i hav asa5520 i copying configuration from PIX to ASA5520 (7.2) everything working fine bt problem is that after sometime my DMZ interface losing connectivity ...
View 1 Replies
I want to put the asa5520 to the factory default please let me know how to do that. how to remove the configuration file from it.
View 5 Replies View RelatedI just received a DIR-615 in the post that I bought on eBay. I currently have a DI-624 at home .Will I be able to copy the configuration from my old router to this new one?
View 3 Replies View RelatedHow do i copy the configuration file from a switch to a storage device (USB)
View 1 Replies View Relatedi have to configure 80 Cisco 876 routers, so i planned to copy config via tftp from one configured router to PC, edit it in text editor (change ip addresses, dhcp pools, vpn keys...) and then copy it via tftp to another router, etc... Configuration looks fine and it works when i paste it in cli, but when i copy it via tftp i'm getting strange problems like dhcp not working or snmp not accessible. Am I missing something.
Here's config from router with dhcp problem:
ROUTER#sh run
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers(code)
i have a 7206 router to be used as a gateway for internet router 7206 inerfaces are connected directly to cisco switch 2960g note that 7600 work only at 1 gega , and cant be used for 10 or 10 . im looking forward to use router 7600 instaed of 7206 i copied the config of 7206 and pased in 7600 but some commands which are under interfaces command was not accepted here is the config which as not accepted in 7600 router
%%%%%%%%%%%%%%%%%%%%%%%%
duplex auto
speed auto
media-type rj45
negotiation auto
%%%%%%%%%%%%%%%%%%%%%%%%
note that the 4 lines above was not accpted in 7600. does these commands will affect the new config ?i just want to ask before im trying to apply this config to production network?
I have an ASA 5520 K8 with a smartnet contract, how can I proceed to get K9 software so that I will be able to use 3DES/AES encryption key.
View 1 Replies View RelatedI have a problem with RME 4.2 from CWLMS 3.1. I have configured SSH in my asa 5520 device but RME can't get the configuration file. I ran a job to sync archive but i get this message error:
*** Device Details for ASA_5520_VOZ_01 *** Protocol ==> Unknown / Not Applicable Selected Protocols with order ==> Telnet,TFTP,SSH Execution Result: CM0062 Polling ASA_5520_VOZ_01 for changes to configuration. CM00 Polling not supported on
[Code].....
We have an ASA5520 firewall, IOS 8.0(4), running in routed mode with an operational Cisco 2821 router to ASA-5520 L2L IPsec VPN.:All Internet searches explain how to enable a L2L IPsec VPN from the LOWER security-level interface to a HIGHER security-level interface- and this is how our setup is configured and it is operational and working fine.:We now have a need to setup another L2L IPsec VPN tunnel on the same firewall BUT this time traffic will be arriving on the HIGHER security-level interface destination is to a LOWER security-level interface.:Is it possible to enable a L2L IPsec VPN tunnel between a HIGHER security-level interface to a LOWER security-level interface?
View 5 Replies View RelatedThis is my 1st time trying to configure an ASA.
I'm trying to establish a very basic connection (ping) between 2 laptops, one sat on the outside interface, and one on the inside as per the diagram below:
I can ping back and forth from the ASA to 192.168.1.4, and to 10.1.1.1. However, what I'm trying to achieve is to be able to ping from 10.1.1.1 to 192.168.1.4 and vice versa.
I have attached the configuration file with this post as well.
i need replace a Fortigate 310B with Cisco products, that is, all Web Filtering, IPS/IDS, AV, so, the question is, what we can use to replace?First, we can use Cisco ASA 5520 right? with CSC Module, so, this for Anti-X, but for IPS? is better router with IPS on IOS? or IPS Sensor? or other Cisco ASA with IPS Module?
View 3 Replies View RelatedA simple question - I have ASA 5520s and was wondering what license is required to create multiple (more than default 2) security contexts.
The ASA already have ASA 5520 VPN Plus license.
