Cisco :: One Of ASA5510 Ethernet Interface Always Display Red Light?
May 21, 2011I find that one of the ethernet interface of ASA5510 always display RED light
View 3 RepliesI find that one of the ethernet interface of ASA5510 always display RED light
View 3 RepliesI have an ASA5510 that I am trying to set up for remote access using SSL VPN & clientless SSL VPN. I have followed the config guides on the Cisco website as well as the config guides elsewhere on the internet to no avail. I have a TAC case opened and have spoken with 4 engineers thus far. I have tried several software versions on the device and they all give the same result.When going to https://(outside interface ip address), I receive the expected ssl certificate error, then I click to continue to the website, and the browser never loads a page. I can see the ssl negotiation in my debug, and it completes that portion. My http debug shows the get requests to https://(outside interface ip address)/+CSCOE+/index.html and/or logon.html, but the page never loads.
View 7 Replies View RelatedI have an ASA5510 that I am trying to set up for remote access using SSL VPN with the anyconnect client. I have followed the config guides on the Cisco website as well as the config guides elsewhere on the internet to no avail. When going to https://(outsdie interface ip address),I get nothing, the browser never loads a page. Here are the commands I have entered:
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.3046-k9.pkg 1
svc image disk0:/anyconnect-macosx-powerpc-2.5.3046-k9.pkg 2
svc image disk0:/anyconnect-macosx-i386-2.5.3046-k9.pkg 3
svc enable
tunnel-group-list enable
[code]....
Went to log into the web admin interface on my SG-300 today and I get this in both IE and Firefox:
I'm not able to login by typing user/password and just pressing enter. I've tried power-cycling the switch, however, since the power cycle, the font-panel system LED has been blinking green. I seem to recall, though I can't locate the reference now, that this means the switch is running with factory settings, but that cannot be right because:
1. I had previously saved a new configuration on the switch, which it should be using now.
2. It is answering on the configured non-factory IP address -- just not rendering the web admin interface successfully.
I've had this unit for approximately a month. This is not the first issue I have had with this unit (see: [URL] and I'm experiencing some strange LAN speed issues since I installed it. Do I need to RMA this thing?
I installed dd-wrt latest for this router but it wont show any connections to the ports. I can connect to the router with my internet port connected to the computer but that is it. I tried connecting the modem to a port connection and it showed connected. I'm confused as the firmware loaded fine. May be I went over my abilities which is usually the case.
View 1 Replies View RelatedWe've recently shut down an interface on one of our ASA 5510s as we no longer use that service provider. The dashboard, however, still insists on showing traffic usage on this interface. How do I change the dashboard to display a more meaningful interface?
View 7 Replies View RelatedI have a ASA5540 firewall set-up with an interface MTU of 1500.
I suspect that we are receiving packets with a larger MTU but have not found an easy way of confirming this. Any command that can be run on the firewall to display the MTU packet size being received on an interface?
We are also running Solar Winds so could query an OID if such a variable exists.
I have a E4200 setup for 2.4 & 5G running the latest firmware. When I connect to the router wireless 192.168.1.1 and log in, it takes a few seconds for the web interface to display. Same happens when switching to the different config tabs. Is there any reason for this? I would think it would be immediate but it takes anywhere from 3-5 seconds for IE9 to respond.
View 2 Replies View RelatedRegion : UnitedKingdom
Model : TD-W8970
Hardware Version : V1
Firmware Version : 0.6.0 0.11 v000c.0 Build 121203 Rel.46289n
ISP :
However, when I initially connect to the router, either on the LAN or remotely via the internet, the router takes a long time to display the initial page (up to 1 minute) and then usually displays the page without any variable data included. Frequently it also fails to show the menu on the left either. By hitting Refresh several times, eventually it will load the page fully.
The green light on my Ethernet port is always on. Even when I unplug the Ethernet cable and shut down my computer. The only way it turns off is when I unplug my computer from the outlet. Also, my computer doesn't receive any internet when an Ethernet cable is plugged in and the yellow flashing light doesn't show either. I know the Ethernet cable is fine and the internet works fine on other computers
View 2 Replies View RelatedThe modem is sure working and so as the Ethernet cable since I am using it with another computer. I already had the driver updated but still it's not working. I actually suddenly heard noise in my computer before this happened. OS Windows 7.
View 7 Replies View RelatedIs it possible to set up a WAN interface on a FastEthernet interface of a Cisco 877 Adsl Router ?Due to my ISP, i've to use an external VDSL modem and must connect it to my cisco 877 router (and leave it's adsl interface unused).But i don't know how to set up a wan port, other than the adsl interface itself (dialer0), on my cisco.
View 7 Replies View RelatedHandPunch 3000 Time & Access Device, no Communication over the Ethernet, on the Ethernet Card the red light flashes for 1sec then red & Green for 1sec.
View 1 Replies View RelatedI had a malware attack and decided to reload my XP Media Edition on my Dell XPS 400 series. After the disc reformat and reload of XP from the operating system CD, and then loading the drivers CD, I cannot connect to the internet. The plug for the ethernet cable is red/yellow on two different jacks in the house. The modem is supplied by ATT U-verse. The TCP/IP is connected at 400 Mb/s but showing "0" data transfer in or out. The internet connection was working before the XP reload. I did not backup an "image" and so I may have lost my registries? Is there a way to "turn on" the ethernet port?
View 5 Replies View RelatedNeeding to bridge from my wic interface to an ethernet interface on a 2900 series router so that I can pass through the ip address given to the WIC, to my ASA so that I don't have to give my ASA a private range address. (Just like a service provider might do when bringing a T1 with managed router in to my prem)
View 1 Replies View RelatedI want to switch back to my dell desktop 4600, it is not reading the network or ethernet there is a steady amber light. I clean inside and pulled network card out and put back in and still have steady amber light. I have dsl with att and it works on my laptop.
View 5 Replies View RelatedI have a Thomson TG784 router and i have a problem with it. once i turn on my rouet, and no cables are plugged in, except the power one, the two lights start blinking. The Power and the Ethernet ligh blinking. Once i connect my Ethernet cable and my DSL cable, the light are still blinking with no changes... What should i do?
View 1 Replies View RelatedWRT400N worked great for 18 months.
Last week the Verizon-supplied DSL modem went bad (wasn't receiving data) and was replaced.
Now I can get Internet direct out of modem, and when I connect it to router the router's Internet light is on, but it seems to stop there. Devices connected to router via Ethernet or wifi don't get Internet.
I'm able to get to the router's admin console via Ethernet and wifi, but no Internet.
on the outside interface i cant perform the command ip address dhcp setroute.I get the error: IP and subnetmask form invalid pair indicating broadcast or network address.The commands are there when I do the ? command. It just will not accept the command with or without dhcp.I am trying to test an ASA-5510 as a 4G failover to our ASA-5520. This is Verizon's solution but they did not provide IPs, they use passthru on the 4G modem so I'm trying to set up dhcp. It worked a few days ago. Not sure what Im missing. The IP I got last time from Verizon was 192.168.0.199.
View 7 Replies View RelatedI currently have an ASA5510 with 2 interfaces (outside and Inside) running remote VPN for clients and L2L VPN for a couple of sites. I have traffic entering the inside interface, matching interesting traffic, being wrapped up in IKE / IPSEC and sent out via the outside interface. All straightforward so far.Now I have a new VPN which is required to go over another interface and not the outside. The traffic comes in to the inside interface as normal and should be matched via ACL, encrypted and sent out th e new interface however the traffic is simply sent out of the outside interface and doesn't get any IKE headers. If I reconfigure the interface to be be the outside it does at least match the ACL, wrap it up nicely in IKE and try to get to get to the remote peer.My questions are why does this behaviour occur and why isnt the traffic marked interesting and sent out the new interface.I don't have any issues creating a new VPN if I want it to go external, I just add the required information to the outside_map but i need the traffic to be encrypted and sent over another interface. I not a huge fan of the GUI for this but I've tried both CLI and GUI with the same results.
View 2 Replies View Relatedi have a strange issue on a link between two ASA5510: both ASAs are interconnected by a P2P Fastethernet link, and the traffic between both ASAs is being secured by a L2L IPsec tunnel. The configured MTUs are 1500, however packets bigger than 1020byte are being dropped. IOS is 8.0(5). I didn't find so far any CAVEAT describing it.
View 2 Replies View RelatedIs this kind of configuration possible? Can the VPN tunnel go thru the Firewall to another interface (DMZ) on it? And not to end “outside” interface.I have DMZ network in ASA5510 interface and I like to end the L2L IPsec VPN tunnel on it. The tunnel mas go thru the ASA from Internet via outside to the end point DMZ interface. The traffic is decrypted to that interface. So the VPN L2L peer interface is the DMZ interface IP address, not the Outside interface IP address.
View 0 Replies View RelatedWe have two ASA5510's, running IOS ver. 8.2(4). We setup Load Balancing on two ASA's. Will there be any problems if we change the IP address of the outside interface on one of the ASA's?
View 0 Replies View RelatedWe have ASA FW 5010 in our organization and we have 4 DMZ's under the DMZ interface on ASA and all DMZ's are created on sub interfaces and assigned different VLANS on each DMZ's.
View 7 Replies View RelatedWe use filter rules on an ASA5510 firewall to direct clients to a web filtering server which generally works very well. However lately we're finding that despite having more web filtering licenses than users, the web filtering licenses are being consumed up, mainly because of a recent increase in the rollout of ipads, iphones, androids etc. We could deploy a proxy server in the wireless DMZ to make all the wireless devices appear to web filter as a single IP, and apply a single policy, but that brings it's own problems. My question is: Is there a way to hide them all behind the interface IP instead, so that all wireless devices appear to the web filter on the LAN as the wireless dmz interface IP rather than the wireless device IP?
