Cisco Security :: Can Add SSM-4GE Module In ASA5540-AIP40-K8 Firewall

Dec 11, 2011

I have requirement received from one of my customer. the part number given as ASA5540-AIP40-K8, same time requesting for addition of another 4Port GE Module (i believe its SSM-4GE Module). Is any option to add this module in to the above specified model (ASA5540-AIP40-K8).
 
As per my understanding the ASA5540 have the option to add 1 additional module only, so if we AIP-SSM module, we don't have any free slot left with to add another SSM-4GE Module in the firewall.
 
i am not getting even the option to add SSM-4GE in the ASA5540-AIP40-K8

View 1 Replies


ADVERTISEMENT

Cisco Security :: Does ASA5540-bun-k9 Support CSC-20 Module

Dec 13, 2011

One of my client want to upgrade its already installed ASA5540-bun-k9 by adding CSC-20 Module. As per below link CSC-20 is supported with ASA5540. but for any reason the ASA5540 bundle option with CSC Module  is not available that create confusion.Will CSC-20 Module work with ASA5540-bun-k9 [URL]

View 2 Replies View Related

Cisco Firewall :: Numbers Of Users For ASA Content Security Module 1703

Feb 1, 2012

I run a website for a local football team using Serif Webplus X6. On uploading the weekly updates of the site the process seems ok for a few minutes with progress bars showing uploading of files but then it all stops and I have to reset my wireless network adaptor 1703 and it continues but I can't just leave it to work on its own. Device manager says that the drivers are up to date but I'm fed up with having to nurse the adaptor. This didn't happen with previous computers.

View 2 Replies View Related

Cisco Security :: ASA5540 - Syslog Logging Everything

Jun 17, 2011

I am trying to log every connection (Build, deny, etc).But for some reason I don't see them sh log.

[Code]...

View 2 Replies View Related

Cisco Security :: ASA5540 Interface Input Errors - Overrun

Nov 16, 2009

Why packets overrun are incrementing on the ASA even when I've only 40Mbps of throughput traffic?All interface are 1000- Full Duplex, both on ASA and on Catalyst3750.I've test the ASA5540 generating GET HTTP, about 40Mbit of traffic.When I use one ingress interface and one egress interface, interface input overrun counter is zero.When I use the same traffic with 3 ingress interfaces(slot0) and 3 egress interfaces(slot1), interface input overrun counter increase(60k overrun in only 2 minutes).

View 4 Replies View Related

Cisco VPN :: ASA5540 - AnyConnect Mobility Client / Post-login Security Message?

Jul 27, 2011

Using AnyConnect Secure Mobility Client, logging into ASA5540.  After I put my credentials in, I get the banner message (from group policies).  After I accept that, I get another pop message stating:It looks like a pre-set message.  Where can I disable and/or edit this message?

View 4 Replies View Related

Cisco Firewall :: ASA5540 - EAL4 Transparent Firewall Config

Mar 14, 2011

I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere. Does MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?

View 1 Replies View Related

Cisco Firewall :: VPN Between ASA5540 And Router

Sep 10, 2008

I had a working vpn configuration between a local and a remote router; the remote router is not under my administration.Now I moved the vpn termination from my side to an ASA5540 software version 8.0(3). The tunnel is up but there is no reachability. The "show crypto ipsec sa" on the ASA shows encapsulated packets but NO decapsulated packets! Routing and no_nat are properly configured.

View 28 Replies View Related

Cisco Firewall :: K-value Mismatch With EIGRP On ASA5540

Mar 7, 2011

I have an ASA- 5585X (v.8.2.4) directly connected to an upstream 6509, which is running EIGRP. I configured the ASA for EIGRP with same AS# and network numbers and no auto-summary.   Here are the log messages I got:
 
Mar  8 15:11:08: %PIM-5-NBRCHG: neighbor 164.72.178.28 UP on interface Vlan150 (vrf default) Mar  8 15:11:08: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 164.72.178.28 on interface Vlan150 (vrf default)
Mar  8 15:11:11: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 164.72.178.28 (Vlan150) isup: new adjacencyMar  8 16:16:08: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 164.72.178.25 (Vlan150) isup: new adjacency
Mar  8 16:18:54: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 164.72.178.25 (Vlan150) is down: K-value mismatch
 
I lost my SSH connection to the upstream 6509 and couldn't get it back. Luckily I didn't lose my ASDM connection to the ASA, so I disabled EIGRP and went to look at the logs on the 6509.
 
What causes a K-value mismatch, and how to I rectify the situation?

View 1 Replies View Related

Cisco Firewall :: ASA5540 Configured With Standby IP

Aug 6, 2012

I have this 2x ASA5540 firewall and notice the it is configured with a standby ip. The firewall is run in Active/Passive mode.However, the standby ip of this firewall is not point to the secondary firewall and vice versa for the primary firewall. [code]

1) May i know how is this configuration valid in the first place? I have checked through the configuration. None of the configuration is related to this ip address.
 
2) Can we remove this standby ip address on both the firewall and correct to the correct primary and seconadary ip address in both firewall?
 
3) We tried to use this ip address but cannot be used ? Is it related to the configuration of the standby ip address.Do note that the ping to this ip address x.x.x.120 is unreachable.

View 1 Replies View Related

Cisco Firewall :: One ASA5540 With Two 3750 Connections

Jan 9, 2013

i have two CAT3750 need to place in L3, and it supposed that used as L3 switches by SVI for L2 routing, and I want to these two configured as redundancy by HSRP. but now I can only have one ASA5540 to connects these of L3 switches.
 
so, here is my questions:
 
1. does ASA5540 support multi vlan?

2. does it support spanning tree protocol?

3. if I've choiced to use trunking between two L3 switches, does it can pass through HSRP hello msg?

4. achive network redundancy

View 3 Replies View Related

Cisco Firewall :: Config Migration From ASA5540 To An ASA5545-X?

Jan 22, 2013

Customer has a ASA5540 at their main location and need a new ASA5500 for a DR site.
 
Can I simply take a config file from an ASA5540 and easily drop it on an ASA5545-X or what ever?
 
They are going to be using it as a VPN concentrator primarily.
 
Or are there going to be issues since the 5540 is running 8.4(5) and the 5545-X? Or if they upgrade to 9,0(1) or higher, then they should be the same?

View 2 Replies View Related

Cisco Firewall :: ASA5540 Port 80 Redirect To Https

Dec 21, 2011

Windows IIS server configured behind a Cisco ASA 5540 listening on port 443 currently. Access-list and static translation configured. I have been ask to redirect all port 80 calls to port 443 for this web site only at the firewall. I have suggested moving it behind our content switch with negative results. Can we do this at the firewall level? how to accomplish the redirect for a single site. 8.2.4 is current code

View 4 Replies View Related

Cisco Firewall :: ASA5540 Memory Upgrade - 3Gig

May 10, 2011

I upgraded our ASA5540 to 8.4, THEN noted the increased requirements for Memory. I purchased the 2Gig upgrade, but when installing in the Primary unit today, noted that there were 4 slots. Slots 1/3 had 512Mb modules, so I installed the 2 x 1Gig modules in slots 2/4.
 
The ASA5540 came up clean, and it "sees" the entire 3Gig of memory.
 
My question: Is this a SUPPORTED configuration? All documentation I have read only mentions 2Gig of memory. Also, If I had FOUR x 1Gig memory modules, would the ASA5540 support the 4Gigs of memory?

View 1 Replies View Related

Cisco Firewall :: Fails To Download File Through ASA5540

Dec 12, 2011

We have ASA 5540 with 8.2 SW. We are trying to download a file (3 MB pdf)  from https session which fails if done behind the firewall. In case, the client bypasses firewall, the file gets downloaded as usuall. Interesting thing here to note is that when client is behind the firewall, its takes a long time to download the file and the file size always 312 Bytes, of course its a corrupt file.

View 3 Replies View Related

Cisco Firewall :: ASA5540 Management Interface IP Addressing?

May 9, 2011

How does one allow /31 mask for an management interface on an ASA5540 using version 8.3(1)?
 
I need to configure a 192.168.x.y /31 on the management 0/0 interface of a ASA5540 and it is providing me with the following error:ERROR: /31 mask is not allowed

View 1 Replies View Related

Cisco Firewall :: Interoperability ASA5540 Routing And Nat With The Same Zones?

May 18, 2011

I am migrating firewall fortinet to ASA5540 with inside (192.0.0.0/24), dmz (192.168.0.0/24), and outside (x.x.x.x), but the users of inside network gain access to the aplication for two ways: the first way is trough routing between inside and dmz, for example 192.0.0.200 to 192.168.0.20, and the another way is trough static nat between inside and dmz for example 192.0.0.200 to 192.0.0.20 (192.168.0.20 static nat). Is posible in Cisco configure that? because when i configure only firewall route the first way is OK, but when i add the second way only nat is work!

