I set the asa Vpn to connect to the other firewall, the VPN is ok but when i see the logs of bytesTX and BytesRX the asa receive a lot of packages in BytesRX but dont send anything in BytesTX.
View 1 RepliesI have a pair of ASA5510s in a failover configuration where I see these 2 logs repeated every 15 seconds.
105008 1 Nov 27 2012 10:39:27 (Primary) Testing Interface management
105009 1 Nov 27 2012 10:39:28 (Primary) Testing on interface management Passed
I have read other threads where these are accompanied by "105005, Lost Failover communications with mate on interface". But I'm only getting these 2. The other thing that is confusing is that the "management" interface is not the failover interface. So why do I see 105008/9 logs about it?
Output of "sh fail":
5510a# sh fail
Failover On
Failover unit Primary
[Code].....
My customer had 2 asa5520 version:8.0(5)20 and LMS 4.0.1.Two Firewall are "unknow" on LMS, why ?Normally, LMS manages ASA with version 7 min.
View 1 Replies View RelatedThis might actually go into Networking Basics because of the nature of the problem, but I tossed it in here because of the Cisco product involved. Long story short, I need to do some detective work to figure an apporpriate IP address for a NIC.I recently started working at a company with the ASA 5505 and I need to upgrade the software image on a bunch of them. There's already a computer set up with a TFTP server and Hyper-Terminal to do it. I'm trying to use the CLI update procedur[URL] but when I get to the beginning of the actual transfer from the TFTP, I get stuck at "Accessing" and then the connection times out with the message "Unknown Error".The only thing I can think of is that somehow the ASA is not making it all the way to the TFTP server, probably because the IP address settings on the NIC for the computer is set wrong. I say this because in the config file provided me, the ASA is given an address X.Y.Z.1, subnet mask /24 (where all the letters are constants) and the TFTP server has an addess in its software config of X.Y.Z.10 mask /24, but the NIC on the computer is set to A.B.C.105, which is an entirely different network.I need to figure out what I can make the NIC IP address so I stop getting the error. I tried a couple of different X.Y.Z.x addresses, but haven't gotten anything yet.
View 1 Replies View RelatedI have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
I need to create a firewalled segment that not only separates hosts from general population, but also from each other. The solitary confinement of firewalled segments.I know that I could create a bunch of sub-interfaces, one for each host or group that needs to be isolated, but I'd really rather not have to do that if possible. 1) It could become a management nightmare between ACLs and sub-interfaces and 2) it's a waste of IP addresses.s there any way that I can create a bunch of separate VLANs behind the firewall and have them all terminate at the firewall, using a single firewall IP address for the gateway?
VLAN 1 - hosts 1.1.1.5 and 1.1.1.6VLAN 2 - hosts 1.1.1.7
Firewall DMZ Interface - 1.1.1.1VLAN 3 - hosts 1.1.1.8 and 1.1.1.9
This way, the hosts are isolated and can't talk to each other unless they're on the same VLAN.I'm working with an ASA 5510 running 8.2.4(4).
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies View RelatedWe were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedI would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies View RelatedI am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies View RelatedI have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
I have just configured identity firewall on our ASA 5510.I have 3 nodes that authenticates against Active Directory, using the Windows Server 2008 R2 builtin Network Policy Server: A laptop, a stationary PC, and a Android Phone. All 3 nodes are authenticated using the same user/password.
Now, in ASDM -> Monitoring -> Properties -> Identity -> Users, I can see two of the nodes with my user name attached to it, namely the laptop and the stationary PC.But not the Android phone.
Then it dawned on me. To set up the ADAgent properly, you have to apply 2 group policy entries. Unfortunately, those 2 entries are applied to the Computer Configuraton part of the Group Policy.This means that your COMPUTER has to be a member of your domain for USER IDENTITY to work.So my Android phone and other nodes not a member of the AD Machine Store will never be detected by identity rules, and can roam the network free.
I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
I currenty have 2 cisco 5510 firewalls one of the firewals is completly dead but contains a Cisco ASA SSM-10 can i remove this card and just place it into a working unit, will i have any problems doing so.
View 1 Replies View RelatedI am unable to see 4th interface on my firewall i.e fastether0/3 on my firewall ASA 5510.
Below is the output.
ciscoasa# sh int ip br Interface IP-Address OK? Method Status Protocol Ethernet0/0 x.x.x.x YES CONFIG up up Ethernet0/1 x.x.x.x YES CONFIG up up Ethernet0/2 unassigned YES unset administratively down down Internal-Control0/0 127.0.1.1 YES unset up up Internal-Data0/0 unassigned YES unset up up Management0/0 192.168.1.1 YES CONFIG up up
This is my first time to use the Cisco ASA 5500 family. I have a request from a user to create an access rule, to allow all LAN traffic to Destination IP address 165.241.29.17, 165.241.31.254 with Destination TCP port 5060,5061,5070 and UDP port 50000-52399.
View 9 Replies View RelatedWe have setup new ip camera system and as per our vendor to access the camera from outside we need to open,TCP ports and in firewall and forward to our camera server.
Let say our public ip address is 207.114.111.22 and our local ip address for the camera is 11.11.1.30. We have cisco asa 5510.
We've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]
View 4 Replies View RelatedI have CISCO 5510 firewall running with IOS ASA821-k8.bin.My company has purchased another ASA5510 with IOS ASA843-k8.bin.We need to run both firewalls in Active/Standby mode.
If I upgrade the IOS of old firewall to ASA843-k8.bin the the running configurations does not work properly.It does not pick the network objects and NAT rules as they are configured with OLD IOS and running.
Or if I restore the configurations of old firewall at New ASA the result is worst. Even firewall with new IOS does not show any Access Rule and NAT rule and does not supprt network objects.
We have a daisy-chain like network at my work involving various cobbled together parts such as Print Servers and switches. Today a random computer has appeared on our network with the name USER-U40PVRNHWL. We do broadcast a wireless signal, but it is password protected. I have done a complete sweep of the building and there are no extra pieces of hardware physically connected into our network.
View 1 Replies View Relatedwhen you have a device that you don't know it's IP what do you do to find it out, I normally just plug directly into the device and use nmap to scan the ranges I think it might be, but that takes quite some time?
View 17 Replies View RelatedAfter successfully install a device update for Common Services, all devices are reported as unknown.Number of Packages Selected for Install : 2
-For Product(s) : Common Services
-Install Invoked by user : ameconi
-The Package(s) Selected for Install :
When I try to install other updates these fail because MDF is version 1.59.
We are running Cisco Wireless Control Sytem (v7.0.164.0) with 4 - WLCs (v5.2.193.0) and about a 100 Aironets and I was wondering how to get WCS to identify the Client usernames? When trying to view monitored clients usernames, all it shows is Client Username <unknown>, though their MAC and IPs are correct. I'm not sure if this has to do with mobility anchors or not, but currently we have none setup in case. How to resolve the machine name or actual username that is logged in... either one.
View 2 Replies View RelatedSince i got sky broadband it's always been running super slow, the amount of times i have called them is ridiculous. So i have just been looking around on the sky address to see if i can fix it and in my Attached devices i have, the pc, an ipod touch and an unknown device. I'm wondering if this has anything to do with the slow speeds and maybe it's somehow 'stealing' my broadband. I've read a previous post of the same type but that wasnt for sky. i ran the ipconfig/all into CMD
View 1 Replies View RelatedI have various unknown Mac addresses on my network,detecting if they are normal/non harmful OR if I've been hacked! I've uploaded a picture of the addresses, the second to the last address is my router's.
View 1 Replies View RelatedIs there any solution for the usb wireless which its chipset is unknown when u do the airmon-ng
View 1 Replies View RelatedI noticed two ip addresses reserved with DCHP on my home wireless. From IP addresses I can't seem to figure out who these belong to at home. All connected computers and devices are accounted for. Could these possibly be someone(s) hacking to my wireless to connect to internet? Or are these for modem setup, etc.?
View 2 Replies View RelatedI have various unknown Mac addresses on my network, I need to detect if they are normal/non harmful OR if I've been hacked! I've uploaded a picture of the addresses, the second to the last address is my router's.
View 14 Replies View Relatedmy wifes computer had to have a new hard drive installed an since it was fixed it will not network with my laptop in a private mode only public and my laptop now has a question mark then step down her old computer as the network path we are both windows 7 hers is hp and my laptop is toshiba satellite I can not get rid of the 2 networks from her computer or the question mark on mine
View 2 Replies View RelatedWe had a new linux server installed at a remote office yesterday, unfortunately the guy installing the server forgot to change the IP addresses, doh. It's plugged into a C877 and I can see the port is up/up and I see the mac address using 'sh mac-address-table'. The ip address on the server is unknown but it's unlikely to be in the correct subnet for the vlan it's attached to.
Is there a way I can add an arp entry manually to the router, then ssh to the server and correct the ip address? Or is there some other way to establish the IP address of the server? It's gonna be a pain to revisit the office and there's no one there that can get into the server room to do anything from the console.
I have got a problematic 1841 router. I connected it with console cable and use HyperTerminal application with
BPS: 9600
Data Bits: 8
Parity None
Stop Bits: 1
Flow Control: None
but the displays shows as follows. What may be the problem ? I can't see the English language, what to do now ?
ËŠª¨GÌÍ(W•³•BÜΣ¥õ«©¡«©¡GfGMèF£eˆ)¯+%©§§Mr§j‹ ï(MŽV»øìõ3B…«»v£FÝ=;VOèF£eˆ
)¯+%©)§N N'vnjj»³6r³h-Bãeˆ)¯+%©)'f¾.zN' ~R5ˆîïÝèv®V££õ£ë£'%3Þ££õF£ÈMèF£eˆ)¿+
%/]'fnno/?míHv£îïÝèv®V££õ£Œî£'%3v££õþ
I have issues to connect Cisco 2911 to HP switch. I disable CDP on the LAN port, router at A end is ok, but the unknow protocal drops as same as before at B site. It happend around every 30sec. When I transfer a file from one end to the other end. It always disconnect every 25 second. HP Switch is not configure trunk as it work as a plain network
View 3 Replies View Relatedi have a desktop and a laptop(dell xps 14).and am using a modem to connect both using ethernet cable.my modem is showing lan connection of both computers.but there are problems which are- i cant connect to my homegroup i cant find any server on lan while playing games i cant share files
a network driver is missing.details are- property-hardware id values-ACPI/SMO8800 *SMO8800 also specified that first value is highlighted and error code is 28