speed (i.e. option -t in tcpreplay). I thought that this setup means I should get twice the number of packets (and rate) from the two 10G ports. However, I noticed that although the original pcap file contains 4288 packets, the number of packets from the two 10G ports varies between 31000 to 34000 packets, which is about 7 to 8 times the original number of packets. Why am I getting more than twice the amount of traffic, and why does the output vary?

View 2 Replies View Related

Cisco WAN :: Port Mirroring For 851W With 12.4T?

Jan 31, 2011

I have looked up the command sequence for port mirroring and it seems pretty straight forward however in my case the command will not execute.
I have a 851W with 12.4T
If I do: #monitor session 1 source interface fa 4      (wan port)
i get the response invalid input detected however if I do the same command for fa 1, fa ,2 and fa 3 they work
Using the ? shows the valid entries are [0-4] for fastethernet
I just want to monitor WAN traffic with WireShark, particularly DDNS requests, with a spare PC connected to a free lan port.
I would use a hub on the Wan connection but unfortunately I do not have one at the moment.

View 8 Replies View Related

Cisco Switches :: Getting SG300-28 Port Mirroring?

Apr 28, 2013

I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change.

View 1 Replies View Related

Cisco Switches :: Port Mirroring On SG300

May 3, 2011

I want to configure port mirroring on SG300 swtich, port monitoring status is "Not Ready" , and i can not monitor the source interface!

View 1 Replies View Related

Cisco Switches :: Getting The Port Mirroring On SG300?

Nov 8, 2011

I'm troubleshooting a LAN issue I have, and I wanted to hook up wireshark to record traffic over the course of a couple of hours for later diagnostics. I went into the web administration interface, clicked Administration > Diagnostics > Port and VLAN Mirroring, and added a port mirror from the port I wanted to watch to a port to which I had connected a laptop. I picked the Tx and Rx options, and clicked Apply.I did receive lots of traffic in wireshark, but I noticed immediately that the server on the port I had mirrored was suddenly unavailable on the network -- pings timed out. This lasted until I removed the mirror, then the server was suddenly reachable once again.Does this feature not work the way I had thought it does? What I saw looked more like a forward than what I would call a mirror. The documentation leads me to believe mirroring is intended to be used in just the way I was attempting to use it.

View 1 Replies View Related

Cisco Switches :: Port Mirroring Limit On SGE2010?

Oct 25, 2012

I have been told there is a limit (8) on the number of source ports that can be mirrored to a given destination port. I can find no specifications or other documentation to corroborate this claim. Any factual data to confirm or refute this claim?

View 7 Replies View Related

Cisco Switching/Routing :: Port Mirroring On A Catalyst 3560-X?

Oct 21, 2012

I've just installed 2 of these in my workplace on a PLC network.I'm now looking to set one of the ports up as my diagnostic port and would like to be able to mirror any of the other ports to this port.I believe it is called SPAN on Cisco switches.The only reference I can find to it is configuring via Telnet which I haven't got a clue about.On my old Wiedmuller switches it was just a few clicks away.

View 3 Replies View Related

Cisco Switches :: Port Mirroring Limit Of 8 Ports On SGE2010P

Jan 24, 2013

Recently our company purchased 3 Lynksys SGE2010p, At the moment they work as a stack  but as we are implementing UCCX we need to mirror 15 ports but during the provisioning i've noticed that the limit is 8 ports per stack. I'm wondering whether this is a known issue or just a known limitation . I believe that most probably i'll need to move back to stand alone mode so i could configure 8 mirrored ports per switch.

View 2 Replies View Related

Cisco Infrastructure :: Catalyst Express 500 Port Mirroring Capabilities?

Mar 1, 2006

Does it have this switch some port mirroring capability (SPAN or other)?

View 2 Replies View Related

Cisco Switching/Routing :: 3548XL Port Spanning / Mirroring With Snort IDS

Oct 30, 2012

I am trying to configure a SNORT IDS system running on a physical machine using Linux as the base OS. I have a small lab network setup with 3 VLANs, a 3548 switch and a 2611 router acting as the router on a stick/inter-vlan router. My goal is to setup SNORT as a host-based IDS system. To do that I know I need to use the "port monitor" command on the switch and I have tested this and it works fine only when the snort system and the traffic I want to monitor reside on the same VLAN.My problem is I want to be able to monitor a trunk link betwee the switch and router to see traffic coming from my 3 VLANs which contain servers. My goal is to run attacks on the servers to test SNORT's effectiveness.
Relevant information from my configuration: interface fa 0/1 on switch is the trunk like carry 3 vlans to the router On the switch:
int fa 0/1
  switchport mode trunk
 int fa 0/5
  port monitor fa 0/1
  switchport mode access
The switch will not allow me to configure fa 0/5 as a trunk, only can be an access port.So right now, SNORT does not see any traffic other than traffic from my router to the switch. I assume because this is going over the native VLAN (1 in this case) and that is the same VLAN that SNORT box resides on on interface fa 0/5. So I know the span is working to an extent, but traffic from my other VLANs (server to server traffic) does not show on SNORT at all.I have done some research on and see the following seemingly contradicting information:
VLAN Filtering When you monitor a trunk port as a source port, all VLANs active on the trunk are monitored by default. You can use VLAN filtering in order to limit SPAN traffic monitoring on trunk source ports to specific VLANs Then I see, under the section for the 3500 series: A monitor port cannot be a dynamic-access port or a trunk port. However, a static-access port can monitor a VLAN on a trunk, a multi-VLAN, or a dynamic-access port. The VLAN that is monitored is the one that is associated with the static-access port.
My question is, does that mean the 3548 cannot support spanning a trunk link and having all VLANs on that trunk be monitored correctly to the monitoring port? I know the 3548 is old, but it is the only thing right now I have to work with. I could put the SNORT box inline on the network, but that is another mess in itself.

View 6 Replies View Related

Cisco Switches :: Does ESW 520 24P Support Mirroring 20 Ports Traffic To 1 Destination Port

Sep 5, 2011

Does the ESW 520 24P Support Mirroring 20 Ports Traffic to 1 Destination Port?

View 3 Replies View Related

Switches On A Network Doesn't Support Remote Port Mirroring?

May 2, 2011

If switches on a network doesn't support remote port mirroring and only local port mirroring, What are the options to still capture all the traffic from all switches on 1 single core switch?

View 1 Replies View Related

Cisco Switching/Routing :: Maximum Number Of Sessions For Port Mirroring On 4510

Apr 23, 2013

Are you only able to have two sessions for port mirroring on a Cisco 4510?                  

View 1 Replies View Related

Cisco Switching/Routing :: Port Mirroring 2651 To Create Monitor Session From Source

May 20, 2013

I have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1

View 2 Replies View Related

Cisco Firewall :: Open A Port In ASA 5510 Firewall Using ASDM?

Oct 20, 2012

I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.

View 23 Replies View Related

Cisco Firewall :: Setup 2nd Public IP In ASA 5510?

Mar 16, 2011

we have hosted voip and would like have our internet as back for their router.  We gave them public static ip so they can configure that in their router.  How can i configure the ip address in our firewall let say on asa5510 ethernet port 3 so if their router T1 goes out then our internet will work as backup.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 SLA Monitor Setup?

Jul 24, 2012

I have 2 outside connections one of which works as a backup connection. I am trying to setup SLA monitor so that when primary fails, the secondary connection takes over. However I never get connected to the primary connection after reboot, the backup connection is active after reboot.

View 2 Replies View Related

Cisco Firewall :: Basic Setup For 5510?

Nov 27, 2012

basic configuration for setting up cisco ASA 5510 for NAT and DMZ.

View 9 Replies View Related

Cisco Firewall :: ASA 5510 And 5505 Setup

Aug 16, 2010

I currently use MS ISA Server 2006 to protect a windows internal network, where there is also an MS Exchange server. I have acquired a Cisco 5510 to enhance security at main office. Later I will have ASA 5505 for branches, including VPN-ning. to have firewall at main office. I have several public IPs and would like to setup DMZ for Web, Exchange server and FTP. How do I setup interface and sub-interface for the DMZ?Can I continue using ISA Server connecting to Cisco 5510 on the perimeter? If so, How do I set the interfaces (and sub-interfaces) as well as NAT-ting and access configuration between the inside and outside?

View 12 Replies View Related

Cisco Firewall :: ASA 5510 - ISP Backup Setup

Apr 5, 2011

I would like to setup backup ISP in our ASA5510.   Right now the the firewall has for default gateway following command:
"route outside 114.324.321.33 1"  i am changing this to route outside 114.324.321.33 10 track 1 i can setup sla monitoring. As soon as i do the above command and remove the original "route outside 114.324.321.33 1" from asa then internet connection drops. Right now asa interface Ethernet0/0 has main isp configured and configuring  interface Ethernet0/3 as backup. interface Ethernet0/3 name if backup security-level 0 ip address 114.324.321.34 no shut global (backup) 1 interface.
route outside 114.324.321.33 10 track 1 ( Right now in firewall i have" route outside 114.324.321.33 1 " ) route backup 20 track 2
track 1 rtr 1 reach ability
track 2 rtr 2 reach ability

sla monitor 1type echo protocol ipIcmpEcho 114.324.321.33 interface outside sla monitor schedule 1 life forever start-time now sla monitor 2type echo protocol ip Icmp Echo interface backup sla monitor schedule 2 life forever start-time now. Also our firewall has site to site vpn and 1 main ip configured for exchange and remote access. 

View 4 Replies View Related

Cisco Firewall :: ASA 5510 First Setup Can't Get Internet WAN Access

Dec 18, 2011

I have an ASA 5510.  I am doing a new install at our new data center.  I am having trouble getting internet access from an inside LAN interface to the outside WAN interface.Our colo center has given us the below IP info. [code]If I do a static config on my laptop of IP 198.145.XXX.82 Mask 255. 255. 255. 240 DG 198.145.XXX.81 I am able to get the web fine from the line in our rack.  I used the ASDM software to setup the ASA. I set its WAN IP of 198. 145. XX X. 82 and mask as for interface 0/0.  For interface 0/1 I made a management LAN of with mask of can connect to my LAN ok but do not have outside internet access.  I have also tried .80 and .81 for the WAN IP of the ASA. [code]

View 8 Replies View Related

Cisco Firewall :: 5510 / Setup Snmpv3 With Active Failover?

Apr 1, 2012

What I am attempting to do is setup snmpv3 on two failover 5510's .The problem I am running into, the snmp management software rejects one of the devices as it sees it as having a duplicate engine ID since the two devices share the same config.  Would like to know how this would work in an active/active setup being able to poll both devices.

View 2 Replies View Related

Cisco Firewall :: 5510 - ASA 8.4 - How To Setup Additional Public IP's On Outside Interface

May 10, 2012

getting my additional IP addresses working on my ASA 5510.  I have a /29 allocation and outbound access and inbound access to my internal www server is working fine through the default outside interface.   However, I now need to setup a second IP address that maps internally to a different web server.  When I setup a new network object with automatic NAT translation to the new IP address, it does not work.  If I setup the same scenario using the outside interface, it works fine.  What is the proper way to setup additional IP address on my ASA v8.4? 

View 10 Replies View Related

Cisco Firewall :: ASA 5510 6.1 To 8.X Via USB Port?

Jul 23, 2012

I've got an unconnected ASA 5510 running IOS 6.1 that I need to upgrade to 8.X (I believe 8.4 is available). The unit is a blank/default configuration and is not on any network so it can't be easily accessed via Ethernet. Is there a method that I can use its onboard USB port (0 or 1) to plugin a USB memory stick with the 8.X...bin file and process the upgrade that way?

View 2 Replies View Related

Cisco Firewall :: 5510 Setup In Active / Standby Failover Configuration

May 8, 2012

We have 2 ASA 5510's setup in an active, standby failover configuration. When the primary fails over to standby, the 3rd party cert does not failover to the standby ASA. The users then receive the CERT missing, invalid message and have to select yes, no to move on. This does not occur when the primary is not in failover mode. It is my understanding that failover fails over certs but in our case it does not apper to be working correctly.