View 10 Replies View Related

Cisco Firewall :: ASA5540 Can't Get DHCP Service From Outside To Inside Network

Jun 13, 2012

I have an inside network using PAT to one outside address. Our DNS server is on another local, but outside address.  I can't get the inside network to successfully get addresses.I have another inside address that just uses the wirewall and gets addresses just fine from the same server.I have the box checked in ASDN that enables DHCP on the inside interface and points to the correct DHCP server,PAT service is working properly if I use a hard coded address for a machine on the inside network.This is an ASA5540 with 8.3(2)

View 2 Replies View Related

Cisco Firewall :: How To Clear Input Errors In ASA5540 Interface

Feb 26, 2013

My Expertise with Cisco ASA is Very less. I have observed Input errors in a Couple of Interfaces in Cisco ASA 5540 Firewall.   [code] I need to Clear the Input errors on this particular Interface.Will Clear interface GigabitEthernet 0/0 will work?

View 4 Replies View Related

Cisco Firewall :: ASA5540 Dropping Packets On Large FTP Transfer

May 23, 2011

I am attempting to FTP to a remote site through a IPSEC tunnel.When I am transfering large files the ASA5540 is showing syslog errors stating "connection timeout".  What I think is happening is after about 1 hour the firewall is closing the connection control port for the FTP session and neither end is notified so eventually the transfer is stopped.What do I need to modify in the FW to accommodate these larger files?

View 1 Replies View Related

Cisco Firewall :: ASA5540 - No ICMP Reply From Inside Sub-interface

Apr 28, 2013

I need to monitor with ping the inside sub-interface of my ASA5540, is that possible? I get the ICMP requests but no replys going out from the box.
 
 I need to ping the 192.168.10.250 from the 192.168.5.55:
  
ASA Version 8.0(5) 
interface GigabitEthernet0/1
nameif inside

[Code].....

View 2 Replies View Related

Cisco Security :: CSC-SSM-10 Module Cannot Update

Jan 28, 2011

I have Cisco ASA 5510 with CSC-SSM-10. ASA anti-virus service can not update the Base and Plus lisense. No Activation Code required for renewal. I go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date.In the module on the Check Status Online has reported the following error when: Base License status could not be checked because of a license server failure. "Please try again later", "Plus License status could not be checked because of a license server failure. Please try again later". UPDATE manual virus database can be seen in the latest available version, can not be upgraded because the service expired.

View 2 Replies View Related

Cisco Firewall :: ASA5540 - Disabling Anti-Replay For Specific Tunnel

Sep 23, 2012

We need Solution for disabling Anti-Replay on the Firewall for a specific tunnel. ASA 8.4(2) ) does not support disabling Anti-Replay on specific Ipsec tunnel , is it true , then if we want to disable Anti-replay , what we have  to do in ASA5540 .

View 4 Replies View Related

Cisco :: ASA5540 - Run Firewall To Display MTU Packet Size Being Received On Interface?

Jul 5, 2012

I have a ASA5540 firewall set-up with an interface MTU of 1500.  
 
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this.  Any command that can be run on the firewall to display the MTU packet size being received on an interface?
 
We are also running Solar Winds so could query an OID if such a variable exists.

View 1 Replies View Related

Cisco Firewall :: ASA5540 In Multiple-context SNMP / Icmp Doesn't Work

Jun 10, 2013

what´s going on with an asa540 configure in multiple-context mode.   I Have a cacti server on my lan and now I´m try to monitoring the interface with snmp. When I try to get this information returns the error message:
 
CISCOASA/CONTEXTA#
JUN 11 2013 01:52:00: %ASA-1-1-6021: Deny UDP reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
JUN 11 2013 01:52:01: %ASA-1-1-6021: Deny UDP reverve path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
 
If I try to ping returns the same error:
 
CISCOASA/CONTEXTA#
 JUN 11 2013 01:56:09: %ASA-1-1-6021: Deny icmp  reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
   
Following attached the conf of my asa   My question is Why I can´t ping or even use snmp ?

View 5 Replies View Related

Cisco Firewall :: ASA5540-AIP20-K9 / Discover Actual Product Part Number

Nov 16, 2011

how can i discover product actual part number from the device through console.I have a bought a cisco  ASA5540-AIP20-K9 and i want to check either is the product is shipped us as a right product.And i want to check total BoM requriements from entering the ASA console through any CLI Command.Below My Cisco ASA BoM which i purchased.
 
ASA5540-AIP20-K9ASA 5540   Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES1CAB-ACUAC   Power Cord (UK), C13, BS 1363, 2.5m1SF-ASA-8.3-K8ASA   5500 Series Software v8.31SF-ASA-AIP-7.0-K9ASA   5500 Series AIP Sofware 7.0 for Security Service Modules1ASA-VPN-CLNT-K9Cisco   VPN Client Software (Windows, Solaris, Linux, Mac)1Included:   ASA5540-VPN-PRASA   5540 VPN Premium 5000 IPsec User License (7.0 Only)1Included:   ASA5500-ENCR-K9ASA   5500 Strong Encryption License (3DES/AES)1Included:   ASA-AIP-20-INC-K9ASA   5500 AIP Security Services Module-20 included w/ bundles1Included:   ASA-180W-PWR-ACASA   180W AC Power Supply1Included:   ASA-ANYCONN-CSD-K9ASA   5500 AnyConnect Client + Cisco Security Desktop Software1CON-SU1-AS4A20K9IPS   SVC, AR NBD ASA5540 w AIP-SSM-20,4GE + 1FE,3DES/AES1 

View 6 Replies View Related

Cisco Security :: CSCSSM 20 Module On ASA 5510 Causes 100 Percent Cpu Usage

Aug 13, 2011

I installed a CSC-SSM-20 module on ASA 5510. After policy services  have been enabled, services works well for a few minutes, after that the  cpu usage's module rise to 100% and all http traffic is wholy blocked,  till the cpu usage go down.This happens very frequently and  traffic stay blocked for such a long time that it makes the csc-ssm  module unusable. It's disabled right now. ASA version is 8.2(1)and CSC-Module version is 6.6.1172.0.

View 1 Replies View Related

Cisco Security :: Configure FWSM Module In Core Switch 6500

Mar 9, 2007

how to configure FWSM module in cisco core switch 6500

View 2 Replies View Related

Cisco Security :: ASA5520 Send Traffic To SSM Module / Internet Connection Becomes Slow

Jun 8, 2011

I have installed CSC-SSM-10 on cisco ASA 5520.I am facing two problems

1 : When I send traffic from ASA to SSM module then internet connection becomes slow and sometimes internet session disconnected.
2. When I try to manual update then following erros shows please see attachment .

View 6 Replies View Related

Cisco Switching/Routing :: 1941 Port-Security With Router Switch Module

Feb 29, 2012

I have a 1941 that I am going to deploy with a HWIC-D-9ESW switch module (I only need 3 switch ports but need the PoE).  I am going to hang a 1262 autonomous AP off one of the ports but I need to configure MAC address port-security so that only that AP can pass traffic. I know the switch modules are 'almost' exactly like a switch for commands but I can't seem to enable or configure any port-security settings.  Is port-security no available on the switch modules?

View 3 Replies View Related

Cisco Firewall :: 5585-x With IPS SSM 40 Module

Jun 2, 2013

We have installed 5585-x in active/active mode with transparent firewall. We have created two virtual sersors for vs1 and vs2 in IPS module and linked with ASA context C1(vs1), C2(vs2) and admin(vs0).

As firewall is working in transparent mode, we have bridge IP address for context C1 10.1.1.1 and for context C2 10.2.2.1.

I have added default routed for context C1 10.1.1.2 .It is in the outside of asa and SVI on switch.For the other context C2 10.2.2.2.

IP address range for the IPS module and what should be the gateway for IPS module.AS the traffic is coming from outside and going to inside interface of ASA.

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - CSC SSM Module

Mar 24, 2011

I am using an ASA5510 and I would like integrate the CSC SSM module in it. What is the Process to upgrade, is it possible and Where I can find it ?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 With IPS Module?

Oct 1, 2012

I have a couple of ASA 5510 firewalls configured and working.  I'm now charged with configuring the IPS modules.  I'm having to do this remotely.  Since the IPS module hasn't been configured I'm guessing it's on 192.168.1.2 with the default username/password.
 
I'm told that the workstation I access from connects through a switch to the ASA and to the IPS.
 
I've set the ASA management port to 192.168.1.1.  I can't ping 192.168.1.2 - not sure I'm supposed to be able to.  In the ASDM, Configure IPS prompts for an IP address.  Entering 192.168.1.2 returns "IP address of the management port is unreachable". 

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved