Cisco Firewall :: Unable To Login In FWSM 3.2

Apr 13, 2011

I  am having two dc switches with FWSM modules installed. DC switch1 FWSM  (Ver 3.2(12) is wokring as active and Secondary DC switch2 FWSM (ver  3.2.(12) is in standby mode.
From  yesterday I am trying to login primary FWSM, It is accepting my  username and credentials but prompting again for username please refer  below
DXB-DC1>session slot 5 p 1The default escape character is Ctrl-^, then x.You can also type 'exit' at the remote prompt to end the sessionTrying Open. [code]

View 1 Replies


Cisco Firewall :: FWSM 3.2.6 / Unable To Access From Switch Console

Aug 15, 2011

I am having FWSM in active /standby mode deployed on two different cat 6k chassis. Unable to access the fwsm module from switch using ' session module mod_no processor 1 ", it throws error " % telnet connections not permitted from this terminal" Running Version 3.2.6 on fwsm, Cat 6k is running 12.2.33.SXH1,
switch#session slot 3 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
% telnet connections not permitted from this terminal
have allowed telnet on line vty, configuration on Line vty is simple allowing all transport protocols
line vty 0 4
exec-timeout 5 0
transport input all
transport output all
line vty 5 15
exec-timeout 5 0
transport input all
transport output all

View 3 Replies View Related

Cisco Firewall :: 6500 - Unable To Ping When Use Routed Mode In Fwsm

Feb 17, 2012

I have 2 modules of FWSM in 6500 switch (failover). I need 5 context. When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context) In transparent mode, it is not happening.

View 1 Replies View Related

Cisco Firewall :: 5510 - Unable To Login

Aug 23, 2011

I have not worked with ASDM in a while. I have a 5510, with asdm-645.bin in the flash. The device runs version 8.4(2).  I can download ASDM from the http interface of the firewall from the management interface. But I can not log in. I have used blank username and password, no username and enable password, blank username with enable password and a few other permutations. I then tried to connect to the asdm interface from inside also. But I can not connect. Needless to say, I have enabled http, and updated the http access-list.  The only logging I have enabled is buffered. Is there any configuration that I am missing? Shall I cut and past the config?

View 4 Replies View Related

Cisco Firewall :: Unable To Login Through ASDM At ASA 5510

Jul 6, 2011

When i tried to login through ASDM at Cisco ASA 5510, it ask for the username and password and after that nothing comes up. I am able to login through ssh. [code]

As per my knowledge show bootvar and show version, should shows the same IOS version. But here it's showing different. Is asdm-523 is compatible with IOS asa708.

View 6 Replies View Related

Cisco Switching/Routing :: 6509 - Unable To Ping IP In FWSM

Nov 17, 2012

I have a vlan defined in FWSM for server farm there is a one server with two IP addresses and teaming has done on it how ever from FWSM i am able to ping both IP addresses but from core 6509 switch i am only able to ping one ip address. from FWSM show ARP command displays the same virtual mac addresses against both IPS of the same server.

View 2 Replies View Related

Cisco Firewall :: 6500 - FWSM - Not Passing Traffic Through Firewall

May 3, 2011

We have 2 FWSM modules in each 6500 switches. 1st module is having 04 firewall vlan groups with 18 vlan interfaces in a single context firewall. All are working fine with no issues. Recently we create one more vlan on MFSC and add into the same firewall module. However newly created vlan inside the FW is not able to communicate with outside and also outside users not able to reach newly created subnet. But within the firewall zones (other interfaces) it can communicate. Once we did packet capture we noticed that its hitting firewall outside interface only and when we ping we got TTL expired error. we have default routes to outside and there's no any route inside as new segment is within the firewall (no any hop).
I guess there's no limitation on number of vlans that we can assign on one firewall eventhough there is a limitation for number of vlan-group which is 16 max (but we are within that limit).

View 2 Replies View Related

Cisco Firewall :: Difference Between ASA-SM1 And FWSM

Apr 1, 2013

Can any1 tell me wat is the difference between ASA-SM1 and FWSM.

View 2 Replies View Related

Cisco Firewall :: FWSM Upgrade From 4.0(4) To 4.1(8)?

Apr 10, 2012

I want to upgrade a pair of FWSM in active failover from 4.0(4) to 4.1(8) i just want to double check the process. i have tftp access to the primary at the minute. i cannot access the same tftp server with the standby. do i need flip over to the standby to be able to tftp the image across?
failover activehostname# changeto system 
hostname# copy tftp://x.x.x.x/c6svc-fwm-k9.4-1-8.bin flash:image
hostname# copy tftp://x.x.x.x/asdm-622f.bin flash:asdm
 hostname# reload 
Once i have the images loaded i reload both at the same time?[URL]

View 4 Replies View Related

Cisco Firewall :: FWSM Upgrade 3.2 To 4.0.4 For VSS?

Dec 17, 2011

I am planning for an VSS in Core but firstly I need to upgrade FWSM which is at 3.2 Ver to 4.0.4 (min release) I have checked software dependencies but not sure about Hardware Dependency  on Fwsm and Chassis for Eg. Rommon Upgrade on Chassis.

View 7 Replies View Related

Cisco Firewall :: Upgrading Fwsm From 3.1(11) To 4.x?

Jun 26, 2011

I wanna upgrade FWSM Version 3.1(11) to latest 4.x version is this possible or i have to upgrade first to 3.2 and then to 4.x?

Is there any changes in configuration commands that i need to know? The version that 6500 running is s72033-advipservicesk9_wan-mz.122-18.SXF14.bin,an upgrade to 6500 is needed also?And if so what ios version will i put?Also which is the asdm supported version?

View 3 Replies View Related

Cisco Firewall :: FWSM ACL / NAT With 6503

Jan 15, 2012

We recently deployed a FWSM on our 6503-e boxes (w/ sup720).  NAT is working (PAT) but the issue I am seeing is private traffic from remote sites is not being allowed through the FW.   I was able to get the remote site to ping the FWSM itself (inside address), but no hosts behind it.  Maybe an ACL issue? Also when I turn off NAT on the remote end, I can than access everything (We are NATng on both ends).   Im a routing guy by nature so I will defer this to the security guys out there.
Hosts (inside/ > FWSM  (outside/public IP) -> Core Router -> MPLS CLOUD -> Core Router (NATng) - > Hosts (

ACLs applied to inside/outside interface
FWSM# show access-list ATX-ALLOW-IN
access-list ATX-ALLOW-IN; 15 elements
access-list ATX-ALLOW-IN extended permit tcp any any (hitcnt=222)

View 3 Replies View Related

Cisco :: Unable To Login After Upgrading To LMS 4.1

Dec 5, 2011

i recently upgraded our Ciscoworks LMS from 4.0 to 4.1. after i installed the upgrade the admin login doesnt work, neither does any other account. i have tried resetting the password but it doesnt work.

View 3 Replies View Related

Cisco Switches :: Unable To Login On SG-200-08

Apr 10, 2012

I configured a new SG-200-08 with a static IP. I tried to save the configuration as the startup configuration. After 10 minutes, I restarted the switch. It didn't boot with the new configuration, and returned to the default .254 and default pw. Now I cannnot assign a new pw or get past the change the pw page. When I try to save a new pw, the switch reboots and prompts me to change from the default pw. I tried resetting the switch by depressing the reset button for a long time, but results are the same. LED indicators are green with a flashing green indicating the .254 address and a solid green on the port where the switch is connected to the computer. How can I reset the switch or get passed the change your pw page?

View 3 Replies View Related

Unable To Login Into Switch?

Dec 3, 2011

if we are unable to login into switch how can we identify at which port of switch loop is there ?

View 3 Replies View Related

Cisco Firewall :: 6500 - FWSM And ACE S/W Compatibility

Aug 14, 2011

We have a pair of 6500s with Sup720 running 12.2(33)SXI3. Each has an ACE-20 (s/w A2(2.0)) and FWSM (s/w v3.2(15)). We have reached a limit on the number of rules we can configure on the FWSM, and have determined that we shall upgrade to 4.1(5), with ASDM to 6.2(2)F. A question has been raised regarding the s/w on the ACE-20 modules. Do we need to upgrade them as well?

View 2 Replies View Related

Cisco Firewall :: ASA 8.3 And Higher Compared To FWSM

Oct 1, 2012

ASA code 8.3 and higher uses NAT objects and totally changes the NAT rule config. I am new to FWSM .... but was wondering if this comparable ? I am lookinig at upgrading FWSM 3.1(16) to a higher 4.1 version .... but have a feeling this could be a huge task if NAT config changes as with the ASA's

View 2 Replies View Related

Cisco Firewall :: How To Configure A FWSM By ASDM 6.2f

May 11, 2012

am trying to config a FWSM by ASDM 6.2f.there are formerly configured interfaces and new interfaces i created.when i add a new access rule it gets added only to all the old interfaces but not to the new ones i created.
1. what wrong with the new interfces i created?

2. whats the logic of auto adding a rule to "all" interfaces , the rules are incoming rules  specific to interfaces or groups , why add the to the rule to  "all" intefaces?.

View 3 Replies View Related

Cisco Firewall :: Upgrade From FWSM To ASA 5555Xs?

May 22, 2013

We would like to decommission our FWSMs and upgrade to the ASA 5555Xs. This leads me to ask the following: What would be the most efficient way of doing this without any interruption to production? How to successfully accomplish this?

View 1 Replies View Related

Cisco Firewall :: FWSM (in 6509) Is Not Coming Up?

Oct 29, 2012

our FWSM (in 6509) is not coming up, when tried to sesssion up using "Session slot 1 proc 1" command,It is giving error , "Tyring .....connection timed out remote host not responding".
In "show mod" command output at Switch in IOS console:  under Card Type Section:  it is showing Model & Serial Number correctly,  Under MAC address sectino: displaying some MAC address But in Online Diag Status, it showing "Unknown" for Module 1.
We tried re-seating in other slots, but of no use. Giving same error. Some of other forms are saying it is the issue with 128 Mb CF image problem, FWSM is no more reachable from 6509 IOS console. We even tried using FWSM console (using PC-Conse & LCP Console) but FWSM is not contactable. 

View 1 Replies View Related

Cisco Firewall :: FWSM Reset With 6500

Feb 3, 2012

I have had a strange issue with a pair of FWSM's in 2 6500's, it seems there was a failover but both module's have been reset.
Feb 03 17:08:46.525: %SNMP-5-MODULETRAP: Module 8 [Down] Trap Feb 03 17:08:46.522: SP: The PC in slot 8 is shutting down. Please wait ...Feb 03 17:09:01.525: SP: shutdown_pc_process:No response from module 8 Feb 03 17:09:11.382: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set off (Reset) Feb 03 17:10:56.093: %DIAG-SP-6-RUN_MINIMUM: Module 8: Running Minimal Diagnostics...Feb 03 17:10:59.796: %SVCLC-5-FWVTPMODE: VTP

View 1 Replies View Related

Cisco Firewall :: Can Upgrade FWSM 4.0.3 To 4.0.17 With Chassis IOS

Jul 9, 2012

Can I upgrade FWSM 4.0.3 to 4.0.17  with Chassis IOS s72033-adventerprisek9_wan-mz.122-33.SXH4.bin ?
In chassis's slot we have ACE and FWSM slot also. if I will upgrade chassis it will reboot ACE too.I do not want to reload Chassis.

View 2 Replies View Related

Cisco Firewall :: C6509 - Can't Connect FWSM

Sep 27, 2012

I'm running two C6509 Chassis with FWSM and ACE module install on each chasiss.I have no problem with session into 1 FWSM and 2 ACE modules.But 1 FWSM module can't be access by session command.As I understand two FWSM module status is OK, and working fine.When I tried to session into FWSM, I got these messages..

View 2 Replies View Related

Cisco Firewall :: How To Upgrade Fwsm Image From 3.1(10) To 4.0(8)

Jan 11, 2010

I need to upgrade the fwsm image from 3.1(10) to 4.0(8). Can i do it directly from 3.1(10) to 4.0(8) ?Do i need to upgrade other image also along with Firewall version 4.0(8)?

View 5 Replies View Related

Cisco Firewall :: 6509 - FWSM Log Messages

Jul 16, 2011

I think I got a strange behavior on a context of my WS-SVC-FWM-1 (on a Catalyst 6509 running IOS 12.2(18)SXF17a) that is running FWSM Firewall Version 4.1(3). This context sends these log messages every ten minutes:
Jul 17 2011 23:31:16: %FWSM-6-302010: 0 in use, 0 most used
Jul 17 2011 23:31:17: %FWSM-6-302010: 2245 in use, 107133 most used
If I issue the "show conn" three seconds later the log message, the output I got is: FWSM#   sh conn 1041 in use, 107133 most used
In another context on the same FWSM the log message sent every ten minutes is just this one:
Jul 17 2011 23:31:17: %FWSM-6-302010: 1358 in use, 72503 most used
Jul 17 2011 23:41:22: %FWSM-6-302010: 1590 in use, 72503 most used
In this case there is no the log message where the "in use" field and "most used" field are 0 (zero). why does the context send the message with the "in use" field and "most used" field 0 (zero).

View 1 Replies View Related

Cisco Firewall :: 6509 / 2811 - NAT At FWSM

May 17, 2011

I have attached a drawing of our network.  We have two 6509's connected to two Cisco 2811 (onsite) that the ISP owns. I am trying to get one side up and running before I worry about redundancy and so forth.  For this reason I have set all the HSRP priorities to 110 on the left 6509.  I have HSRP running between the ISP routers and V LAN 101 of the 6509's.  This works as I can ping yahoo and Google just fine from the 6509 switch.  I can't get from my laptop connected to V LAN 23 to the internet. 

It doesn't even attempt to NAT as there are no translations.  I have public address assigned by my ISP configured between the ISP routers and my 6509 on V LAN 101.  I then have the public address assigned to V LAN 100.  I configured V LAN 100 on the switch and V LAN 100 on the FWSM with the IP address in the drawing.  I have my NAT statements and route in my FWSM according to the drawing as well.  On the switch, I have a default route to X.X.12.19 which is the VIP between the ISP routers.  I can reach anything on the inside of my network, including the old network addresses from V LAN 23.  
1. Is it best to do NAT at the FWSM or should I do it on the MSFC connected to the ISP routers?  
2. If I have to configure NAT at the FWSM, does this requires me to extend the public network down to the FWSM? 
3. I'll take any examples you may have as I am stuck.

View 2 Replies View Related

Cisco Firewall :: 6500 - FWSM Linux

Dec 20, 2012

We run a 6500 with an FWSM with multiple security contexts as well as cascading contexts with a "shared V LAN" . There is a problem with regards to Linux machines and our shared network.

For example, we have three Linux machines in production, each in three separate V LAN's. For me to communicate to these boxes from one V LAN to another I must first ping the server. If I do not ping the server it will not bring up a connection like ssh or HTTP, etc. Below is the error I get from the FWSM that hosts the Linux server, but like I said once I ping the server the error goes away. We only have this problem with Linux machines, and it is a problem for all three of them. Is the FWSM having issues understanding something with all three Linux boxes? Below is the error I get at first, when I try to SSH from one V LAN to another V LAN with the Linux machine. 

