Cisco :: Get Visio Stencils Of IPS Modules For ASA 55xx Series?
Dec 11, 2011
I've seen a lot of things I want to and need to fix to get our network more secure but my first order of business is Visio diagrams of the old network and projected diagrams of the new network when we move to our new DC next Saturday. I've made maybe 1 diagram on my own thus far and have edited a few. I want to create physical and logical diagrams but I'm not quite sure what to include and what not to include on either since I haven't seen a wealth of diagrams up to this point in my career.
1st question: Does anyone know where I can get visio stencils of IPS modules for ASA 55xx series? Didn't see them on Cisco's stencil site or with a google search
2nd question: Our network is setup like this... A stack of 3 3750s act as our "Core" and have a 2 port etherchannel to every layer 2 2960 switch (15) in the network. In a physical diagram, 30 links would make it a little busy, hell even 15 links represented as the etherchannels would be busy
What is the equivalent oid as chassisid - .1.3.6.1.4.1.9.3.6.3.0, which gets the serial number for most cisco switches/routers is for the ASA 55XX series firewalls.
I have already understood the following notice for using VSS function with 6700 series modules.For example there is the compatibility HW revision issue between the 6700 line card and CFC or DFC and so on. [code]
Is there a way to trigger stateful (or stateless) failover on ASA 55xx (8.0.3) when there's a failure on the IPS unit? I understand the fail open/fail close and its application on a single firewall, but the better solution for an IPS failure in a redundant pair would seem to be a stateful failover to the other ASA, and I don't see that as a documented feature.
We are testing the AnyConnect VPN Client to replace legacy IPSec VPN Client 5.0.x. We could setup the connections with SSL and IPSec (IKE v2).Now we have to decide which ist the better method.
I need to add memory to my ASA 55xx's (running 8.2(2)), some of which are config'd active/active or active/standby. The docs say that ram must be identical, which makes sense for production. My question is this: can I upgrade the standby units first, make them active, and then upgrade their mate? Or must I schedule downtime to take the pair down for the upgrade?
I am in process of replacing our 44xx controllers with new 55xx controllers. During the upgrade, I would like to add redundancy to our guest controllers that reside in the DMZ and had a question about regarding the setup.
If I remember correctly, I would place both guest controllers on the same mobilty group, and then add both of the controllers to the foreign controllers. The foreign controllers will form mobility with both anchors, but choose the one with the lowest MAC address as primary. On the foreign controller, if the lowest MAC addressed anchor controller does not respond, it will connect to the second controller. Is that still true? or is there a better way to go about it?
Also, I was wondering, do I need to put different guest network ranges on each of the Anchor controller? or can I use the same exact range on both anchor controller (since if a controller goes down, the clients would be reconnecting to the second controller anyways?)
Any best way to setup redundant Anchor (guest) controllers).
I have a wrt320n. works good with all my computers. I bought a Visio tablet and I can only hook up to an open network. I want to be able to use my router with security. Such as wpa/wpa2 or wep. I tried all connections. Only the open network is the only one that I can connect to.This my first tablet and I never hooked one up before.
I am unable to log in to my wireless network with my TV. It worked with my old router but the EA4500 recognizes the network but will not accept the password. Even if I open up my guest network which is not secured by a password it will not connect to my home network. I've chatted with Cisco and Visio on this problem and Visio says it's an encryption problem with the router. Cisco wants me to have someone call me who charges for tech repairs.
why I can't use cisco ehwic-3g-hspa-u card in cisco 2800 series and 1841 series router?documentation said that it should work with that devices but when I installed it, it doesn't work even as device i can't see I am using cisco latest ios advance ent. 15.1(4)M4?
What's the main technical differences among the 1140 AP series and the 1260 AP series?I know that the 1260 supports external antennas while the 1140 supports internal antennas, but apart from that, is there any other important difference ?
My Draytek 2710 just dies after 2 years so I was looking for something a little more reliable and noticed the spec of the SRP527W-U.I take it with only one antenna and reading a couple of past discussions, the wireless will only manage n-lite as some people call it i.e. 150Mbps, and not the full 300? Oh, and are the ports still only 100M and not Gig?I know the 547 would tick both these boxes but we are talking twice the price. How does the quality and logevity of the SRP500 series compare to the RV series (which would need an adsl modem) or the Linksys boxes?
Is it possible to install Content Security and Control (CSC) Modules on ASA 5505 ? Or only AIP SSC-5 Modules are the only modules that can be installed on ASA 5505s ?
Using ES2 enhanced etherswitch modules? Could not find out whether it functions identically as NM-16ESW or not. I do understand that ES3 module act like a separate device connected to the router chassis via internal interface and has its own configuration file and processor resources similar to older NME-16ES modules. What about ES2 card (e.g. SM-ES2-24)? Does it work as separate L2 switch connected to the router chassis via trunked internal interface or integrates to the router like the older NME-16ESW module did? Is it possible to turn its ports into the routed mode (no switchport) and use them for L3 forwarding with routing protocols such as OSPF?
In a 6500 or 7600 a 'show module' gives a run down on all the modules in the slots, their HW and SW versions and status. But I can't find a similar command in the ASR1006.
Looking for a show command to display the actual physical Ram modules inside a 2911 router. I believe they come with 2x ram slots and I need to know if it has 1 ram stick or 2.show version displays the total amount of ram, but not if its 2x128 or 1x256 etc.This is also production gear so I cannot open it up and have a look until the scheduled downtime.
We had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference. Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart. The current IOS version is A2(3.2). The modules uptime was around 300 Days. Here is the log from 6509 switch during the restart. [code]
I want to collect the logging messages about the saa5525x IPS events from devices to a server running a syslog daemon, and I have no necessary to collect any other logging messages about the firewall, how would I config the configuration logging?