View 1 Replies View Related

Cisco Firewall :: Port Forwarding With ASA 5510?

May 2, 2011

i have a asa with a outside IP address of behind this firewall i have a cisco MWR 2941 that i would like to connect to via telnet. its inside ip address is my reasoning for this is because i cannot SSH or telnet from a ASA so i need to have the ASA push my telnet request to the router on its inside interface.i have tried some NAT examples but i am very green with NAT. i have also built access lists that look like the follow " access-list 101 permit tcp any eq 23. and then tied the access-group 101 with the outside interface. this also with no success.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 Blocking Port 25?

Dec 13, 2010

I have a Cisco ASA 5510. I have detected an infected workstation on my internal LAN which has caused my IP to be blacklisted by Barracuda Networks and other RBL. I have scanned and cleaned the workstation removing the spambot. I want to prevent all my internal workstations from sending SMTP traffic on Port 25 through my ASA 5510 device. I only need to allow my Exchange Server access to send out traffic on port 25. configure this setup using ASDM 5.0?  I know it may be easier using CLI, but using the ASDM would really be preferred.

View 4 Replies View Related

Cisco Firewall :: ASA 5510 And Port Forwarding?

Oct 23, 2012

I have a Cisco ASA 5510 appliance running ASDM 6.3 We have a number of public IP addresses associated with our company. In order to utilise the IP addresses effectively I want to use one puplic IP address for two servers running on different ports.e.g.
Public IP address
for both
Server 1 HTTPS and HTTP
 Server 2 FTP
Both Servers live in the same subnet (DMZ) I believe this maybe port forwarding but could be completely wrong. I've tried creating a NAT rule that goes from Server 2 Network object to Server 1 external but this didn't work.

View 2 Replies View Related

Cisco Firewall :: ASA 5510 How To Open Port 25

Feb 14, 2012

We have an ASA5510 that we need to open port 25 to allow mail traffic to our internal Exchange server.We have 2 interfaces defined... one named Internal on eth0/3 ip 10.1.x.x and one named Internet on eth 0/0 ip 96.56.x.x.We followed the instructions in ASDM for allowing access to a public server but confusion over definitions have stopped us.ASDM asks for the internal interface and the internal server IP... no problem there because the internal interface and server have two different IP addresses.  The Internal interface is eth 0/3 ( and the server is
However, when we get to the External interface (eth 0/1) there is only a single IP address 96.56.x.x but the ASDM asks for an Interface IP and the IP people would use to get to the mail server from the outside.  Inasmuch as we have only 1 external IP address (which connects to our upstream Cisco router which in turn connects to the ISP modem) we used the same IP for both but the ASDM returns an error indicating they must be different.
Apparently we do not have a clear understanding of what the ASDM is actually asking for.  When the ASDM asks for the external interface we assumed it was asking for the named value we gave the interface (which is Internet).  The named value "Internet" has an ip associated with it 96.56.x.x.  But when the ASDM asks for the ip people on the outside would use to get to the mail server (we created a named value called "mail server" and gave it the same ip address as the external named value.  This duplication of ip address causes the ASDM to return the error stating that external Interface to be used and the external ip to be used cannot be the same.Have we made an error when we assumed that when the ASDM asked for the external interface it meant the ip of the external interface or was it asking for the eth number (as in eth 0/0) for the interface? 

View 33 Replies View Related

Cisco Firewall :: ASA 5510 8.4 Nat And Port-forwarding?

Jun 6, 2013

I'm trying to forward an internal service on a internal  server to the external interface on the same port on the outside  interface of our ASA.I been searching for a solution for days and found nothing.Here are the relevant parts of my config:

: Saved
ASA Version 8.4(2)
object service TCP-WebServer-8080
service tcp source eq 8080
object network WebServer_Object_10.1.10.7

So it looks like it's being dropped by an ACL, but it looks right to me.

View 4 Replies View Related

Copyrights 2005-15, All rights reserved