I am new to the PIX firewall. And recently implemented the PIX 506e in my network. I wants to know how we can monitor the system that is generating the more traffic on Network through Firewall.
View 4 RepliesSo I was doing some testing with my BB Playbook where I wanted to see what outside connections it tried to make during startup and whatnot. I have a pix 506e running 6.3(5). I created an simple 'deny ip any any' access list on the inside interface so that the Playbook doesn't actually make any connections, but I set up a 'capture' on the inside interface accepting 'ip any any' to see what kind of traffic I could see heading outbound from the Playbook. Well, it started off showing attempts to query DNS (and failed, naturally), but then after a couple of minutes, it tried to connect to a couple of IPs over port 443 and actually got a response!!! For the life of me, I can't figure out how this can happen. NO traffic should be allowed outbound due to my explicit 'deny' rule, but for some reason some traffic on port 443 made it past the firewall and got a response back. There are no other rules in the access list except the 'deny' rule. My PIX configuration is quite simple and I cannot see anything that would allow the Playbook traffic to circumvent the access list.
I've come to think that either RIM has found away around Cisco access-lists, or there is a bug in the Pix OS. I know it's an old appliance/OS, but still. I wouldn't think it could be THAT easy to bypass the firewall.
How to configure SSH access on my PIX 506e. I would like to use local authentication with no AAA server. Also I would like to have telnet disabled completely.
View 3 Replies View RelatedThere is a PIX 506E and ASA5510, with different connection to service provider. Problem is Apple remote users can't access resources protected by the PIX506E. Apple users can access resources protected by ASA5510. Physically the PIX and ASA are in close proximity with no physical connections. Is it possible for Apple users to authenticate with the ASA and the traffic get routed to and get authenticated by the PIX, inorder to access resources?Due to bandwidth restrictions, a DMZ on the ASA will not be created at this time inorder to consolodate firewalls. Currently 2 x T1 is the connection between ASA and ISP; 1 T1 connects PIX to ISP.
View 1 Replies View RelatedI have a PIX506E that was resently reset and it has version PIX Version 7.1(2) . It either uses some different commands or I am not using them correctly. [code]
View 2 Replies View RelatedSo i got a Cisco PIX 506e from a friend and want to set it up for a VPN. Though i cant download the PDM (PIX Device Manager) since i dont have a Contract or something like that. So i cant set it up.
View 1 Replies View RelatedI need to replace an ageing PIX 506e with an ASA 5505.The current setup looks like this: The PIX is used for site-to-site VPN connection via the WAN 2 link. The WAN 1 link is used for general Internet connectivity.I don't have access to the Draytek Router as it is supported by a 3rd party, but I believe it uses static routing to direct the relevant traffic to/from the PIX.
When I replace the PIX with the ASA, the inside i/f connection experiences dropouts - but no errors show in the logs.The only significant difference I can see in the config is that the ASA utilises VLans for the inside & outside interface configs - I used the PIX-to-ASA Migration tool to make the initial configuration on the ASA.In tests, if I only connect the inside i/f of the ASA, pings from the LAN are stable. Once I connect the outside i/f, pings timeout approx 80% of the time.
I am trying to add a username to the local database for remote VPN connection but always i get this error when I add,Encrypted password is of incorrect lengthUsername addition failed.
View 1 Replies View RelatedI just got a PIX 506e from a friend that was not longer using it. I'm trying to get started with the configuration page. I've reset it to factory defaults, rebooted and connected up ethernet. I can ping the device at 192.168.1.1 and access it via console. I browse the site https://192.168.1.1/startup.html, get the invalid ssl certification, get a login prompt (user/pass) and as the document says I leave it blank. As soon as I hit ok it goes to the 404 error Page Not found.
View 4 Replies View RelatedWhat is the easiest way to restore my config? I backed it up yesterday with my tftp server. Today I made some changes and messed some things up and need to restore the config from yesterday.
View 1 Replies View RelatedI'm getting an error message on my 506E that is saying not enough flash space to install the new version 8 software. I did a clear flashfs command and then tried again but get the same error. Do the PIX 506E can be upgraded from version 6 to version 8? I am trying to install pix804-28.bin.
View 3 Replies View RelatedI have a problem with PIX 506E that meets the version 6.1, and in an simple computer network equipment seems to behave in strange ways because some web sites do not open or very open slow thereby its operation impracticable. On the other hand other web sites open normally.
Querying the web site of the Cisco, I found several documents discussing the same problem but in a later version ( 7.0 ), not in this version 6.1.
I've tried removing the pix from the network , not the error occurred, again insert pix however tested only with a machine, without the rest of the network and the problem persists
We've had problems with our internet router losing connection to the internet. All traffic stops, a reboot resolves the problem. The router only has a public IP and it's connect through a dummy switch to the ASA as shown. I want to be able to monitor netflow or something and wondered if I could add a static route to the 10.x.x.x network and then add the netflow commands. Here is kind of how it looks, I simplified it some by removing unnecessary devices
View 2 Replies View RelatedI have a questions about protecting my network. My parent's have rented out my room, since I'm going to college, and I was wondering if there was a way to monitor the traffic that is going on in my network. Once the guy moved in, the wireless connection speed drastically decreased. I was barely able to sure the internet on my laptop. I currently have about 8 devices connected to my network. I am running a wired connection for my desktop so I don't feel any lag, but everything else runs on wifi.
View 1 Replies View RelatedI like to set up a pix and router for this network for a small buss, but I need to know what type of cable do I need to set this connection to work straight through or a cross over cable? also I need a subgestion if a nat would work better on the pix or leave it on the router?
View 4 Replies View Relatedhow can I monitor and prioritise traffic on a ASR 1002? Currently we have allowed another organization to use our 1GB link and we would like to monitor what sort of traffic flows through it and want to prioritise the traffic depending on the applications.
View 1 Replies View Relatedhow do I monitor a computer through the wireless router
View 1 Replies View RelatedI have a L3 core switch with multiple VLANs setup. Is there a way to place an IPS so as to monitor the traffic passing between, lets say, VLANS 1-3 and VLANs 4-10?
View 19 Replies View RelatedWe currently have a 3/3 Etherloop. We dont have any internal IT as we are still small and while not a networking guy I can at least understand what is going on. Right now at peaks we are hitting 100% utilization.
We run a call center in house so I am trying to determine at the very least how much of this traffic is from voice data compared to everything else.Was running through our networking configuration and it just seems off to me. The following is the flow.
-Etherloop Demarcation >
-Cisco Integrated Access Device >
-D-Link DIR 655 Wireless Router >
-24port HP Procurve switch >
-24port HP Procruve switch >
Everything up to the first switch is a single line. The first switch has all ports running out except 1 which goes to the second switch. The second switch runs out to machines as well.
I am at the networking level where I understand a switch but have no idea what the IAD really does between the etherloop modem and the wireless router.
For some reason I feel like the router should not be setup in that manner and should be off of the switch. With the cisco IAD running directly to the first switch. So my 2 big questions are.
1. Does this setup even make sense.
2. Whats the easiest way to monitor traffic, at the very least it would be nice to see real time up/down and be able to log in. Then I guess using ports figure out what is being used by voice. My first guess was just putting a machine between the IAD and first switch and monitor and log the traffic.
I have a requirement to monitor all traffic going from the internal LAN to the cloud. The LAN is a layer 2 VLAN which spans multiple Cisco 4507 switched and other smaller switches.
The VLAN has an IP address which the hosts use as the default gateway.
The exit port is on a Cisco 3600X switch connecrted to 4507 #1 via a 10G fiber link. 4507 #1 connects the rest of the LAN. Those switches interconnect via 10G fiber and 1G copper links.
Currently the monitor host is connected to a 1G copper port, configured as a monitor port, on one of the backside 4507s The switch manager says he has the switches configured so that I can see all traffic on the VLAN.
I'm thinking of switching to another ISP which is faster and cheaper than who I'm currently with. Only problem is they have data caps. Any way to log inbound/outbound traffic usage with this router so that I can make sure I'm not going to hit monthly limits?
View 5 Replies View RelatedWe have an SG300 managed switch located in a small business of less than 10 PCs. There has been an ongoing issue with Internet speed. Is there any way that I can monitor the router for traffic so that I can see what might be causing the problem? I would like to focus on the WAN port and Internet activity particularly.
View 1 Replies View RelatedHow I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
Is there a way I can generate bandwidth reports on Cisco PIX 535 ?
View 1 Replies View Relatedhow to configure ip sla monitoring on asa ver 7.0 (6) ?
View 4 Replies View RelatedI have an ASA 5500 Firewall. I need to figure out how to log all events using Port 25 to determine if there are any rogue devices on our network. I was trying to figure out how to do this via the Real-Time Monitoring (filter) but have had no success.
View 1 Replies View RelatedI have a question regarding failover monitoring on the ASA5505 in an active/standby configuration.
I understand that on the 5505 you create VLAN interfaces and then assign the VLANs to the 5505 switchports. With failover configured on the 5505, the VLAN interface names are monitored. For example, VLAN 100 interface named Inside is assigned to ethernet0/1, switchport mode access. When issuing a show failover command the output will show the monitor status of interface Inside..
Does failover monitor the VLAN virtual interface only? Does failover also monitor the link status of the ethernet0/1 switchport?
We are looking to implement traffic shaping/policing primarily for P2P traffic. As natively the ASA5550 is only capable of p2p inspection if the traffic is tunneled via port 80 is the AIP-SSM the way forward? We have 2 5550s in active/active failover config. As a side note we are also looking to implement an IDS/IPS system so could this module cover all?Is this module going to provide the desired outcome or is there another module/device out there better suited for this? I would prefer to use the ASA5550s as opposed to implementing another product if only that we can make use of the investment we already made on these devices.
View 1 Replies View RelatedWe have one pair Cisco ASA 5505 located in different location and there are two point to point links between those two locations, one for primary link (static route w/ low metric) and the other for backup (static route w/ high metric). The tracked options is enabled for monitoring the state of the primary route. the detail parameters regarding options as below,
Frequency: 30 seconds Data Size: 28 bytes
Threshold: 3000 milliseconds Tos: 0
Time out: 3000 milliseconds Number of Packets: 8
[code]....
I'm not sure if the setting is so sensitive that the secondary static route begins to work right away, even when some small link flappings occur. What is the best practice to set those parameters up in the production environment. How can we specify the reasonanble monitoring options to fit our needs.
I am interested in gathering cumulative threat-detection statistics from an ASA running 8.3, and displaying number of attacks over time. I am already capturing traffic information via netflow, but am interested in getting threat information.
Is there a way to capture the statistics via SNMP or any other method?
I am trying to monitor my ASA 5505. This asa is connect via a ip-sec tunnel to our network. I have no problems with snmp monitoring devices behind the ASA, but when trying to monitor the asa itself I do not get a SNMP response.
View 2 Replies View RelatedWhat are considered the best practices for monitoring ASA's--specifically the 5510 with Sec+ License.
My current monitoring application keeps reporting issues with outbound interface buffers being too high, but there are not any performance issues and I believe the thresholds are just set absurdly low.
i have a couple of ASA 5510 in Active/Failover configuration. Failover LAN is configured on management0/0 e the ASA are connected with a back-to-back direct cable.
ASA has an interface in access mode inside with standby ip address and show failover is compliant with expected result in show failover (Normal)
ASA-PRIMARY# sh failover Failover On Failover unit PrimaryFailover LAN Interface: LANfailover Management0/0 (up)Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 5 seconds, holdtime 25 secondsInterface Policy
[Code]....