Software Version 8.4(1)
We have a pair of ASA5520 firewalls setup in a very inefficient fashion, and I wish to convert them to an active/passive cluster. Trouble is, there are a number of configuration option I will need to re-implement (VPN tunnels, remote users etc), and trying to capture the configuation with a simple "show running-config" or "show running-config all" or even "show startup-config" doesn't get me things like the pre-shared-key from the VPN configurations - and I don't know them all, so I can't simply re-enter them.Is there any way to get a dump of the running (or startup) config which shows the hidden settings like pre-shared keys and OSPF message digest keys?
View 5 Replies View RelatedI am going to migrate an ASA5520 with another one having VPN configuration+certificates etc. I am a bit concern about the certificates. Shall I need a new certificate because of new IP addresses on the new ASA ? Should I configure the same IP in order to avoid this. There are many VPN clients with public keys that also need to change. Is there any way for minimal changes for migration ?
View 4 Replies View RelatedI have installed CSC-SSM-10 on cisco ASA 5520.I am facing two problems
1 : When I send traffic from ASA to SSM module then internet connection becomes slow and sometimes internet session disconnected.
2. When I try to manual update then following erros shows please see attachment .
We received an ASA5520-K8 through Cisco's Loan program so we could demo it as a replacement for our aging Cisco 3005 VPN appliances. Given that we are a non Cisco shop (except for specific appliances like concentrators and wireless access points), I don't have a great deal of experience with Cisco gear.I started to set to setup the appliance this morning but immediately ran into issues. The 5520 doesnt seem to be acting as a DHCP server, and worse yet, I can't access the unit even if I hard code the IP on the PC being used for configuration. I have to say that I feel kinda stupid having to post this, since I actually followed the documentation avaiable for this menial task and I fully expect the problem to be a simple one. Namely, I am using two specific sources of info for connections.
View 20 Replies View RelatedI am forced to upgrade my ASA 5520 software from 7.1 - 8.2 or higher, as I am not familiar with ASA I need expert opinions.I have following concerns regarding the upgrade.
1-Do I need to worry about the software licensing when I download 8.2
2-I read about the few difference in commands (ACL and NAT) in 8.2 what exactly I have to do here should I change the configured NAT and ACL with real IP in the existing configuration after the upgrade ?
I am in the process of migrating my config from my PIX running 8.0(4) to my ASA5520 running 8.2(1). I have converted the config so that it is ready for the ASA. I noticed the "boot system flash:" and "asdm image flash:" command references the old PIX files. Do I need to update these or will they be updated when the ASA reboots with the new config?
View 2 Replies View RelatedI have an ASA5520 in location A with an ISP connection and a matching ASA5520 in location B with a separate ISP connection. We have fiber connecting the two locations and vlans passing back and forth so I will be able to configure the failover via a vlan as well as extend the ISP's to each location via vlans. The Active/Active configuration with the multiple security contexts does not seem to be an issue but how is a redundant ISP configured in this mode?We want to have context A using the ASA in location A with ISP1 as the primary and failing over to ISP 2 in locaiton B We also want to have context B using the ASA in location B with ISP 2 as the primary and failing over to ISP1 in location A Would route tracking provide the desired result? Is there a better option?
View 1 Replies View RelatedOur firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
I try to configure PGM in my 2911 plattform but it was impossible. I tried with many 15.1 version that support this protocol.
Someone configured PGM over 2911 Routers? What does correct IOS for work?
Our client ( a webhost, they have a lot of servers ) has a an older Cisco Pix, everything works fine with the PIX. They have a Cisco ASA 5500 with ASA version 8.3 , to replace the PIX. Upon migrating the PIX config to the ASA we are running into issues with Dynamic NAT. The static NAT entries are working flawlessly (there is a lot of them), however when Dynamic is enabled for the remainging hosts, outside communication works then drops off. The remaining hosts need outside access for updates. We have access lists set up but I dont se ehow that could cause a problem when the original ACL's were working fine with the PIX, they have not been altered.
The NAT config may be wrong or cluttered, have a look at the full NAT config.
The static NAT addressing is the same, example 207.11.129.65 will equal 10.10.10.65
saw that we can secure ripv2 via authentication (simple and MD5) ,i undertand that simple is not quite secure because we can see the plain text when capturing RIP packets
however even with MD5 i can see the authentication data (output of MD5) and i think hacker can copy it and paste it in one RIP packet that he will generate !! isn't it ? so how much MD5 is secure ?
I was given a 510 PIX Ver 6.3(1)to reconfigure but have no information on the existing configuration and need to wipe it clean and start over how can I do this to get back to the factory default settings. I have tried the "monitor>" but I don't know the IP address of the PIX interface.and am not sure how to do the setup for recovering the password.
View 7 Replies View RelatedWe have had an ASA5505 for close to two years. About a year ago, we added a second ISP ("BOB") which became our primary and our old one (SBC) became our backup. I successfully modified the config for this and it's been working well.
Now we're changing our primary ISP to Comcast and getting rid of BOB, so right now we actually have 3 ISPs coming into our building.
I removed the BOB interface and routes, then added an interface for Comcast using an IP address from the range they provided as well as a static route to the gateway they provided - everything is analagous to the previous interfaces and routes, but it doesn't work. If I physically disconnect the Ethernet cable going to the Comcast cable modem, then the ASA does fail back to the SBC interface as expected. If I put the BOB interface & route back in there, it works again through BOB.
If I connect a PC to the Comcast cable modem and use an IP/Gateway they provided, the Internet connection *does* work. Using this same exact IP info in the ASA doesn't work.
Is there some other configuration item besides interfaces and static routes that I should be modifying? Is there some way I can dig deeper into the ASA to see exactly what is failing?
I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.. then what i do is a copy start run to get the configuration active..
View 2 Replies View RelatedI have got a working 5505 running 8.3.1 firmware and 6.3.1 ASDM.I have now purchased a second unit and ensured that both units are running the same firmware levels etc.
I have via the ASDM created a backup of the working units configuration, and now i want to load this configuration onto the second unit.I have connected the consiole cable up to the second unit and tried pasting in the contents of the configuration file but no joy.I want to ensure that my configuration will work on this unit before i configure the two units in Active/Passiove configuration.
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
: Saved
:
ASA Version 8.2(5)
!
hostname textasa
domain-name testcorp.com
enable password 579oWRzSY5syo9yt encrypted
passwd 579oWRzSY5syo9yt encrypted
[code]....
How to set upo configuration & Security after reset
View 2 Replies View Relatedi just deployed Cisco NAC version 4.8.1 Virtual Gateway OOB on a LAN envieronment and on a WLAN envieronment, it works fine for some users , they can authenticate via the agent or web page, and then they are redirected to the access vlan, But for some other users in LAN and WLAN , when they try to authenticate via agent or web page the following error appears:
Invalid switch configuration-OOB Error:OOB client "mac/ip" not found.
I tried to find some pattern for the users but it dont match any pattern.
I have a problem exporting the config from a 1112 appliance.It does not boot up properly. GUI logon and authentication is not possible.I can console and SSH to it but the only thing i get is the commands below and nothing else.Could not chdir to home directory /home/admin: No such file or directory
View 2 Replies View RelatedI recently configured WCCP with a Sophos Web Filter on my network it works good but the problem I am having is I have two 5520s so I am directing the device to look at 2 different IP addresses and since the devices are in an Active/Passive failover. The problem is because the second device is in a passive failover it is not responding which is throwing connection errors to my Sophos device. I know you can have a single management connection for the ASA's but is there a way to have a single IP for the ASAs for the WCCP?
View 1 Replies View RelatedI'm having some issues configuring NAT statements on my ASA5505 which has recently been upgraded to 8.41.
I have a single dynamic IP on the outside interface of the ASA and would like all internal hosts to NAT/PAT to it. In addition, I would like to have several ports 'forwarded' to internal hosts, one of which is TCP/4343. With the current configuration all hosts are NATing to the external interface properly but the service running on TCP/4343 is not accessible from the outside. See command output below:
"sh run object" output:
object network DrJones host 10.81.220.90object network LAN-10.81.220.0 subnet 10.81.220.0 255.255.255.0
"sh run nat" output:
object network DrJones nat (inside,outside) static interface service tcp 4343 4343object network LAN-10.81.220.0 nat (inside,outside) dynamic interface
"sh run access-list" output:
access-list inside_access_in extended permit ip 10.81.220.0 255.255.255.0 anyaccess-list outside_access_in extended permit icmp any any echo-replyaccess-list outside_access_in extended permit tcp any interface outside eq 4343
