Cisco Firewall :: ASDM And CLI Show Different Static Routes For ASA 5505?

Feb 23, 2013

I was checking out the config on my ASA and noticed a bunch of static routes configured when I did a show route. With the exception of two that I expect to be there, the remainder point traffic destined for specific  internal hosts to the outside interface, i.e.
 
S    private_ip 255.255.255.255 [1/0] via public_ip, outside
 
I verified that I  cannot ping those hosts from the firewall. I logged in to the ASDM. When I check  the Configuration>Device Setup>Routing>Static Routes it only  shows two static routes, the ones I expect to see. If I look under Monitoring>Routing>Routes, I see the same output as I did on the CLI. I looked around to see if I was missing a key location for this information, and I was able to see the same static routes output in Monitoring>Routing>Routes. Since this is under monitoring though there's no way to delete these routes, and I still don't know where they were configured originally. Then I happened to check under Monitoring>VPN>VPN Statistics>Sessions, and I see several of the private IPs used in the static routes being used by VPN users, including my own! I know I didn't assign myself a static IP for VPN use or anything like that. So, what are these static IP routes? Why do I see them in the CLI and not under the Configuration tab? I mean, I know I can delete them from the CLI but I'm trying to figure out why the info is not synced. Am I seeing dynamically created content based on the VPN connections?

View 2 Replies


ADVERTISEMENT

Cisco Firewall :: ASA5510 Static Routes For Management Interface Not Working

Mar 30, 2011

We have several pairs of ASA5510s in failover A/P mode, some running 8.3(2) and others running 8.4(1).
 
e0/0 = outside
e0/1 = inside
m0/0 = management
 
The problem we're having is we can't get anything to route out of the management interface unless we put in a static route at least to the subnet level. For example, we want syslog traffic to exit out m0/0 to our syslog server 10.71.211.79. Our 'gateway of last resort' points to the next hop out e0/0, and a second static route with a higher metric and a more distinct network space is for m0/0 as in:
 
route outside 0.0.0.0 0.0.0.0 192.168.49.129 1route management 10.72.0.0 255.255.0.0 10.72.232.94 10
 
This doesn't work, and ASDM loggin gives this error: ".....Routing failed to locate next hop for udp from NP Identity Ifc:10.72.232.89/514 to management:10.72.211.79/514"
 
If I put in a more granular subnet route, or a host route of the syslog server it works, such as:
 
route management 10.72.211.0 255.255.255.0 10.72.232.94 10   <------------- this works
 
route management 10.72.211.79 255.255.255.255 10.72.232.94 10   <------------- this works too
 
Why won't a static route for 10.71.0.0 255.255.0.0 work in this case?
 
We are going to have numerous hosts access and be sent messages though the management interface of these ASAs, and it would be very burdonsome to have to add a host, or even a subnet, route for every one. I've removed all static routes and tried to rely on EIGRP, but that doesn't work. I also had to put 'passive-interface management' under the EIGRP for this to work.
 
Here is the pertinant ASA config concerning syslog, routing, and interfaces:
 
interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.49.140 255.255.255.128 standby 192.168.49.141 !interface Ethernet0/1 nameif inside security-level 100 ip address xxx.xxx.xxx.xxx 255.255.255.128 standby

[Code].....

View 3 Replies View Related

Cisco VPN :: ASA 5505 / Static Routes Through Site-to-site Tunnel

Dec 17, 2012

I am using a Cisco ASA 5505 Here is a description of my topology.
 
Headquarters = 192.168.201.0
Client X = 172.16.0.0
Datacenter = 10.12.0.0
 Site to Site Tunnels:
Headquarters ---> Datacenter
Datacenter ---> Client X
 
I want to ability for computers in the Headquarters subnet to access the Client X subnet.I have tried setting up a static route to push all traffic destin for 172.16.0.0 to the datacenter, but was unsuccessful. how I can route all 172.16.0.0 through the tunnel.I have tried ading a static route on my ASA but without success.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 ASDM Show Log On Access-list Empty

Mar 14, 2013

I created some acess-lists, and you can assign a logging level to this access-list. Now this ACL has a lot of hits, so i want to see whats happening. Only the log I then see is completely empty. I cannot figure out how to get some info in that log.
  
I think there is some global logging setting i probably need to enable in order to get anything logged at all, but i cannot figure out which.

View 4 Replies View Related

Cisco Firewall :: ASA5505 8.4(4)1 Access-Lists Created In CLI Do Not Show In ASDM

Apr 30, 2013

Yesterday, I configured  ASA via CLI for Static PAT and created some entries in an access-list. I will be testing that setup this evening.
 
However on a quick double check of the settings on the device via ASDM I could not see the acess-list settings. I searched every tab and found nothing so I PuTTYed into the device and checked the running config. The rules I created were right there. Is this something I should expect? If so doesn't it defeat the point of having a GUI if it does not show a complete running config?

View 2 Replies View Related

Cisco Firewall :: 5505 Asdm From Outside

Sep 22, 2011

im working on a small project on a asa 5505 and beacuse i do most of the work from the outsidei want to open up asdm without vpn.
 
i have it working on another asa and the only difference is the rom version.the one not working is 8.0(5) - 6.2(3) and the one working is 8.0(4) - 6.1(5) did they do some changes?

View 6 Replies View Related

Cisco Firewall :: Upgrade ASA 5505 V7.2.4 ASDM V5.2.4?

Feb 28, 2013

I have been browsing the forum and the support notes for a couple of hours and haven't found a definitive answer to my question. Our ASA is on the subject versions. I watched a video on YouTube stating that upgrading the ASA is easiest if you upgrade ASDM, then the ASA. Problem is, I don't think I can upgrade ASDM first because I don't see a version that is compatible with ASA 7.2.x and 8.0.x.

View 3 Replies View Related

Cisco Firewall :: Possible To Install IOS 8.3 (2) And Asdm 6.3 (1) In 5505

Feb 19, 2012

I want to kown if is posible install IOS 8.3(2) and asdm 6.3(1) in firewall 5505 wich has 512MB of RAM and 128MB of flash. I installed it but according to the cisco page it can´t. maybe could work bad ?

View 1 Replies View Related

Cisco Firewall :: To Configure ASDM On ASA 5505

Sep 14, 2011

I have a firewall Cisco ASA 5505, and currently it is a command line firewall. I want to configure ASDM so that i can use it as a GUI Web Base interface.I really don't know what to do. How can I configure ASDM on my firewall.

View 7 Replies View Related

Cisco Firewall :: 5505 DMZ To Inside ASA 8.4 / ASDM 6.4

May 21, 2012

I have a standard ASA 5505 with inside, dmz and outside with the default security levels, 100/50/0. we have an email server inside which has been NATed and is working fine. However users accessing the wireless on the dmz are unable to access their emails on https (443). How do I allow SSL access ONLY to users on the dmz using ASA 8.4 commands or ADSM 6.4?

View 10 Replies View Related

Cisco Firewall :: ASA 5505 / ASDM Has No VPN Wizard

Oct 1, 2012

I am trying to configure a site to site ipsec vpn with 2 cisco 5505 ASA's. Unfortunately when i open up the ASDM there is no vpn wizard to start the configuration.The version of ASDM i am using from flash is 645-206.bin and the firmware on the ASA's is 842-k8.bin so should be ok. Why the VPN wizard doesnt appear?

View 7 Replies View Related

Cisco Firewall :: Cannot Launch ASDM From ASA 5505

Jan 3, 2010

recently, ater successfully connecting the VPN to the ASA 5505, I am unable to then launch the ASDM client meaning that I can only SSH in to the unit.
 
I found an old post from 2008 and replied. It refers to an article talking about it is not possible to enable https server and webvpn on the same interface.
 
Well I am running ASA 8.0(4) so this restriction does not apply.