View 1 Replies View RelatedOur ASA 5510 is running 8.0(5). We recently upgraded the license from base to security plus. By doing so the capacity of the the external port Ethernet0/0 and Ethernet0/1 should increase from the original FE to GE. But, we were still seeing 100 Mbps on our Ethernet0/0 interface. We figured that out that the provider switch is only supporting 100 Mbps which is a bottleneck for us.The provider will be upgrading there switches to 1 Gb switch.
We will have to swap the switch connections now from 100 Mbps to 1 Gb switch.What commands should we be familar ourself with?Though this will be doine in our maintenace window.All the transaltions/connections will be dropped in our production environment so we are kind of scared.
I have a scenario where there is an ASA5510 configured as follows:
Interface0 = Outside
Interface1 = LAN
Interface2 = DMZ
Interface3 = unused
Running ASA version 8.2[1]
All network operations are fine, as are the IPSEC tunnels to other branch offices, and the incoming SSL VPN accessed via the IP address assigned to the external adapter.
My problem is that I have a device on the DMZ that needs to access the AnyConnect service hosted on the external adapter so that it can access LAN resources. When I try accessing it, I see the following errors appearing in the debug log:
3Dec 03 201212:10:50710003[DMZ client address]51031[AnyConnect ExternalAddress]443TCP access denied by ACL from [DMZ client address]/51031 to DMZ:[AnyConnect ExternalAddress]/443 If you look closely, it suggests an ACL issue from the DMZ client to the external AnyConnect IP address BUT it suggests the Anyconnect IP address is on the DMZ interface.
I have been working on figuring out a VPN problem on my companies ASA5510. I was accessing the device via: ASDM, SSH using Putty, and even initially with a console cable (also using Putty) using a computer in the networking closet. All 3 of these access methods worked properly for me.I believe I may have inadvertently changed something as of Friday using ASDM. I am mostly assuming this because, as of yesterday I can no longer connect to the device. I actually cannot even communicate with it (ping the interface I normally use to manage, which I could previously ping). No computer on the same subnet as me is able to ping the interface. The device is still accepting VPN connections, dishing out DHCP addresses and everything else it normally does, but I really need to be able to gain access to it again. I am thinking to reboot the device when there is some downtime, in the hopes that ASDM doesn't save to startup-config and only to running-config.
View 5 Replies View RelatedRecently, I've been having significant problems with denial of service on our ASA-5510. Two IP addresses in particular attack my ASA regularly. What kind of rule do I need to create to deny these IP's access to my firewall?
View 4 Replies View RelatedI'm currently configuring an ASA5510.I connected a laptop (IP 192.168.96.18/255.255.255.0) to port 0/2 and tried to ping 192.168.100.2 ... impossible to ping outside interface.I resetted the config of the ASA to retest more simple. [code]
View 1 Replies View RelatedI try to SSH and get access denied.
I try to ASDM and get "Unable to launch device manager from 172.16.252.100"
I think I am missing something. Software is 8.4(5) and running in Transparent Mode.
Inside/Outside are in bridge-group 1. No BVI is configured as we will be using Management0/0 for access.
login as: test
test@172.16.252.100's password:
Access denied
[Code].....
We have a Cisco ASA 5510 with:
-version: asa845-k8.bin
-ASDM: asdm-711-52.bin
Interface "Outside" is a PPPOE configuration.We currently have 36 site to site VPN connections up and running through the "Outside" interface. Now when we try to add, via ASDM, a new site to site VPN connection, we can not choose the "Outside" interface. The interface is just not available. All other interfaces are, bot those are inside interfaces.
I tried running ASDM on a different computer (thought that ASDM or java got corrupted perhaps), but the same problem appeared.Now when we "shutdown" the outside interface and "no shutdown" it again, the "Outside" interface is available again when you add a new site to site VPN profile.
Sidenote: if we check the current profile of a succesful running site to site VPN, it say's that it's using an inside interface. But that is, ofcourse, not possible.
I am currently managing an ASA5510 using ASDM through the management port but I would like to manage the ASA through the internal port.
My concern is that I thought I remembered reading someplace that if you setup an internal port for management that it can't be used for anything else. Is this correct?
I only configured one internal port and it is the path to my LAN. I would hate to configure the port for management only to find that I disconnected my firewall from my internal network in the process. Can I use my one and only configured internal port for both ASA management and route from my LAN thru the ASA firewall?
I currently have the management port set to 192.168.1.1 and my internal interface is 10.1.1.1. If I open ASDM and connect thru the management port and select Configuration/Device Management/Management Access/ASDM/HTTPS/Telnet/SSH
select "ADD"
select access type "ASDM/HTTPS"
select interface "internal"
IP Address "10.1.1.0"
Mask "255.255.255.0"
Will that give me access to ASA management thru my internal network but cripple my network access to the ASA?