Cisco VPN :: ASA5500 / Command To Check Tunnel Up-time?

Jun 27, 2011

I am using ASA5500 series box which has a site to site tunnel terminated on it.Is there any command by which we can check the up time of the tunnel.
ASA# sh isakmp sa
   Active SA: 1    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)Total IKE SA: 1
1   IKE Peer: x.x.x.x    Type    : L2L             Role    : responder     Rekey   : no              State   : MM_ACTIVE

View 2 Replies


Cisco VPN :: ASA5540 Any Command To Check Tunnel Up-time

Mar 17, 2011

I am using cisco ASA 5540, Is there any command to check the tunnel uptime?

View 2 Replies View Related

Cisco Firewall :: Command To Check IPSEC Tunnel On ASA 5520?

Jan 7, 2013

Need to check how many tunnels IPSEC are running over ASA 5520.Tried commands which we use on Routers no luck?

View 6 Replies View Related

Cisco VPN :: ASA5500 / TCP State Bypass For Traffic - Coming From IPsec Tunnel?

Feb 6, 2012

We have problems on central firewall with restricting traffic coming from remote office from IPsec. (The network sheme is attached) All branch offices are connected to central asa though IPsec. The main aim is to rule access from branch offices only on the central firewall, NOT on each IPsec tunnel According to the sheme: is on of the branch office LANs10.1.1.0/24 and are central office LANThe crypto ACL looks like  permit ip the aim is to restrict access from to When packets are generated from host to all is ok -  they are dropped by acl2 When packets are generated from to they are not dropped by any ACL - the reason is stateful firewall - traffic bypasses all access lists on a back path I thought that TCP State Bypass feature can solve this problem and disable stateful firewall inspection for traffic coming from to, but it didn't work.The central asa 5500 is configured according to cisco doc [URL] 
access-list tcp_bypass_acl extended permit tcp
class-map tcp_bypass_map
description "TCP traffic that bypasses stateful firewall"
match access-list tcp_bypass_acl


View 4 Replies View Related

Cisco Firewall :: Command To Check ASA 5520 Is Passing Traffic

May 14, 2012

how can i check that ASA is passing traffic? Also what command we can use to make sure VPN is working fine.

View 2 Replies View Related

Cisco WAN :: Command To Check List Of Incoming Vlans On Catalyst 4640?

Oct 4, 2011

is there a cisco command to check the list of incoming vlans on a catalyst 4640 or at least that will give you the same output?we're having an issue with an ethernet circuit, links are up but ping won't go through(no ACLs) and I want to see if the vlan tag from the the other side(side B) is properly reaching side A.

View 1 Replies View Related

Cisco VPN :: Check Right Time On VPN Client  Session On ASA 5510?

Sep 11, 2011

How can I check I have the right vpn time on a VPN client  session on a asa 5510 , and how can I modify it to more time...

View 3 Replies View Related

Cisco Switching/Routing :: Command To Check Memory Slot In 3800 Routers?

Nov 13, 2011

I remember there is one command which can tell you which memory slot has how much big memory in Cisco 2800 or 3800. But at this moment, I just couldn't recall this command. I checked "show diag" but didn't see any information about memory.

View 9 Replies View Related

Cisco Routers :: Rv082 - Can't Check Enable Vpn Tunnel

Sep 8, 2011

According to the manual rv082, if you wan to use vpn.. check the enable
But I can't check enable botton... it's disable So i can't check

View 1 Replies View Related

Find The Time To Check The Network Layout Attached In The PDF?

Nov 9, 2012

Time to check the network layout attached in the PDF. This design is regarding a new redundant DC being built (hypothetically only) but I need to know if I've connected this in the right way/ if its possible with the equipment listed and how I've put them together. [CODE]

View 3 Replies View Related

Cisco Switching/Routing :: WS-C6513 Command To Check 6500 Switch Performance / Resource Usage

Apr 25, 2013

I am on a call right now troubleshooting some latency issue. The CPU usage on the sup card is low. Don't see any drops or input errors. I am aware that the switch and its modules have capability limits. Is there command I can run which will tell me if any module is overloaded or if the fabric/backplane is over utilized?My chassis is WS-C6513 and sup card is WS-SUP720-3B.

View 3 Replies View Related

Cisco VPN :: 3000 Network Address Is Allowed Down Tunnel / Check Phase 2 IPSEC Proposal

Nov 4, 2012

I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?

View 3 Replies View Related

Cisco :: Interface Tunnel Command Does Not Exist?

Oct 21, 2012

I am using ASA 5520 Image in GNS3, when i come in Configuration Mode and try to create Tunnel through command "interface Tunnel 0", but this command doesn't exist. I need this command to create Tunnel for GRE Lab.

View 2 Replies View Related

Cisco WAN :: Getting 1941 Tunnel Bandwidth Command?

May 13, 2011

I have a Cisco 1941 router with the Security license running IOS c1900-universalk9-mz.SPA.151-4.M.bin.  Is there a "tunnel bandwidth" command like with routers that have the Advanced IP Services license?  My concern is being able to adjust the bandwidth to a value greater than 8 Mbps...

View 3 Replies View Related

Cisco :: Scheduler Max-task-time 5000 Command

Dec 10, 2011

I was wondering what this command that appears in default configuration of cisco routers: scheduler max-task-time 5000.I did some research in forums but did not find anything apart from the "scheduler" command with other options.

View 2 Replies View Related

Servers :: Cannot Set Time Through Command - Getting Error Message?

May 22, 2011

After setting thru set time command, error message is display on server 'synthetic time issued'.

View 2 Replies View Related

Cisco :: 3560 - Missing IPv6 Tunnel Command?

Sep 17, 2011

I've finally got my 3560 switch IPv6 capable (IP Services IOS), but I've stumbled upon something strange: I can configure a tunnel interface, but I can't put the tunnel in ipv6ip mode. The command is missing. I can choose GRE, IP in IP, and a bunch of other things, but no ipv6ip. I'm a bit desperate here and probably I am going to have to live with it, but just in case? I need the IPv6 tunnel for an uplink to a tunnel broker which only supports this type of tunnel, and I'm surprised this is missing.

View 4 Replies View Related

Cisco VPN :: 3925 - LAN-LAN IPsec Tunnel Command Unavailable

Apr 14, 2011

I'm looking to utilize one of my 3925's to create a LAN-LAN IPsec VPN tunnel with another site.
I was under the impression that I needed to get a securityk9 license installed and then I would be good to go.   I got a temporary 60 day trial license and successfully installed it, but none of the commands that I need to create the tunnel are showing up for me.
I'm trying to use the "crypto isakmp" command, but that is not showing up: Router(config)#crypto ?   ca   Certification authority   key  Long term key operations   pki  Public Key components
Here's my show license:
Index 2 Feature: securityk9
Period left: 633 weeks 4  days
Period Used: 0  minute  0  second
License Type: Evaluation
License State: Active, Not in Use, EULA accepted
License Count: Non-Counted
License Priority: Low

View 7 Replies View Related

Cisco WAN :: 3845 Remove Tunnel Mode RBSCP Command

Sep 19, 2011

I am trying to implement RBSCP on two 3845s running 15.1(4)M1 Adv Enterprise over a satellite link.  The "show" commands all look correct, but whenever I policy route my machine through the RBSCP tunnel I dont even make it to the opposite side.  However, if I remove the "tunnel mode RBSCP" command so it acts like a regular GRE tunnel, I route through it just fine.  So I know its not a NAT, routing issue.  [code]

View 1 Replies View Related

Cisco Switching/Routing :: 3845 - Archive Command Time-period Does Not Work

Oct 14, 2012

I have a Cisco 3845 with the archive command configured:
path tftp://x.x.x.x/$h
time-period 60
The archive command works with the execution of the write mem, but with the "time-period" doesn't work.This is the show version of my 3845: 
Cisco IOS Software, 3800 Software (C3845-SPSERVICESK9-M), Version 12.3(14)T7, RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Thu 23-Mar-06 01:59 by pwade


View 1 Replies View Related

Cisco VPN :: Tunnel Gets Idle For Arbitrary Amount Of Time Rv110w

Oct 15, 2012

I have set up 2 RV110w firewall/vpn/routers at remote locations and an ipsec tunnel between them.  Once the tunnel gets established everything works fine until it has been idle for some arbitrary amount of time. (Maybe a half hour or less.) at which point we lose server access and can no longer ping across the tunnel. To fix this I have had to dissconnect and reopen the tunnel again,  I even went so far as to install an autopinger on the remote end to keep traffic on the tunnel which seems to work but is not going to be a viable long term solution.  

View 2 Replies View Related

Cisco Firewall :: ASA5500 Going To Eos

Mar 3, 2013

Does any one advise the current ASA 5510 is going to EOS ?

View 1 Replies View Related

Cisco :: Netflow Restart On ASA5500

Feb 5, 2013

I have an issue with Netflow that I have been unable to solve. I have an ASA5510 that is sending netflow data to a FogLight NMS and it works fine until I reboot the server. After the server is rebooted, the flows no longer are received until I reload the ASA. Once the ASA is rebooted, flows work fine. I can remove and reconfigure the netflow configuration on the ASA and that will  start the netflow again, but that is painful.
Is there any way to easily stop/restart or re-initiate the netflow from the ASA easily?

View 2 Replies View Related

Cisco VPN :: ASA5500 How To Get Secure Desktop

Oct 16, 2012

Is Cisco secure desktop free and available for download on Cisco's download site? Is host scan part of the package? I just purchased an AnyConnect license for my ASA (ASA5500-SSL-250=)  and would like to know how to get Cisco Secure desktop and more specifically if host scan comes with CSD.

View 1 Replies View Related

Cisco VPN :: ASA5500 / Secure Desktop With SSL VPN?

