Solved

What are these all files on my Cisco ASA 5505

Posted on 2009-04-14
4
1,703 Views
Last Modified: 2012-05-06
We have so many Cisco ASA 5505 and 5010 and we are only using them for Lan2Lan Ipsec tunnel.
For some reason, one of our ASA has its flash full of files that i don't recognize.
Also the other day, I tried to telnet to ASA from the LAN side, and my password was rejected for some reason, it keeps saying connection closed by host.

This is what I get when I show flash:

asa5505-RDW# sh flash
Initializing disk0: cache, please wait........Done.
-#- --length-- -----date/time------ path
  6 14635008   Feb 16 2008 14:55:36 asa803-k8.bin
  7 5623108    Feb 26 2008 23:58:34 asdm-522.bin
  8 6851212    Feb 16 2008 14:57:40 asdm-603.bin
 11 0          Feb 16 2008 15:01:04 log
 12 0          Feb 16 2008 15:01:24 crypto_archive
 13 8312832    Feb 27 2008 00:00:34 asa722-k8.bin
 20 2864       Feb 27 2008 00:03:50 csco_config/locale/LC_MESSAGES/PortForwarder
.po
 21 18503      Feb 27 2008 00:03:50 csco_config/locale/LC_MESSAGES/webvpn.po
 22 896        Feb 27 2008 00:03:50 csco_config/locale/LC_MESSAGES/banners.po
 29 3224       Feb 16 2008 15:01:44 csco_config/locale/ja/LC_MESSAGES/customizat
ion.po
 30 4481       Feb 16 2008 15:01:44 csco_config/locale/ja/LC_MESSAGES/PortForwar
der.po
 31 32846      Feb 16 2008 15:01:44 csco_config/locale/ja/LC_MESSAGES/webvpn.po
 38 2430       Feb 16 2008 15:01:44 csco_config/locale/fr/LC_MESSAGES/customizat
ion.po
 39 4149       Feb 16 2008 15:01:44 csco_config/locale/fr/LC_MESSAGES/PortForwar
der.po
 40 30822      Feb 16 2008 15:01:44 csco_config/locale/fr/LC_MESSAGES/webvpn.po
 41 5          Feb 16 2008 15:01:44 csco_config/locale/clean.8.0.done
 53 4181246    Feb 16 2008 15:01:36 securedesktop_asa_3_2_1_103.pkg.zip
 54 0          Feb 16 2008 15:01:36 sdesktop
 55 1462       Feb 16 2008 15:01:36 sdesktop/data.xml
 56 3188033    Feb 16 2008 15:01:38 anyconnect-macosx-powerpc-2.1.0148-k9.pkg
 57 3148346    Feb 16 2008 15:01:40 anyconnect-macosx-i386-2.1.0148-k9.pkg
 58 1955915    Feb 16 2008 15:01:42 anyconnect-win-2.1.0148-k9.pkg
 59 3488201    Feb 16 2008 15:01:44 anyconnect-linux-2.1.0148-k9.pkg


What are these all these PortForwarder.po, linux.pkg.

I never configure any anyconnect or anything for linux connection.

Do you think it's possible someone has hacked in to my ASA?

FYI, all internet ports are open on the ADSL router to the ASA.

i would've thought this is save as we have proper ACL, allowing only access for ipsec tunnels..

let me know what you think..

thanks in advance
0
Comment
Question by:ricks_v
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
rynox earned 100 total points
ID: 24144727
Those are files that are on the router to facilitate the remote instalation of the AnyConnect VPN client.  They came with the router, no need to worry.
You can read more here:
 http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html
0
 
LVL 4

Assisted Solution

by:SimWhite
SimWhite earned 150 total points
ID: 24144734
This files is the ASA's files. If you don't use anyconnect, just delete it. You can use only asdm and boot flash files.

And what about the telnet. Check yours AAA settings and telnet settings in config.
0
 
LVL 6

Author Comment

by:ricks_v
ID: 24152923
My understanding, if you never configure any connect the flash should still be clear.

I did sh run on 5 of the rest asas we have and they all show the same:

Perth-ASA5505# sh flash
Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
  6 8515584    Jun 13 2008 15:13:06 asa724-k8.bin
  7 4181246    Jun 13 2008 15:14:06 securedesktop-asa-3.2.1.103-k9.pkg
  8 398305     Jun 13 2008 15:14:24 sslclient-win-1.1.0.154.pkg
  9 6514852    Jun 13 2008 15:16:14 asdm-524.bin
 12 0          Jun 13 2008 15:20:02 crypto_archive
 13 8312832    Dec 15 2008 14:51:10 asa722-k8.bin
 14 5623108    Dec 15 2008 14:53:14 asdm-522.bin

93515776 bytes available (33595392 bytes used)


the telnet issue, is just another weird thing, everytime tunnels are dropped, I cannot telnet to the box from LAN site and this doesn't make sense.

I'll keep question open for now, will try to run syslog server or maybe I can catch some interesting log..
0
 
LVL 4

Assisted Solution

by:SimWhite
SimWhite earned 150 total points
ID: 24154197
Are you using ASDM for configuring? ASDM can wrote some files, also may be you vendor is made a pre-configuration?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Issue with Cisco 4402 and 1142 LAPs 1 33
CISCO ASA 5505 double Wan 8 36
NAT/PAT unable to config correctly 7 43
Setting up a trunk port on a Cisco switch? 20 62
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question