View 16 Replies View Related

Cisco Firewall :: ASA 5505 ASDM Upgrade

Nov 16, 2011

I have successifuly upgraded ASA and ASDM image. My question is how to make it to boot it as default when you do a factory reset of the device. For the ASA image I found out that it will boot the first image it founds on the flash, so I left only the latest bin file and if I do factory reset it boot the latest. But for ASDM it still boots the old one, because there is no "asdm image disk0:/asdm-645.bin" command in the config. I`m not sure how, because I only left the new ASDM bin image. Is there any variable or something that still points to old asdm image?
 
My ASA version is 8.4(2) and ASDM 6.4(5). The old one was ASA 8.2 and ASDM 6.3.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Version 8.2 (5) - Can't Access ASDM From VPN

Jan 20, 2013

I've have an ASA 5505 with a inside network vlan1 (192.168.0.0/24) - i've configured an IPsec VPN profile and a VPN network of 192.168.0.50/24. I can through my VPN tunnel access inside hosts on vlan1 - but not ASDM on the ASA (192.168.0.1). Under management i've added the VPN network of 192.168.50.0/24 to have access to ASDM, but still does not work.

View 1 Replies View Related

Cisco Firewall :: How To Set Up NAT For Two Servers Using Same Port With ASDM ASA 5505

Apr 10, 2012

We have a new installation of a ASA 5505 and are trying to get some NAT issues straightened out. On our internal network, we have two servers running Filemaker Server, a relational database server that clients connect with using port 5003. Our goal is to be able to allow users from the outside to access either of these servers as needed. I know how to set up a simple static NAT rule and matching Access rule in ASDM which would be fine for a case in which only one server using a given port is running on a network, but for simple static rules I seem to be blocked from entering a different translated port number from the orginal port number, which becomes a problem when two servers we need to access from the outside are running software using the same port number.
 
What is the simplest way to address this need? I am guessing that I need to set up a scenario like this, where port 5004 (or any arbitrarily choosen unused port, can be used to access the second server: [code]

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Remote Access To ASDM?

Jan 5, 2012

How do I enable remote access to ASDM from outside of the network on the ASA 5505?  This would be used for remote access to the firewall at a site that is not utilizing VPN.

View 5 Replies View Related

Cisco Firewall :: Unable To Launch ASDM Over WAN - ASA 5505

Jan 9, 2013

Remote LAN pool is configured as inside. Route is proper. I am able to open 443 port from the remote LAN pool on the ASA. That means, the port is open from the remote pool. No response if I try https on the browser.

View 11 Replies View Related

Cisco Firewall :: ASA 5505 Page Cannot Be Displayed - ASDM

Apr 30, 2013

I have a Cisco ASA 5505 V10. I've upgraded it to use asa825-K8 & asdm-649.103.  Before the upgrade I was able to get to the ASDM via https://192.168.1.1.  However after the upgrade I just get a page cannot be displayed. I have rebooted the ASA.

View 4 Replies View Related

Cisco Firewall :: 5505 - ASDM Don't Load After Upgrade To JAVA 7?

Oct 18, 2012

My macbook pro recently  upgraded to the last version of java and now I can open the ASDM for my Cisco ASA 5505, when I try open, only show me the window of Java 7 ..., and don't load the ASDM.

View 15 Replies View Related

Cisco Firewall :: ASA 5505 - Enable Top Usage Tab On ASDM Dashboard?

Feb 3, 2011

Today I upgraded my Cisco ASA 5505 ASDM from version 6.34 to 6.41 cause of some problems on old version with NetFlow. But now when I switch to dashboard i can not see "Top Usage" tab. That was quite usefull for me. It simply disappeared.
 
Can i somehow configure which tabs are displayed on dashboard ? I really need that one and I do not want to downgrade :/

View 7 Replies View Related

Cisco Firewall :: Using ASDM To Change External IP Address Of 5505?

Mar 13, 2013

We have an ASA 5505 and are changing ISPs so we'll be getting a new static IP address. How do I change the external IP address using ASDM? (I haven't done it in 5 years so I'm rusty and just want ot make sure.) The ASA and ASDM are up to date.Am i correct in that I only need to change the external address in the configuration under Interfaces, then under Routing - Static Routes - Gateway IP I just need to enter the new WAN gateway address?

View 2 Replies View Related

Cisco Firewall :: 5505 - Opening TCP Ports In ASDM Launcher

Jun 20, 2011

I am trying to open up 3 TCP ports in Cisco ASDM Launcher:
 
16000
16001
8098
 
And have a Cisco ASA 5505 Router.  I need these ports open in order for a software that I have installed on the server to communicate with my local client computers for my business,  The software is installed on Windows 2008 Server Standard Edition and was installed with MicrosoftSQL 2005.  The software and Microsft SQL 2005 is pretty much installed and just requires this last step in order for the server to be connected to the local  computers.  In order to resolve this, I have gone to.

View 1 Replies View Related

Cisco Firewall :: 5505 ASDM 7.1 Fails To Start On MacOS

Feb 6, 2013

I have an ASA-5505 which I have been managing using ASDM from a PC and a Mac.I just happens that the Mac has not been used in a little while and when I tried to use ASDM on it, it fails.I've had a trawl through various posts and release notes (after updating various components in the process, incl Java with all the diabling/security updates of late) but am still having the problem and this is where I'm at:

- the ASA runs v8.4(2) and ASDM 7.1(1)52
- release notes state that ASDM 7.1 should work on Java 7 on Windows 7 and MacOS 10.7
- ASDM starts fine on my Windows 7 PC running Java 1.7.0_13
- I am also running Java 1.7.0_13 on MacOS 10.7.5
- on MacOS, ASDM starts, asks for credentials, download/refreshes the cached app... and then crashes with the following exception message:
 
The root cause of the issue seems to be that a Java class called apple.laf.AquaTableHeaderUI is not found..Now, I don't know much about Java, but that seems to be an Apple UI related class - I presume that it would be good to use this to give ASDM a more native look and feel, but why on earth is there no fallback? or am I missing something?

View 4 Replies View Related

Cisco Firewall :: ASA 5505 ASDM Image File Missing?

Jun 17, 2012

I've been trying to configure this Cisco ASA 5505 for days now. I used to be able to use the ASDM gui application, but i've since transitioned into using the CLI. Trying to go back to ASDM, it won't let me get back in, and when i try show asdm image, it says Device Manager image file not set. I have no CD for this device and I need that image file for the ASDM. How can I locate the file and install it on the router so I can use it?

View 2 Replies View Related

Cisco Firewall :: Can ASDM-5505 Allow Apple Bonjour Protocol Through VPN

Oct 26, 2011

I am trying to use the apple finder/application to view all my apple mac-mini computers.  I do have two asdm-5505 connected via a vpn tunnel.
 
At this point I can view only the computers on the local subnets. I called AppleCare and they gave some possible ports that can be opened in the firewall to allow the Bonjour protocol to pass through the ASDM:ports 5297/tcp, 5298/tcp-udp, 5353/udp, and 5354/tcp

View 1 Replies View Related

Cisco Firewall :: 5505 ASDM Location Is Using Same IP As Internal Server

Oct 27, 2011

I have a server that I need to open up some ports on to allow access to the new internal Sharepoint server we're setting up. I've been having some issues getting the ports open like once I put the commands in and save them that server suddenly stops allowing outbound traffic. After looking at a few things I noticed while I was looking at the config file that the ASDM location is showing 2 IP's, both are the same as the server I'm trying to open ports for one being the private IP and the other is the public IP I'm trying to use. Is this the reason I'm having problems when I try to open those ports to my server? Do I need to use both a different private and public IP for this server so I can get my ports to work? The programmers selected these IP's so if I need to change them I'll let them know in case they need to make changes for the Sharepoint setup. This is on an ASA 5505.

View 12 Replies View Related

Cisco Firewall :: ASA 5505 - ASDM Logon / Reset Username And Password

Sep 6, 2012

I completed the PIX 515 to ASA 5505 migration today with no problems - ok one problem with the logon for ASDM. I'm trying no username and password - then using username and password from the 515 Pix with no success. How to reset the username and password for the ASDM GUI website.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 SSL / HTTPS / ASDM Won't Work / Cipher Fail

Nov 21, 2010

Does my device not support enough encryption to get ASDM/SSL/HTTP working?
 
First time I've ever seen this...: 
 
%ASA-7-609001: Built local-host inside:192.168.1.10 %ASA-7-609001: Built local-host identity:192.168.1.1 %ASA-6-302013: Built inbound TCP connection 13 for inside:192.168.1.10/61194 (192.168.1.10/61194) to identity:192.168.1.1/443 (192.168.1.1/443) %ASA-6-725001: Starting SSL handshake with client inside:192.168.1.10/61194 for TLSv1 session. %ASA-7-725010: Device supports the following 1 cipher(s). %ASA-7-725011: Cipher[1] : DES-CBC-SHA %ASA-7-725008: SSL client inside:192.168.1.10/61194 proposes the following 11 cipher(s). %ASA-7-725011: Cipher[1] : DHE-DSS-AES256-SHA %ASA-7-725011: Cipher[2] : AES256-SHA %ASA-7-725011: Cipher[3] : DHE-RSA-AES256-SHA %ASA-7-725011: Cipher[4] : DHE-RSA-AES128-SHA %ASA-7-725011: Cipher[5] : DHE-DSS-AES128-SHA %ASA-7-725011: Cipher[6] : RC4-MD5 %ASA-7-725011: Cipher[7] : RC4-SHA %ASA-7-725011: Cipher[8] : AES128-SHA %ASA-7-725011: Cipher[9] : EDH-RSA-DES-CBC3-SHA %ASA-7-725011: Cipher[10] : EDH-DSS-DES-CBC3-SHA %ASA-7-725011: Cipher[11] : DES-CBC3-SHA %ASA-7-725014: SSL lib error. Function: SSL3_GET_CLIENT_HELLO Reason: no shared cipher %ASA-6-302014: Teardown TCP connection 13 for inside:192.168.1.10/61194 to identity:192.168.1.1/443 duration 0:00:00 bytes 7 TCP Reset by appliance %ASA-7-609002: Teardown local-host inside:192.168.1.10 duration 0:00:00 %ASA-7-609002: Teardown local-host identity:192.168.1.1 duration 0:00:00

View 7 Replies View Related

Cisco Firewall :: 5505 - Automated Upgrade To Incompatible ASDM ASA Versions

Jun 5, 2011

I used ASDM to upgrade a 5505 tonight and now I get the error message attached. How/where do I find out which versions are compatible?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - How To Store Show Capture Word Output

Apr 16, 2011

I have a cisco ASA 5505 . I need to store " show capture 'word' ( where is a variable) output  to syslog server for analyzing packet and port  .

View 2 Replies View Related

Cisco Firewall :: 5505 - Show Current IP Address Of Interface (dhcp)

May 8, 2012

Is there any way of showing the currently assigned ip address for an interface configured to use DHCP on an ASA 5505?

View 2 Replies View Related

Cisco :: ASA 8.3 With ASDM 6.3 Show Log On ACL?

Jan 20, 2011

I am trying to see what traffic goes through a certain ACL so I specify a protocol instead of allow all IP traffic. So what I did is enabled logging with debugging on that ACL. When I right click on the ACL and show log, nothing shows up. But I see hits on the ACL.

View 1 Replies View Related

Cisco VPN :: ASA 8.4(3) Dynamic VPN And Static Routes?

May 20, 2012

I am running an ASA with 8.4(3) and am trying to setup a dynamic VPN tunnel.  We are having a business reason to establish a VPN tunnel to customers who do not have nailed down IP addresses.  Now I found a number of documents that outline the steps involved.  It seems the basic steps were to Establish a regular tunnelAdd dynamic crypto mapAssign the dynamic crypto map to the tunnel created under step 1. While this sounds pretty straight forward and simple, while prepping for doing just this I hot a road block while thinking it through. In order for my ASA to put anything into the tunnel it has to have a route to the remote network pointing at my VPN peer at the  end of the tunnel.  How do I do this in a dynamic tunnel?  How do I add a dynamic route so the ASA knows which tunnel to stuff the traffic into?  How do I stop the traffic from just being send to the Internet?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved