Cisco Security :: ASA 5520 No Longer Sending Log To FTP
Sep 22, 2011
We have a ASA 5520 which is configured to send log files to an ftp server. It has been doing that until recently I found out that it stopped sending the logs on August 11. I can't remember what I have changed in the ASA config to make the ftp stop. I changed the ftp config to another server but it won't upload any log file.
What can I do to make the ASA save the log buffer to the ftp server again?
having recently downloaded a bandwidth monitor widget, i notice that something is sending 1.625kb of data, OVER AND OVER. i am experiencing zero issues with my pc functionality, but am concerned about what is sending data out from my pc.in desperation, i tried a 3rd party firewall, zonealarm. even after installing it, the data continues to be sent. i have looked through my running processes, ending several auto-updaters, closed my browser and anything else i can think of that might use my internet.
I have a project to upgrade an ASA 5520 to 9.1.x, then add another ASA for failover. What will be the correct way ?
I had the 2 Gb memory.
I have rewritten all nat statements (during my other 8.2 to 8.3 or 8.4 upgrade project, the nat conversion was catastrophic, so I rewrite all now).
Can I upgrade directly to v9 ? Or 8.2 -> 8.4 -> 9.1 ?
I think to :
- inject actual config in the new ASA in 8.2 - remove nat statement - upgrade to 8.4 - configure new nat - upgrade to 9 - connect the new ASA to the network and deconnect the other ASA - test - upgrade old ASA to 8.4 or 9 directly ? - configure failover
Do I need the security plus license to do HA with two 5520's?I was told by our purchasing department that the 5520 was supposed to be able to do HA out of the box, but when I look I see only the VPN + license. Does that mean I can download the security plus license? Or do I even need it on the 5520.
I have an ASA 5520 running 8.0(3) with two Subinterfaces configured like this: ================================= interface GigabitEthernet0/1 nameif inside security-level 100 no ip address ! interface GigabitEthernet0/1.72 description VLAN 72
(notice that they have the same security-level)I need to control the traffic between them with ACLs so I in ASDM unchecked "enable traffic between two or more interfaces with same security level" and "enable traffic between two or more hosts connected to the same interface"Now I cannot ping from one Vlan to the other, as expected,,, but I tried many different ACLs and I cannot ping or telnet to the other side from either one.
I have a SSL certificate from a third party that is showing under the Identity in ADSM, howerver the audit scan of the firewall shows that the SSL Certificate Signed with an unknown certification Authority. I have installed the Intermediate Primary and Secondary Certificate from the third party under the CA Certificate of the ADSM however when I verify the SSL certificate it still shows as self-signed. What other steps do I miss. I have attached some screenshots.
I have a DMZ (50) from where I need to allow some protocols to inside zone (level 0). I am doing that with ACL, but after having done that the implicit security level rule to lower level (outsite level 0) is not working anymore, I guess by the implicity deny after the acl. I'd need allow traffic to the outside zone from DMZ, as well as the inspect traffic from the inside one. Is there anyway to have both ACL and Security levels?
If not, what do I need to do to just allow some protocols going to higher level and leave the higher-to-lower traffic inspected allowed, same schema as we have with security levels.
I'm trying to establish a site to site ipsec tunnel between an ASA 5520 and a Nortel Connectivity box. Despite trying a number of different transform sets and IKE setups it keeps failing at phase 1 with:
Information Exchange processing failed Received an UN-encrypted INVALID_ID_INFO notify message dropping.
On a Cisco ASA 5520. I have 2 interfaces that are the same security level. I need hosts on 1 of these interfaces to be able to get to a specific IP and port on the other but I DON'T want to blanket enable 'same-security-traffic permit inter-interface" I have added an ACL inbound on the interface allowing the desired traffic and inbound on the other for return traffic and it simply doesn't work.
I have issue with traffic passing between same security level interfaces. I want to control traffic between same security level interfaces with ACL. Even no restriction, traffic does not go through. [code]
I tried to access server from THREE network to web server at FOUR network I have no response. In sh xlate output it shows "PAT Global 10.124.104.254 (28889) Local 10.124.103.1(2922) " I am not sure what else should I do. I add both same-security-level commands and it is the same.
We have two multilayer switches and only one ASA 5520. I'd like to connect ASA in the way described on the picture: each redundant interface includes two physical ones, which are connected to different switches
My question is what kind of link it is necessary to have between switches to make this idea work? I'd have subinterfaces like Re1.100, Re2.200 and so on for my traffic.
I understand that correct design approach is to have two redundant firewalls with failover but we cannot purchase the second one yet.
I recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
I am having some challenges on my DMZ network.My servers and Cisco Switches in the DMZ are picking the mac address of the Firewall(Cisco ASA).I have put some static arp entries on the Firewall and switches but the servers and users on the DMZ are still receiving the mac address of the Firewall.How can i stop the Firewall from changing the mac addresses of the devices on the network.My ASA is a 5520 and i have 2960Switches.
I have a ASA 5520 upon which I need to build a WebVPN for the company urls - webmail, intranet portals etc. There will be 2 groups -
a. Confidential Access - For senior management. b. Public Access - For employee access.
RSA Token & LDAP auth would be used for access to the WebVPN. However, I am unclear on certain aspect.How do I isolate the 2 groups? I mean only Senior management should be able to view & access the first set of links while employees see and access the other set of links only.Both the groups will be available to all users loggin on to the WebVPN. Since the authentication mechanism - LDAP - is the same, anyone would be able to access the groups and in turn, urls.
Ive got a virtualised firewall running 3 security contexts in routed mode. What am experiencing is that i cannot connect to an OUTSIDE host through the security contexts. From the firewall itself i cannot ping the directly attached host on the OUTSIDE interface but i can ping the directly attached host on the INSIDE interface. When i reload the firewall box, the first ping to the OUTSIDE host would be successful but subsequent pings fail and thus total connectivity is lost.
I even tried upgrading to ASA version 8.4(1) but still the same.
I was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
I've just completed a port security project at a site on numerous Cisco switches and all works well, however they have 2 Nortel 5520 switches (which I left until the end) which they would like to lock down. I have logged a message on the Nortel forums and I have heard nothing for days. I just need to lock 2 ports down to the Mac address of 2 computers stopping any other computer being plugged in.
I´m trying to configure a subinterface named Inside with vlan 1 but the interface stops work with this vlan.My switch is a Cisco and use the lan with vlan 1 too.If I change de vlan for other i.e vlan13 works fine. And all others vlans works fine too.Is there a problem to use the vlan 1?
My configuration is:
Cisco ASA: interface gig0/3 no ip address no security no nameif
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
i have an ASA 5520 Version 8.0(2), i configured the VPN site to site and works fine, in the other apliance i configured the VPN Client for remote users, and works fine, but i try to cofigure the 2 VPNs on ASA 5520 on the same outside interface and i have the line "crypto map outside_map interface outside (for VPN client)", but when I configure the "crypto map VPNL2L interface outside, it overwrites the command", and therefore I can only have one connection. [code]
One Day the internet is fine the next day The Internet Stopped working. The problem is my pc is sending packets but not receiving any i though it was a bug or something so i restarted my pc after i restarted my pc the internet was working fine until a couple of minutes passed it stopped receiving packets again.i tried resetting the modem but nothing worked.I tried winsock fix or resetting TCP/IP and stuff but nothing workscause its starting to frustrate me.
Our computer is sending but not receiving packets. We've tried 3 different wi-fi adapters, and that wasn't the problem. We have no idea what's wrong? It won't pick up any wireless signals by the way, and it works fine while connected via Ethernet.
I'm looking for troubleshooting LMS 3.2.1 and the ping/ICMP traffic it transmits.A lot of my devices are receiving a lot more pings from LMS than I would have anticipated.I don't run PING sweeps in Device Discovery or CM-UT. I've even disabled DFM polling in a hope to trace the source of these PINGs. Any list of which modules use PINGs so I can turn them off and track down the offender.I really only want to manage the known devices I already have via SNMP alone. I don't require LMS to be PINGing for discovery or reachability purposes.
I have the following problem, right now we have an ASA 5550 connected to the client´s side. A reset is being received on the client´s side, but when we run the sniffers on both extremes of the network, we can see that the reset is not being sent by the server´s side.
We have narrowed it down to the 5550 ASA, but have found no bug that matches the description.
The characateristics of the reset packet are the following:
- It is the only packet with a TTL of 255.
- Both server and client have very different window sizes, and the reset packet even though has the server´s ip and port as source of the packet, it has the client´s window size.
- It has a correct ack number.
-Before the reset is received, there are a couple of retransmissions of the last packet sent.
- We´re handling a VPN tunnel between both servers.
No School havn't own email server, Just we want email within the Lab. (There are 20 PCs on all PCs Windows XP (Service Pack 2) & MS Office 2003 installed.Now tell me how can we send/receive email via using outlook.
I had a customer call me and her desktop (wired connection only) is sending and receiving packets but she still cannot connect to the internet. Customer has tried power cycling her modem, router and desktop with no avail. Her system is running XP.
Alright, so we have about six computers on average all on at the same time, working just fine, last night one of the laptops just, stopped working, saying there is no internet access, With every attempt it doesn't send any information. When I disconnect it from the wireless, then reconnect it, it immediately receives packets but won't send any.