Cisco Firewall :: Unable To Login In FWSM 3.2
Apr 13, 2011
I am having two dc switches with FWSM modules installed. DC switch1 FWSM (Ver 3.2(12) is wokring as active and Secondary DC switch2 FWSM (ver 3.2.(12) is in standby mode.
From yesterday I am trying to login primary FWSM, It is accepting my username and credentials but prompting again for username please refer below
DXB-DC1>session slot 5 p 1The default escape character is Ctrl-^, then x.You can also type 'exit' at the remote prompt to end the sessionTrying 127.0.0.51 Open. [code]
View 1 Replies
ADVERTISEMENT
Aug 15, 2011
I am having FWSM in active /standby mode deployed on two different cat 6k chassis. Unable to access the fwsm module from switch using ' session module mod_no processor 1 ", it throws error " % telnet connections not permitted from this terminal" Running Version 3.2.6 on fwsm, Cat 6k is running 12.2.33.SXH1,
switch#session slot 3 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
% telnet connections not permitted from this terminal
---------------------------------------------------------------------------
have allowed telnet on line vty, configuration on Line vty is simple allowing all transport protocols
line vty 0 4
exec-timeout 5 0
transport input all
transport output all
line vty 5 15
exec-timeout 5 0
transport input all
transport output all
View 3 Replies
View Related
Feb 17, 2012
I have 2 modules of FWSM in 6500 switch (failover). I need 5 context. When I use in routed mode (like in the picture) , I cannot ping the servers behind the firewall. (I have ping to FW context) In transparent mode, it is not happening.
View 1 Replies
View Related
Aug 23, 2011
I have not worked with ASDM in a while. I have a 5510, with asdm-645.bin in the flash. The device runs version 8.4(2). I can download ASDM from the http interface of the firewall from the management interface. But I can not log in. I have used blank username and password, no username and enable password, blank username with enable password and a few other permutations. I then tried to connect to the asdm interface from inside also. But I can not connect. Needless to say, I have enabled http, and updated the http access-list. The only logging I have enabled is buffered. Is there any configuration that I am missing? Shall I cut and past the config?
View 4 Replies
View Related
Jul 6, 2011
When i tried to login through ASDM at Cisco ASA 5510, it ask for the username and password and after that nothing comes up. I am able to login through ssh. [code]
As per my knowledge show bootvar and show version, should shows the same IOS version. But here it's showing different. Is asdm-523 is compatible with IOS asa708.
View 6 Replies
View Related
Nov 17, 2012
I have a vlan defined in FWSM for server farm there is a one server with two IP addresses and teaming has done on it how ever from FWSM i am able to ping both IP addresses but from core 6509 switch i am only able to ping one ip address. from FWSM show ARP command displays the same virtual mac addresses against both IPS of the same server.
View 2 Replies
View Related
May 3, 2011
We have 2 FWSM modules in each 6500 switches. 1st module is having 04 firewall vlan groups with 18 vlan interfaces in a single context firewall. All are working fine with no issues. Recently we create one more vlan on MFSC and add into the same firewall module. However newly created vlan inside the FW is not able to communicate with outside and also outside users not able to reach newly created subnet. But within the firewall zones (other interfaces) it can communicate. Once we did packet capture we noticed that its hitting firewall outside interface only and when we ping we got TTL expired error. we have default routes to outside and there's no any route inside as new segment is within the firewall (no any hop).
I guess there's no limitation on number of vlans that we can assign on one firewall eventhough there is a limitation for number of vlan-group which is 16 max (but we are within that limit).
View 2 Replies
View Related
Apr 1, 2013
Can any1 tell me wat is the difference between ASA-SM1 and FWSM.
View 2 Replies
View Related
Apr 10, 2012
I want to upgrade a pair of FWSM in active failover from 4.0(4) to 4.1(8) i just want to double check the process. i have tftp access to the primary at the minute. i cannot access the same tftp server with the standby. do i need flip over to the standby to be able to tftp the image across?
failover activehostname# changeto system
hostname# copy tftp://x.x.x.x/c6svc-fwm-k9.4-1-8.bin flash:image
hostname# copy tftp://x.x.x.x/asdm-622f.bin flash:asdm
hostname# reload
Once i have the images loaded i reload both at the same time?[URL]
View 4 Replies
View Related
Dec 17, 2011
I am planning for an VSS in Core but firstly I need to upgrade FWSM which is at 3.2 Ver to 4.0.4 (min release) I have checked software dependencies but not sure about Hardware Dependency on Fwsm and Chassis for Eg. Rommon Upgrade on Chassis.
View 7 Replies
View Related
Jun 26, 2011
I wanna upgrade FWSM Version 3.1(11) to latest 4.x version is this possible or i have to upgrade first to 3.2 and then to 4.x?
Is there any changes in configuration commands that i need to know? The version that 6500 running is s72033-advipservicesk9_wan-mz.122-18.SXF14.bin,an upgrade to 6500 is needed also?And if so what ios version will i put?Also which is the asdm supported version?
View 3 Replies
View Related
Jan 15, 2012
We recently deployed a FWSM on our 6503-e boxes (w/ sup720). NAT is working (PAT) but the issue I am seeing is private traffic from remote sites is not being allowed through the FW. I was able to get the remote site to ping the FWSM itself (inside address), but no hosts behind it. Maybe an ACL issue? Also when I turn off NAT on the remote end, I can than access everything (We are NATng on both ends). Im a routing guy by nature so I will defer this to the security guys out there.
Topology
Hosts (inside/10.15.25.0/24) > FWSM (outside/public IP) -> Core Router -> MPLS CLOUD -> Core Router (NATng) - > Hosts (192.168.1.0/24)
ACLs applied to inside/outside interface
FWSM# show access-list ATX-ALLOW-IN
access-list ATX-ALLOW-IN; 15 elements
access-list ATX-ALLOW-IN extended permit tcp any any (hitcnt=222)
[Code]....
View 3 Replies
View Related
Dec 5, 2011
i recently upgraded our Ciscoworks LMS from 4.0 to 4.1. after i installed the upgrade the admin login doesnt work, neither does any other account. i have tried resetting the password but it doesnt work.
View 3 Replies
View Related
Apr 10, 2012
I configured a new SG-200-08 with a static IP. I tried to save the configuration as the startup configuration. After 10 minutes, I restarted the switch. It didn't boot with the new configuration, and returned to the default .254 and default pw. Now I cannnot assign a new pw or get past the change the pw page. When I try to save a new pw, the switch reboots and prompts me to change from the default pw. I tried resetting the switch by depressing the reset button for a long time, but results are the same. LED indicators are green with a flashing green indicating the .254 address and a solid green on the port where the switch is connected to the computer. How can I reset the switch or get passed the change your pw page?
View 3 Replies
View Related
Dec 3, 2011
if we are unable to login into switch how can we identify at which port of switch loop is there ?
View 3 Replies
View Related
Aug 14, 2011
We have a pair of 6500s with Sup720 running 12.2(33)SXI3. Each has an ACE-20 (s/w A2(2.0)) and FWSM (s/w v3.2(15)). We have reached a limit on the number of rules we can configure on the FWSM, and have determined that we shall upgrade to 4.1(5), with ASDM to 6.2(2)F. A question has been raised regarding the s/w on the ACE-20 modules. Do we need to upgrade them as well?
View 2 Replies
View Related
Oct 1, 2012
ASA code 8.3 and higher uses NAT objects and totally changes the NAT rule config. I am new to FWSM .... but was wondering if this comparable ? I am lookinig at upgrading FWSM 3.1(16) to a higher 4.1 version .... but have a feeling this could be a huge task if NAT config changes as with the ASA's
View 2 Replies
View Related
May 11, 2012
am trying to config a FWSM by ASDM 6.2f.there are formerly configured interfaces and new interfaces i created.when i add a new access rule it gets added only to all the old interfaces but not to the new ones i created.
1. what wrong with the new interfces i created?
2. whats the logic of auto adding a rule to "all" interfaces , the rules are incoming rules specific to interfaces or groups , why add the to the rule to "all" intefaces?.
View 3 Replies
View Related
May 22, 2013
We would like to decommission our FWSMs and upgrade to the ASA 5555Xs. This leads me to ask the following: What would be the most efficient way of doing this without any interruption to production? How to successfully accomplish this?
View 1 Replies
View Related
Oct 29, 2012
our FWSM (in 6509) is not coming up, when tried to sesssion up using "Session slot 1 proc 1" command,It is giving error , "Tyring 127.0.0.11 .....connection timed out remote host not responding".
In "show mod" command output at Switch in IOS console: under Card Type Section: it is showing Model & Serial Number correctly, Under MAC address sectino: displaying some MAC address But in Online Diag Status, it showing "Unknown" for Module 1.
We tried re-seating in other slots, but of no use. Giving same error. Some of other forms are saying it is the issue with 128 Mb CF image problem, FWSM is no more reachable from 6509 IOS console. We even tried using FWSM console (using PC-Conse & LCP Console) but FWSM is not contactable.
View 1 Replies
View Related
Feb 3, 2012
I have had a strange issue with a pair of FWSM's in 2 6500's, it seems there was a failover but both module's have been reset.
CAT1
Feb 03 17:08:46.525: %SNMP-5-MODULETRAP: Module 8 [Down] Trap Feb 03 17:08:46.522: SP: The PC in slot 8 is shutting down. Please wait ...Feb 03 17:09:01.525: SP: shutdown_pc_process:No response from module 8 Feb 03 17:09:11.382: %C6KPWR-SP-4-DISABLED: power to module in slot 8 set off (Reset) Feb 03 17:10:56.093: %DIAG-SP-6-RUN_MINIMUM: Module 8: Running Minimal Diagnostics...Feb 03 17:10:59.796: %SVCLC-5-FWVTPMODE: VTP
[Code]...
View 1 Replies
View Related
Jul 9, 2012
Can I upgrade FWSM 4.0.3 to 4.0.17 with Chassis IOS s72033-adventerprisek9_wan-mz.122-33.SXH4.bin ?
In chassis's slot we have ACE and FWSM slot also. if I will upgrade chassis it will reboot ACE too.I do not want to reload Chassis.
View 2 Replies
View Related
Sep 27, 2012
I'm running two C6509 Chassis with FWSM and ACE module install on each chasiss.I have no problem with session into 1 FWSM and 2 ACE modules.But 1 FWSM module can't be access by session command.As I understand two FWSM module status is OK, and working fine.When I tried to session into FWSM, I got these messages..
[code]....
View 2 Replies
View Related
Jan 11, 2010
I need to upgrade the fwsm image from 3.1(10) to 4.0(8). Can i do it directly from 3.1(10) to 4.0(8) ?Do i need to upgrade other image also along with Firewall version 4.0(8)?
[code]....
View 5 Replies
View Related
Jul 16, 2011
I think I got a strange behavior on a context of my WS-SVC-FWM-1 (on a Catalyst 6509 running IOS 12.2(18)SXF17a) that is running FWSM Firewall Version 4.1(3). This context sends these log messages every ten minutes:
Jul 17 2011 23:31:16: %FWSM-6-302010: 0 in use, 0 most used
Jul 17 2011 23:31:17: %FWSM-6-302010: 2245 in use, 107133 most used
[code]...
If I issue the "show conn" three seconds later the log message, the output I got is: FWSM# sh conn 1041 in use, 107133 most used
In another context on the same FWSM the log message sent every ten minutes is just this one:
Jul 17 2011 23:31:17: %FWSM-6-302010: 1358 in use, 72503 most used
Jul 17 2011 23:41:22: %FWSM-6-302010: 1590 in use, 72503 most used
In this case there is no the log message where the "in use" field and "most used" field are 0 (zero). why does the context send the message with the "in use" field and "most used" field 0 (zero).
View 1 Replies
View Related
May 17, 2011
I have attached a drawing of our network. We have two 6509's connected to two Cisco 2811 (onsite) that the ISP owns. I am trying to get one side up and running before I worry about redundancy and so forth. For this reason I have set all the HSRP priorities to 110 on the left 6509. I have HSRP running between the ISP routers and V LAN 101 of the 6509's. This works as I can ping yahoo and Google just fine from the 6509 switch. I can't get from my laptop connected to V LAN 23 to the internet.
It doesn't even attempt to NAT as there are no translations. I have public address assigned by my ISP configured between the ISP routers and my 6509 on V LAN 101. I then have the public address assigned to V LAN 100. I configured V LAN 100 on the switch and V LAN 100 on the FWSM with the IP address in the drawing. I have my NAT statements and route in my FWSM according to the drawing as well. On the switch, I have a default route to X.X.12.19 which is the VIP between the ISP routers. I can reach anything on the inside of my network, including the old network addresses from V LAN 23.
1. Is it best to do NAT at the FWSM or should I do it on the MSFC connected to the ISP routers?
2. If I have to configure NAT at the FWSM, does this requires me to extend the public network down to the FWSM?
3. I'll take any examples you may have as I am stuck.
View 2 Replies
View Related
Dec 20, 2012
We run a 6500 with an FWSM with multiple security contexts as well as cascading contexts with a "shared V LAN" . There is a problem with regards to Linux machines and our shared network.
For example, we have three Linux machines in production, each in three separate V LAN's. For me to communicate to these boxes from one V LAN to another I must first ping the server. If I do not ping the server it will not bring up a connection like ssh or HTTP, etc. Below is the error I get from the FWSM that hosts the Linux server, but like I said once I ping the server the error goes away. We only have this problem with Linux machines, and it is a problem for all three of them. Is the FWSM having issues understanding something with all three Linux boxes? Below is the error I get at first, when I try to SSH from one V LAN to another V LAN with the Linux machine.
6 Dec 21 2012 16:33:54 106015 10.255.12.109 22 10.255.1.30 63000
Deny TCP (no connection) from 10.255.12.109/22 to 10.255.1.30/63000 flags SYN ACK on interface inside.
Below is what happens when I initiate a ping to the Linux Server and then ssh again. Notice it builds the connection with no problem after the ping. During the ping it builds the dynamic translation, and then when I ssh it builds the TCP connection. Do you know why this could be?
6 Dec 21 2012 16:35:08 305009 10.255.12.109 10.255.12.109
[Code]....
View 7 Replies
View Related
Jul 4, 2011
We are unable to login at Cisco 6509 switch, due to username and password not working. We have tried to recover the password as per Cisco document, but that is also not working. This switch is our Primary Switch in our network.
View 8 Replies
View Related
Jan 22, 2012
I have a WLC 3750 and use the web authentication method with the internal login-page. Now I would like to add a link to a PDF document which is supposed to be available before logging in. In other words: Clients connect to the W-LAN and get access to the login-page. They can download the PDF document (which has by the way a size of ca 10MB) from the login-page and after that they login to get access to the internet.
As far as I understood the manuals I won't be able to use the internal login-page because the size of a file is not allowed to be bigger than 1MB.So I thought about using the external authentication by using the webserver of my website. Unfortaunely the IP-Adress of my website doesn't work. Behind this IP-adress there's more than one website hosted. So I can't use my webserver either ...
Is there any other possibilty to add this PDF (size 10MB) on the login-page? Maybe I can add my website to a kind of a "pass through list" which is accessible even without authentication?
View 11 Replies
View Related
Jan 28, 2013
I recently upgraded several of my systems to Windows 8 from XP. This, of course, included the update to IE10.Now, I cannot log into the router on my network via a Windows 8 system. It works fine if I use a Windows 7 laptop or an XP unit, but on Windows 8, when I go to the router's address, it prompts me for the Username and Password. It takes the password, and then immediately comes back and asks for it again. Another weirdness is that it won't exit when I choose cancel - only if I select the red X in the upper right corner of the authentication window.
View 5 Replies
View Related
Feb 2, 2012
The computer that i am using which is on the LAN Setup. Also it is connected to the domain. Whenever i tried to log on to the computer it is giving me an error message that "The System could not log on the "Domain Name" either the connection is disconnected or the domain is no longer available" somting like that. When i remove the LAN Cable and if i enter the domain password, i can login to the computer. after i log on the computer if i connect the LAN Cable it is working fine. I can access the other computer which is connected to the same domain. Why the error message is poping up?
View 4 Replies
View Related
May 18, 2011
I have an FWSM running in multiple context mode running 3.2(18) code. I have 3 urls that I would like to block so I can't justify the cost of an external URL filtering server. I have found a way to filter individual URLs on the ASA but the same configuration does not seem to be available on the FWSM. At least not on my code. Any way to do this other than resolving the hostnames and blocking the current IP addresses?
View 1 Replies
View Related
Dec 20, 2012
I have 7604 router with FWSM module in module 3.First of all the FWSM CF has been damaged, not physically. I bought the new same compact flash (size, partnumber, etc.). Downloaded the software 3.2 for FWSM, and ASDM from Cisco website. I realized that the procedure of creating new CF for FWSM is quite diffucult: creating 1-5 partitions, where 1 - is MP, and 4th - application partition. According to cisco documentation - the default boot partition is the 4th, so I partitioned from 7604 the CF into 4 partitions (partition disk1: <1-4> maximum) and copied the software and ASDM to the 4th partition (disk1:3:). Removed the CF from the router and put it into the FWSM module.
View 1 Replies
View Related