We recently upgraded our bandwidth and I have to change the ip address on our ASA 5510. I just want to make sure that I am doing it right. All I will need to do is open up the ASDM and under confiugration go to interfaces and make the needed changes to the outside interface. Then under routing I will make the gateway IP change on the outside interface.
View 4 Repliesi was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.i have supressed this port mirroring.when i try to reconfigure a port mirroring from port FE17 to FE3. The SF200 web interface crash. the SF200 seems to reboot.
i have updated the SF200 firmware from V1.1.2.0 to V1.1.2.9.44 when i was able to configure (via SF200 web interface) a port mirroring from port FE17 to FE7.But after having suppressed this port mirroring again, i was not able to reconfigure a new port mirroring from port FE1 to FE3 (the SF200 hangs).
i have also tried to return to default factory setting but this does not solve the issue.i am working on SF200-24P
I have three routers 811 (independent), and the interface cellular 0 resets in all three.
View 3 Replies View RelatedThere is a remote server that downloads info from a server here at HQ. When the dowloads start the rxload on the S0/0/0 interface jumps to 98 percent or so; rxload 250/255. I needed to limit the bandwidth utilization between the servers, so I added the below line to the LAN interface on the remote router.By adding the command, it reduced the download utilization -which is what I wanted.
access-list 185 permit ip host 10.6.27.1 any
!
int f0/0
traffic-shape group 185 10000 8000 8000 1000
Question:How would applying this to the LAN interface cause the download utilization (Coming from s0/0/0) to decrease?
We bought Cisco Prime Infrastructure 1.2 appliance. The application seems to be pre-installed. I have gone through setup process. But I cannot connect/open web interface [URL].
View 10 Replies View RelatedWe have a Cisco 3825 router which does not work well with a DSL modem(ISP provided). I have configured the Gi0/0 port of the router to plug into this DSL modem but it does not ping to the ISP gateway. If we do a shut/no shut on the interface then it work fine for about 30 secs. Sometimes even for 1 hr. Then the packets drop and we cannot pass any traffic through this interface.Now, if the ISP connection is terminated on a computer it works fine. It works fine without dropping any packet. I have tried various options like using a straight/cross cable. I have tried to configure the interface negotiation for 100/full, 100/half, auto/auto and almost all the options. I have also tried to interconnect the devices using a L2 device like a HUB. Nothing works.
View 7 Replies View RelatedI want to configure a MAC address on my asa 5520 interface.I ask you if exist a private MAC address range?
View 5 Replies View RelatedI am troubleshooting interface resets on a 3660 connected to a 3550 over Fast Ethernet. I have hard coded both sides for full duplex and 100Mbit. The 3660 is incrementing interface resetes about 4-6 times a day and the 3550 is clean. I have noticed this in other similar configurations as well.
View 4 Replies View RelatedI had the 2 circuits go down at the same time from our ISP and I had to power cycle the router and when it came back up I went from VA # 2 to now VA 3#....I know what is what but it is confusing for my counterpart and I can not remove the old entry for VA#1 and VA#2. [code]
View 3 Replies View RelatedIs there any way to see on what ports a Cisco 5510router is listening to just like a "netstat -an" on UNIX would do. I could easily do a portscan to give me this report but would prefer having the information through a show command.
View 4 Replies View RelatedI have a 100mbps internet connection from my ISP but once the connection hits the ASA the download speed gets reduced to 15mbps. My network is setup as follows: ISP Modem ---- Edge Switch ----- ASA --- Internal Cisco Switches
If I plug my computer into an extra port on the Edge Switch I get speeds around 92mbps with normal traffic still going to the ASA. But when I plug into the ASA and internal switches I have speeds of 15mbps.
I have made sure that duplex/speed match on the links. I have done packet captures and within two minutes I do have several dup acks and retransmissions. The retransmissions don't seem to match the dup acks. (The retransmission is not for the dup ack requested so the dup ack keeps being resent)
The only interface error is on the inside interface which includes 700 overruns in a weeks worth of time.I am not using an IPS/IDS. I do have several vpns on it but was not going through a vpn tunnel. I am also using NAT.I am using an ASA 5510 8.2(1)
I have an ASA 5510 running 8.4 with dual ISPs setup on 2 different interfaces: outside(primary),backup(backup). I also have a site to site VPN to another ASA in another city. The VPN is now setup on the outside interface and works fine. What I wanted to do is to make the VPN run over the backup interface only.
So, I modified the the crypto map on the remote side to use the backup interface IP and created a tunnel-group for it. I then created a crypto map for the backup interface and enabled ikev1 on it. The default route is set to use the outside interface so I created a static route that routes traffic bound for the outside interface on the remote side to the backup interface default gateway. I can get the tunnels to establish but no traffic is passing through them. I though then that I need a NAT for the tunnel traffic to I created a NAT as well but still no traffic passed. I tried the packet-tracer and it said the traffic was allowed and from the show crypto ipsec sa command I can see the tunnel setup but no traffic will go across it.
i have an ASA 5510 My ISP provides for me 2 separate public networks. One is routable from outside of the world and one is not (and is used as a gateway for the THAT routable network)
Assume that non routable network is a.a.a.a and routable is b.b.b.b so we have 2 interfaces on asa - a.a.a.1 and b.b.b.1 Physically this network b.b.b.b is behind network a.a.a.a one cable comes to me and plugged to ASA As i said all traffic from/to external(routable) network is going through network a.a.a.a (and a default gateway at ISP) So the problem:For my international partners i need to provide VPN.So the traffic flow is the following:for exaple a client with public ip 1.1.1.1 using cisco VPN client trying to connect to b.b.b.1 The packet arrives to interface a.a.a.1 and............. Being discarded.7Dec 24 201211:09:477100051.1.1.162548b.b.b.110000TCP request discarded from 1.1.1.1/62548 to internet:b.b.b.1/10000 I assume that the ASA discards the packet BECAUSE IT COMES FROM a WRONG interface.Am i right?Also i tried to setup a bypas policy, but no effect?
Have an ASA 5510. Setting up a new DMZ zone for wireless and it will only have Internet access. What are the steps so that users on this new DMZ subnet can VPN into the Outside interface on the same ASA?
View 4 Replies View RelatedI have a Cisco 877 ADSL2 route rconfigured which isnt working. I think it may be the Telco at fault,I receive the following in a debug ppp negotiation
*Mar 1 01:08:23.300: Vi3 LCP: I CONFREQ [Listen] id 5 len 15
*Mar 1 01:08:23.300: Vi3 LCP: AuthProto CHAP (0x0305C22305)
*Mar 1 01:08:23.300: Vi3 LCP: MagicNumber 0x7498F253 (0x05067498F253)
*Mar 1 01:08:23.300: Vi3 PPP: Authorization required
[code]....
The relevant ATM and Dialer configs are -
interface ATM0
description AAPT ADSL Line
no ip address
no atm ilmi-keepalive
[code]...
I have a trouble with Cisco ASA 5510. I configured an SSL VPN with bookmarks to some application. When the users make access to the Web Portal they have to login twice: one for enter in the SSL and one for enter in the application.
How to bypass double authentication?
I attached the complete config. The earlier discussion, I cannot select reply. Looks like ACL is denying it. But I am not sure which one or how to permit it.
sh run
: Saved
:
ASA Version 8.0(4)
[Code].....
I would like to route traffic that are coming in and going out to the same interface on ASA. I am using inside interface with security-level 100. In this URL, [URL], ASA is able to do that.
View 5 Replies View RelatedI have recently installed an ASA5510 at a site in South Africa to connect via VPN to a site in the UK (ASA5520). The VPN comes up fine with the 5520 in the UK, however, I can not connect to the inside interface over the VPN, but can access it from the internal LAN. All other hosts on the LAN are accessible over the VPN.
The 5510 also has another VPN to another site in SA and the 2nd site cannot ping the interface either.
I need the ssh access on my ASA outside interface and have added
ssh ipremoved 255.255.255.255 outside access-list acl_outside extended permit tcp host ipremoved any eq 22 but this is the log i get from ASA
Oct 06 2012 16:10:04: %ASA-3-710003: TCP access denied by ACL from ipremoved/39884 to outside:ipremoved/22
Cisco Adaptive Security Appliance Software Version 8.2(5) Device Manager Version 6.4(5)
I currently have an ASA 5510 setup with Dual homed ISP's and a remote access IPsec VPN setup to terminate at either interface. The first interface is named Outside and the second is simply called Outside-2. When outside the company(such as at home), the VPN client will connect on the Outside-2 interface and work normally. The problem is while testing on our DMZ, the VPN Client will not connect on the Outside-2 interface. It will try that interface fail to connect and then connect to the backup Outside interface. This isn't a huge concern because it still connects, but if we were ever to get rid of one of those connections, it would be nice to reliably test from our DMZ.
View 1 Replies View RelatedI want to allow ICMP traffic on ASA 5510 from LAN interface to DMZ. I've permit any traffic and added ICMP to the inspestion list also but still there is problem. Belos is the configuration. The image is asa822-k8.bin
:
ASA Version 8.2(2)
!
hostname fw-01
names
!
interface Ethernet0/0
[code]....
I have a WAN interface and 2 LAN interface. I need both the LAN be able to access a server outside the network via the WAN (outside) interface. I am using a ASA 5510 firewall instead of a router, because I don't have a router. It looks simple enough but it does not work. I ping from the a PC (172.16.22.8) connected to LAN (inside) Network to 10.10.10.1 which is the WAN local interface also did not work. But from the ASA Firewall, I could ping my LAN (inside) PC. I followed a config i get from this forum. However, it did not work. Below my config.
interface Ethernet0/0
nameif outside
security-level 0
[Code]....
I'm not clear about the capabilities of the ASA 5510 GigE interfaces (eth0/0 and eth0/1) with an without IPSEC tunnels enabled.
This page [URL] shows a figure of 170Mbps 'Maximum 3DES/AES VPN Throughput'. Does that mean per IPSEC tunnel or for the whole interface if it is IPSEC-enabled?
I am having issues with the ASA 5510 management interface. I can't communicate with this interface. It is showing DOWN/DWON even if I type NO SHUT several times.
My existing config is as follows
our-asa-01# sh run
Saved
ASA Version 7.2(5)
hostname our-asa-01
names
dns-guard
interface Ethernet0/0
[code]....
I recently switched my connection from DSL to Cable and Linksys is telling me that I need to reconfigure my router, but they want to charge me for the tech support.
View 7 Replies View Relatedbought a home 3 weeks ago where there was already a linkysys router ewhen got internet hooked up they did using that already exsisting router. internet been workinhg fine till yesterday modem thru cable working good and right lights on linksys router working. but cant connect to the internetcalled linksys and said warranty up on this router and they want me to pay for continued phone supopoert for 30-50 dollars really.
View 1 Replies View RelatedI need configure a VPN site-to-site between two offices (Office A e Office B)The Office A (headquarters) have a Router CIsco 5510 and we have approximately 200 employess?
The Office B (branch) dont have any cisco Router but we will buy one ( is a small office, we have aproximadaly 20)?So I need configure a VPN site-to-site using the IPSec (do this is easy), but i need control the computers in the Office B that can access the Office A.
I Think that I can use a acl using the Mac Address to control, but how can I apply a control access List by Mac Address in the VPN site-to-site that is configured using a IPSec?
Is there other form to control the access of the Office B to Office A? We have a big fear for example, a unknow computer connect in the Office B using any mode off access (Ethernet cable, or Wirelless), and this "unwanted" computer access the Office A.
Today the power was fallen out in our area and the rv042g was turned off.After the power was back I was checking the router because some trafic didn't came through.Then I saw that all the services were messed up and also all the firewall rules were wrong.the lines were still there but it all was setup as [all 0-0].
After trying to restore a backup it gave me the same, even after resetting the router with the reset button for 30 seconds and doing a restore it didn't work.So I had to reconfigure the router from scratch.This services thing gives me a real pain in the *** because in a previous topic I also have mentioned that something is wrong with the services.
On our ASA 5510 we already have one ISP link terminated on outside interface. There is correspoinding nat and global configured for outbound access to internet.
Now we need to terminate second ISP link on one of the DMZ interface to have redundancy for the primary ISP.
When primary ISP link or router is down we need to send all the traffic to secondary ISP router. How do we configure NAT and global for this condition that only when primary is down then only this NAT -Global should be used. Do we have anything like object tracking associated with the NAT-global.
So that as long as Primary RTR - object is up ASA will use the first NAT-Global pair. When primary ISP is down RTR-Object is not reachable then ASA will perform the second NAT-Global operation.
Also can we have default route pointing to Outside interface (primary ISP router) and in case of primary router failure it will point to secondary ISP. Do we have "track" in the static route commands on ASA.
May I know the reason why we cannot create interface vlan on Cisco ASA 5510?
View 2 Replies View RelatedFTP traffic routed from outside to the inside interface works fine. I have another interface with multiple sub-interfaces and vlans configured. FTP traffic routed from the outside to vlan2_servers is not making it through the firewall. I must be missing something. I have attached my config.
View 4 Replies View RelatedWhether it is possible to have same vlan on multiple interface on ASA 5510 and higher models ?
View 2 Replies View Related