recently I had a power cut in the office and my Cisco ASA 5505 512MB Base 10 user License stopped working.it was not possible to establish L2L VPN.I replaced it with another ASA 5505 with 256MB RAM Base 10 user License.I restored the configuration and everything is working now.The main problem is that before (with the 512MB ASA) I had two L2L tunnels established and many clients (up to 30 clients)using the two tunnels. Now with the 256MB ASA when the clients being in the L2L reach 10 clients,the other clients stop working inside the VPN, they cannot reach hosts which are on the other end of the L2L. This could be due to te less amount of RAM ?? Otherwise I can't explain this behaviour.Could I solve this buying the 50 user license upgrade ?But in my previous ASA I had the Basic 10 user license and everything was working with many clients reaching hosts behind the two tunnels.
I need to upgrade the flash memory of the ASA 5520 from 256Mb to 512Mb. As far as I realized the built-in flash memory called system compact flash and there is also an empty slot which it is possible to install a user flash.
What is the difference between user and system compact flash? and for upgrade can I just insert the user compact flash or do I need to upgrade the system compact flash? Where can I find the part number for each type?
On an ASA 5505 with the proper licenses running version 8.3, which would you consider the more resource intensive for the ASA, IPSec VPN or an SSL VPN with a portal?
The connections through the firewall would be the same so I am curious how adding the different types of VPN will affect the CPU and overall ability of the ASA to function.
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
Loading...IO memory blocks requested from bigphys 32bit: 13008 dosfsck 2.11, 12 Mar 2005, FAT32, LFN
here ---> Currently, only 1 or 2 FATs are supported, not 64.
dosfsck(/dev/hda1) returned 1 dosfsck 2.11, 12 Mar 2005, FAT32, LFN open /dev/hdb1:No such file or directory dosfsck(/dev/hdb1) returned 1 mount: mounting /dev/hdb1 on /mnt/disk1 failed: No such file or directory mount: mounting /dev/hdb1 on /mnt/disk1 failed: No such file or directory Processor memory 868220928, Reserved memory: 62914560
what does this mean?Currently, only 1 or 2 FATs are supported, not 64.
I tried last night to upgrade the memory in my old 5510. It's about 5 years old and has the single memory socket. I followed the instruction included in the kit:
Mfr. Part#: ASA5510-MEM-1GB
I did wear an ESD wrist strap (genuine Cisco at that!) and ensured the memory was fully seated, the handles locked in.Upon restarting the ASA, for over 15 minutes, it stayed in mode: Power LED steady, Status LED flashing, other LEDs off. No response to attempts to SSL via Putty. I powered it off, verified the memory was indeed fully seated, and re-installed the original 256 MB module. It powered up normally in less than 5 minutes. Is there anything else to try before returning the memory? Tonight, I can try the same new memoy module and see if it works.
I have recently installed a Cisco 2911 ISR G2 with the default 512 Mb DRAM intending to eBGP peer. I ordered the 2GB upgrade RAM however due to time constraints on backordered parts, I fired up this router and eBGP peered without it. The Peer advertised the whole route table with 400,000+ routes. The BGP session came up then the router crashed due to not enough memory. The router disabled IP CEF due to insufficient memory. I disabled IP CEF permanently and have been running the router in this condition for 3-weeks with a stable eBGP session. This resulted in no CEF, 25% CPU during light traffic, 89% memory, and 50% CPU when traffic is around 30 Mbps through the router.
I am experiencing a hit to the throughput resulting in a lost packet and practically a brief traffic stall roughly every minute. This hit is so quick that it does not always result in packet loss and IP traffic sessions are not reset. I do see this on my live bandwidth graphs that the traffic takes a dive every so often, roughly 1-minute.
I initially thought this problem could be L2 to the upstream eBGP peer but all interfaces are clear of errors. I also thought this could be the BGP session going down, however, It is always up. I thought this could be duplex mismatch on L2, however its solid and no logs on either end. Funny thing is pinging thr router from both the LAN side and the WAN side results in the same packet lost every minute or so.
Even though the CPU and memory always stays the same at under 20-50% CPU and less than 89% memory, do you think this could be the BGP Scanner walking the routing table every minute?
I run my business from a home-office, and have a program that operates off a database.This database is run on what I'll refer to as the "server" computer.I have other laptop and desktop pc's that run this same program, but are referred to as "clients" since they don't house the database and only pull the data from the "server".I can connect wirelessly through my WLAN, but the connection is slow due to the database server. However I am told that a wired network would increase the data transfers tremendously between the machines.I have plenty of ethernet cable and a brand new switch.I run windows 7 64 on all machines that I'd like to connect.What steps do I need to take in order for the "client" machines to connect to the "server" via the LAN and not the WLAN?
I need some fiber to run between a Cisco Nexus and an IBM server with Intel NIC. It's 30meters, and LC-LC connectors.What is the difference between 62.5/125 vs 50/125?
Any difference between G and N routers? Also, can you use either one? I currently have a wireless G. I have added A few wi-fi devices in the last couple of weeks I.E. Smart T.V., I-phone, I pad, and Satellite TV ( the on demand comes from the internet). My internet on my laptop seems to have really slowed down, and I it keeps locking up. I have to go reset the modem, and router to get it working again. Could all these wireless devices being on at the same time be dragging down my speed?
I have two sites connected to each other using L2 MPLS/1Gbps "provided by the telecom", the link is configured as a 802.1q trunk and terminated on C3750 on both sites. Everything is working fine according to the below configuration. But i am facing QoS limitations on the number of queues, i checked cisco web site and found that the ME3600/3800 has HQoS which will give me advanced QoS features.I am thinking to migrate from the 3750 to ME3800, but i am new to metro switches. if i can apply the same below configuration on ME3800 except the QoS as i will replace it by MQC configuration? So can I consider that the ME3800 has all 3750 features plus MQC QoS?
! !! version 12.2 no service pad service timestamps debug uptime service timestamps log datetime
We have configured BGP on Cisco Switch 6509E, firewall module on the switch is making nat for all users,but users is not going to internet yet, I do not know hot to configure 6509E to give internet access to users.If I route default route to FWSM,then BGP will not work? If I route default route what is the meaning of BGP then?
I do not want to write static route because BGP should work (4 ISPs redundancy)
How to let users to go out to the internet throug BGP, but nat is being done on the firewall module on 6509, routing is beiing done on 6509,to to configure it?
we are running 8.4(2) on the asa with the below configuration we basically have a static for .7 on .25 and a nat for .7 for port direction with manual nat that takes precedense over auto nat within the object group am I correct that I dontneed the dynamic statement and that its redundant?
Does the CPU speed make any difference?I'm reading that the Asus offers great Wifi Coverage - which is nice cause both the wife and myself use the laptops a fair bit.. However - most of my devices are currently on a wired setup..through a belkin 1gbit powerline setup.I run a NAS for storage - a separate machine for media serving, 2x ps3s for media streaming a seagate HD+ media player + a sonos bridge and my desktop on the wired setup..As for wireless normally I'd have 3 Androids along with 2 laptops & 5 sonos players...
[code]....
I might have been talking rubbish there - I was sure I'd read somewhere that the Asus unit had a whopping 1gb ram installed vs. the 256mb of the Linksys/Cisco ea4500 - however looking at the specs again, both read @256mb.
In 2008-2010 timeframe, I used the ace 4710 appliances at one customer and kind of liked them. The deployment was not too SSL intensive and B/W requirements were low, but I configured a few HA pairs and that worked well. The configuration was pretty comparable to other Cisco devices; so easy to learn/pick-up.Fast forward to 2011: stepped into an environment, where customer purchased 3 - ACE 20 modules (before I got here), and had multiple issues with them. I found 4 documented TAC cases, and 1 was still open. I started working from December 2011 on getting Cisco to own-up WRT modules but customer by that time had had enough.
The most serious issue was a random reboot, hang or lockup. I wasn’t here to work with them to verify, but that’s eventually what the deal breaker was. Around the February 2012 timeframe, talking to Cisco SE, he revealed Cisco had an independent lab in Switzerland verify that some hardware component on the device had a terminal defect, in which a bit would flip, and force the device to lock or reboot - subject ot radioactive decay or interference.Cisco and the lab attributed this to improper shielding, coupled with defective material in the electronic component; hence the device was highly susceptible to radiation-type errors. This is the kind of stuff you read in doomsday reports! As a result, Cisco was EOL-ing the ACE-20 module. I am trying to get Cisco to replace the ACE-20 modules with something else, but they haven’t been too cooperative. They have also limited their SE/Salseperson presence where I work (Pacific Northwest); and are not too responsive.
I have gotten a verbal agreement to get a credit on prior purchases for the amount this customer spent on the ACE-20 modules. However, the credit is only a few points off their normal discounting model. And Cisco will not go into loss on new product sales. Using example, $100 product would cost me $55 with standard Cisco discounting. Cisco’s cost might be $45 so I will only get another $10 credit on this new purchase.The 3 Cisco ACE-20’s originally cost customer about $100K, so to dwindle this credit down, we would need to purchase about $1-$2 million of new hardware - that's a lot of new gear! And I don’t have any real way of knowing that Cisco is applying the credit honestly, and they won’t put anything in writing. This entire issue has really dampened customer’s impression of Cisco. They had smartnet on the ACE-20’s for 2+ years, but then dumped that after losing faith in the product. Now I am trying to resurrect smartnet to see if Cisco will give us an alternate product.
And to cap it all off, the original Cisco salesperson (who sold customer the ACE’s), has left and went to work for F5! And yes, he has been calling on customer to try to sell some big-IP's! At least there is some humor in all of this. So... Has anyone else had bad experience with ACE-20 module? How about ACE 4710? How to get a reliable working ACE module from Cisco?
I own a Cisco 892W router. The router has 2 WAN ports and 8 switch ports. Now I know -
-WAN ports can create sub interfaces, assigne IPs, cannot be assigned to a VLAN - sounds very much like a routing port. (sh interface gives - Hardware is PQII_PRO_UEC)
-Switch ports are for VLAN assignment, trunking, IP assigment etc,. (sh interface gives Hardware is Fast Ethernet)
I know they are different but at the same time confuced what the difference are? I also know on some 3xxx series switchs you could say "no switchport" and translate a switch port to a layer 3 port. But on 892W you can't do this? Struggeling to understand the difference.
We are planning on testing a new ISP provider in our company but we have the following doubt: This new provider is using a Optical Fiber line (GPON – PT Prime) for this new internet connection and we already have a Cisco RV220W router but they are not sure if that can be used, so they just informed that they a capable router is the Cisco 2951-SEC/K9, that they are selling of course. So our actual doubt is if the Cisco 2951-SEC/K9 can have some “extra” WAN configurations/authentications that are not available in our Cisco RV220W and that can implicate that we cannot use our RV220w router?
What is the difference between the Diameter and the Max Hops Remaining in RSTP/MSTP? Like Cisco, the maximun value for diameter is 7, but, can i have a ring topology with 10 switches in the Network?
I am selecting a router, let's say to be used as a VoIP Gateway (C3945 + PRI ports).If I order the "Security license" included (bundle C3945-VSEC/K9), what is the benefit of getting the security license for a gateway router? Today in the organization we don't see an immediate application for the security license, but I would like some feedback on ways that it could benefit the organization if future security policies are implemented in the future.
currently my firewall is Microsoft ISA Server 2006 and im using it very nicely but based on some security treats im changing my firewall from isa to ASA 5520 but im facing a problem that my i had installed on software name Soft Perfect Bandwdith Manager and i was limiting each users based on their MAC address to prevent using of full bandwidth in my internet so thats why i had a very relialble internet useage in my network.
after many search and searching i didnt find a good software or hardware that should support with Cisco ASA Apliances to support bandwidth management for endpoint users and etc and this is very troubel i dont want all users to use full badnwidth in my company becouse i have only 2MB internet badnwith taken via VSAT connection
imagine I am selecting a router, let's say to be used as a VoIP Gateway (C3945 + PRI ports).
If I order the "Security license" included (bundle C3945-VSEC/K9), what is the benefit of getting the security license for a gateway router? Today in the organization we don't see an immediate application for the security license, but I would like some feedback on ways that it could benefit the organization if future security policies are implemented in the future.
In my test lab I am playing with the Numbered ACL's and Named ACL's. Both configurations are working BUT , I am sure I do something wrong in the Named ACL's version. When I reboot or reload the CISCO 1841 ROUTER , I do not have INTERNET anymore , I still have access by TELNET or SSH , but no external communication anymore. The only way to start the communication again , is by adding :
PERMIT IP ANY ANY . This will of course work , but the funny thing is that when I do a : NO PERMIT IP ANY ANY It still works !!!
I have learned by this to always shut down and restart my ROUTER or SWITCH to see if everything still work . Here bellow some parts of the working Numbered ACL's version :
ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh port 8096 rotary 1 ip ssh version 2 [ code] ....
I know serial interfaces are called that because they put bits on the wire serially - i.e. one bit at a time. If that's the case for serial interfaces, how do other kinds of interfaces, such as Ethernet interfaces, put bits on the wire? Do they somehow put more than one bit on the wire at a time? I assume it's a faster process, but how so?
i measured with Iperf over two Cisco 1811 router, that bandwidth speed is higher then is used IPsec+GRE tunnel between two routers, than just using a static routes.Bandwidth over GRE in average is about 91389Kbit/sec Over static routes is about 88474Kbit/sec.
I'm going to be upgrading my network (router and network cards etc). I was wondering if there will be any performance difference with the Belkin Fastcat 5e I currently have and CAT6 cables?
So my company is replacing firewalls. In our EU HQ, they went with Palo Alto 2020 models to take the place of Cisco PIX and an IBM IDS box.However, as I'm responsible for the US branch, I'm re-evaluating their decision for our office. We currently have a Cisco 5510 and the same IBM IDS box behind it. Everything works, so I'm wondering if a PA device is worth the upgrade cost, but on the other hand, you can't really put a price on security. The application control, IPS, anti-virus, etc etc are all cool features that might be worth implementing now.
My questions is - why is PAN so expensive? As an example, Sonicwall's NSA 3500 with similar specs are coming in at 1/3 the price for the same feature set, and lower yearly cost. I've seen the demos, and the interfaces are both pretty slick - at least compared to what I have now. The all have the gateway security features and Deep Packet Inspection so what am I missing? I know PAN is all the rage right now in the networking world, but it seems like they're somewhat riding the fanaticism from their marketing teams - similar to Apple customers. We could also debate the differences between what's marketed as UTMs and NGFWs, but from the "black box" perspective (what comes in, what goes out) - aren't they more similar than different?
If I ran the office, I'd also look at Untanged and other vendors, but my boss wants something with a little more brand recognition. Anyway - I'm asking the Horde what's up since I'm not a networking guy by trade - more sys admin - but this office is my responsibility.