Oct 1, 2012

What benefits does the Cisco Secure Desktop bring to customers running ASA5500-SSL-250= user license on the ASA? This is not Anyconnect. This is just regular clientless SSL VPN. I am particularly interested in anti-virus/anti-spyware compliance. Is this available with the base version of CSD? How does this endpoint control work? Can endpoint control detect that an O/S antivirus is not up to date and then block this device from accessing the VPN? If it can, how is this configured? note I am not asking about the additional Advanced endpoint control license. Just basic Cisco Secure Desktop download.

View 1 Replies View Related

Cisco Firewall :: Can Connect To Network Via ASA5500

Oct 31, 2011

Using any computer and AnyConnect, I can connect to our network via ASA5500.  But when I use Cius or iPAD, I always get a No License error message.

View 3 Replies View Related

Cisco VPN :: ASA5500 Static Address For Vpn User

Apr 10, 2011

I am trying to configure ASA to assign same static ip address to certain user(User1) every time when he connect to network via AnyConnect client. We have Windows AD and use LDAP AAA server for authentication of  VPN Remote Access users. I found in document "Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2" in section "Configuring an External Server for Security Appliance User Authorization" explanation and configured ASA and User Properties in AD on exectly same way:First, I assigned static ip address in properties menu(dial in section) of User1 in Active Directory. Then I created ldap attribute map where I mapped msRADIUSFrameIPAddressattribute to IETF-Radius-Framed-IP-Address attribute. At the end I applied this ldap attribute map to AAA server group LDAP.
Although I set this up, whenever I connect using User1 credentials from AD I still get ip address from vpn pool instead static ip address that I configured. In output of debug ldap 255 command I found line "msRADIUSFramedIPAddress: value = -1062718956" but not any line that prove mapping above mentioned attributes.It seems like mapping is not working.All AnyConnect users get parameters from defined internal group policy on ASA,including addresses form pool,dns server etc. I want that User1 get static ip address and inherit all other parameters from group policy.

View 4 Replies View Related

Cisco Firewall :: ASA5500 Add A Second Outside Connection With Second Provider

Feb 24, 2013

ASA-5510, inside, outside, and some DMZ.Some services published with Static NAT - no problem.Now we need to add a second outside connection, with a second provider.Internet navigation only through the first provider (default gateway to the provider router "A").I need to publish some services ALSO through the second provider, ensuring the accessibility of both public IP addresses.I can set up the second NAT on the second interface, but the answer is ONLY to the first IP (the ISP "A", where I have the default gateway).By Cisco manual, it seems that there is a "lookup route" automatic with the return route of NAT, but it does not work.

View 6 Replies View Related

Cisco Firewall :: Active IPS Feature In ASA5500-X?

May 5, 2013

Should we active IPS feature in ASA 5500-x by useing license?in the 5500-x ordering guide:IPS is only sold as ASA-IPS combo SKUs i.e., one cannot add IPS service as an option on top of ASA SKU. For example, if IPS service is desired on ASA 5515-X appliance, the relevant SKU is ASA5515-IPS-K8 or ASA5515-IPS-K9.But my customer has actived it by using the ASA5525-IPS-SSP on ASA5525-K9.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ASA5500 / ACS 5.1 Radius For VPN And Admin?

Feb 27, 2011

I am trying to configure ACS 5.1 to authenticate SSL VPNs on an ASA5500 and aslo to provide admin access to the ASA5500 both via radius.I want to authenticate the VPN against a SeureID appliance and the admin login against a different database (using internal for testing but will use LDAP in the end).I cant seem to get the ACS to distinguish between the two authentication types. If I create a rule that says match protocol radius I can point that at either database but if I try saying match radius and service type 5 it doesnt match the VPN and falls through to the default authentication service. I have also tried matching service type 6 for admin and that doesnt seem to work either.In the end what I want to acheive is to authenticate teh ASA5500 VPN against the SecureID appliance and then admin access to all devices on teh newtork (a mixture of Cisco, F5 and Juniper) to active directory via LDAP where if the user is a member of the "admin" group they get access.I was intending to use specific devices for the ASA5500s (there aretwo) and then creat a device group based on IP address range for everything else.

View 4 Replies View Related

Cisco :: ASA5500 - Wireless Client Authentication Using ISE

Jul 24, 2012

I am designing wireless controller solution for one of our customer network with Cisco 5500 series controller, wireless client authentication part.
1.       There are 25 departments around the campus, each will be given one or two access points.
2.       One Cisco AIR-CT5508-50-K9 Controller shall be used.
3.       Single SSID/ VLAN shall be used for entire campus.
4.       Wireless Authentication credentials used by one department shouldn’t work for other department

View 7 Replies View Related

Cisco WAN :: ASA5500 Transparent Multi Mode Firewall

Feb 4, 2012

Recently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.

View 0 Replies View Related

Cisco Firewall :: Schedule Automatic Backups Of ASA5500

Mar 2, 2012

I would like to schedule automatic backups of our ASA5500's OoO-hours:

1. SSH from secure server and create _FULL_ backup - what would be the CLI command(s) ?
2. SCP from secure server and retreive file(s) - what is the location of the file(s) ?

View 12 Replies View Related

Copyrights 2005-15, All rights reserved