6 Dec 21 2012 16:33:54 106015 22 63000
Deny TCP (no connection) from to flags SYN ACK on interface inside.  
Below is what happens when I initiate a ping to the Linux Server and then ssh again. Notice it builds the connection with no problem after the ping. During the ping it builds the dynamic translation, and then when I ssh it builds the TCP connection. Do you know why this could be?

6 Dec 21 2012 16:35:08 305009

View 7 Replies View Related

Cisco WAN :: Unable To Login At 6509 Switch

Jul 4, 2011

We are unable to login at Cisco 6509 switch, due to username and password not working. We have tried to recover the password as per Cisco document, but that is also not working. This switch is our Primary Switch in our network.

View 8 Replies View Related

Cisco WAN :: Unable To Use WLC 3750G Login-Page?

Jan 22, 2012

I have a WLC 3750 and use the web authentication method with the internal login-page. Now I would like to add a link to a PDF document which is supposed to be available before logging in. In other words: Clients connect to the W-LAN and get access to the login-page. They can download the PDF document (which has by the way a size of ca 10MB) from the login-page and after that they login to get access to the internet.
As far as I understood the manuals I won't be able to use the internal login-page because the size of a file is not allowed to be bigger than 1MB.So I thought about using the external authentication by using the webserver of my website. Unfortaunely the IP-Adress of my website doesn't work. Behind this IP-adress there's more than one website hosted. So I can't use my webserver either ...
Is there any other possibilty to add this PDF (size 10MB) on the login-page? Maybe I can add my website to a kind of a "pass through list" which is accessible even without authentication?

View 11 Replies View Related

Windows 8 And IE 10 - Unable To Use Linksys Login?

Jan 28, 2013

I recently upgraded several of my systems to Windows 8 from XP. This, of course, included the update to IE10.Now, I cannot log into the router on my network via a Windows 8 system. It works fine if I use a Windows 7 laptop or an XP unit, but on Windows 8, when I go to the router's address, it prompts me for the Username and Password. It takes the password, and then immediately comes back and asks for it again. Another weirdness is that it won't exit when I choose cancel - only if I select the red X in the upper right corner of the authentication window.

View 5 Replies View Related

LAN Setup - Unable To Login To Computer

Feb 2, 2012

The computer that i am using which is on the LAN Setup. Also it is connected to the domain. Whenever i tried to log on to the computer it is giving me an error message that "The System could not log on the "Domain Name" either the connection is disconnected or the domain is no longer available" somting like that. When i remove the LAN Cable and if i enter the domain password, i can login to the computer. after i log on the computer if i connect the LAN Cable it is working fine. I can access the other computer which is connected to the same domain. Why the error message is poping up?

View 4 Replies View Related

Cisco Firewall :: 3.2 (18) - URL Filtering In FWSM Without External Server

May 18, 2011

I have an FWSM running in multiple context mode running 3.2(18) code.  I have 3 urls that I would like to block so I can't justify the cost of an external URL filtering server.  I have found a way to filter individual URLs on the ASA but the same configuration does not seem to be available on the FWSM.  At least not on my code. Any way to do this other than resolving the hostnames and blocking the current IP addresses?

View 1 Replies View Related

Cisco Firewall :: 7604 FWSM Boot Failure

Dec 20, 2012

I have 7604 router with FWSM module in module 3.First of all the FWSM CF has been damaged, not physically. I bought the new same compact flash (size, partnumber, etc.). Downloaded the software 3.2 for FWSM, and ASDM from Cisco website. I realized that the procedure of creating new CF for FWSM is quite diffucult: creating 1-5 partitions, where 1 - is MP, and 4th - application partition. According to cisco documentation - the default boot partition is the 4th, so I partitioned from 7604 the CF into 4 partitions (partition disk1: <1-4> maximum) and copied the software and ASDM to the 4th partition (disk1:3:). Removed the CF from the router and put it into the FWSM module.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved