cisco ASA 5505 - HELP !!!

I can not connect to i just run class-map inspection_default by error, how ca i remove it ?

Result of the command: "sh run"

: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 193.242.107.242 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 194.239.134.83
 name-server 193.162.153.164
 domain-name default.domain.invalid
dns server-group OPENDNS
 name-server 208.67.222.222
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq 800
access-list outside_access_in extended permit tcp any interface outside eq 366
access-list outside_access_in extended permit tcp any interface outside eq ftp
access-list outside_access_in extended permit tcp any interface outside eq 5500
access-list outside_access_in extended permit tcp any interface outside eq 1200
access-list outside_access_in extended permit tcp any interface outside eq https
access-list outside_access_in extended permit tcp any interface outside eq ftp-data
access-list 100 extended permit tcp any host 192.168.1.100 eq ftp
access-list 100 extended permit tcp any host 192.168.1.100 eq ftp-data
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.100 3389 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.1.100 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface 800 192.168.1.100 800 netmask 255.255.255.255
static (inside,outside) tcp interface 366 192.168.1.100 366 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.1.100 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 5500 192.168.1.100 5500 netmask 255.255.255.255
static (inside,outside) tcp interface 1200 192.168.1.100 1200 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.100 4282 netmask 255.255.255.255
static (inside,outside) tcp interface domain 192.168.1.100 domain netmask 255.255.255.255
static (inside,outside) tcp interface ftp-data 192.168.1.100 ftp-data netmask 255.255.255.255
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 193.242.107.1 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
class-map inspection_default
!
prompt hostname context
Cryptochecksum:8ef61b3523fae6ecaa5210e245119a87
: end


radutAsked:
Who is Participating?
 
Vito_CorleoneConnect With a Mentor Commented:
I can try. Post your current sh run.
0
 
btassureCommented:
go to console and type:
no class-map inspection_default
0
 
radutAuthor Commented:
I can still not connect to server.. :(
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
Vito_CorleoneCommented:
Did you save the config? Just reboot the ASA.
0
 
radutAuthor Commented:
Whaw do i reboot the asa ? I have a Open RDP if i boot then that is gone. I have to be 100% shure that i can connect to the RDP after reboot


here is the new sh run

Result of the command: "sh run"

: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 193.242.107.242 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 194.239.134.83
 name-server 193.162.153.164
 domain-name default.domain.invalid
dns server-group OPENDNS
 name-server 208.67.222.222
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq 800
access-list outside_access_in extended permit tcp any interface outside eq 366
access-list outside_access_in extended permit tcp any interface outside eq ftp
access-list outside_access_in extended permit tcp any interface outside eq 5500
access-list outside_access_in extended permit tcp any interface outside eq 1200
access-list outside_access_in extended permit tcp any interface outside eq https
access-list outside_access_in extended permit tcp any interface outside eq ftp-data
access-list 100 extended permit tcp any host 192.168.1.100 eq ftp
access-list 100 extended permit tcp any host 192.168.1.100 eq ftp-data
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.100 3389 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.1.100 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface 800 192.168.1.100 800 netmask 255.255.255.255
static (inside,outside) tcp interface 366 192.168.1.100 366 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.1.100 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 5500 192.168.1.100 5500 netmask 255.255.255.255
static (inside,outside) tcp interface 1200 192.168.1.100 1200 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.100 4282 netmask 255.255.255.255
static (inside,outside) tcp interface domain 192.168.1.100 domain netmask 255.255.255.255
static (inside,outside) tcp interface ftp-data 192.168.1.100 ftp-data netmask 255.255.255.255
access-group 100 in interface outside
route outside 0.0.0.0 0.0.0.0 193.242.107.1 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
!
prompt hostname context
Cryptochecksum:8ef61b3523fae6ecaa5210e245119a87
: end
0
 
Vito_CorleoneCommented:
If you have not saved the config a reboot will revert back to the startup config before you made changes.
0
 
Vito_CorleoneCommented:
You could also paste this in:

class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
!

But that may not account for what you previously had configured for your inspect rules.
0
 
radutAuthor Commented:
i do not know how to se what is what, the sh run return the current config og saved config.

Whow do i reboot ?

0
 
Vito_CorleoneCommented:
You can do a "sh start" to see what's in there.

Actually, if you do a "sh start" and it has the old config, you can paste your inspect rules into the console from there.
0
 
Vito_CorleoneCommented:
To reboot, enter "reload". But before you do that, post the output of "sh start".
0
 
radutAuthor Commented:
I think that this is the current configuration.

In the GUI i can not se alle the rules i can se in the output by sh run.
0
 
Vito_CorleoneCommented:
If the output is right in "sh run" do a reload then. If it isn't, paste in the rules I posted above.
0
 
radutAuthor Commented:
Here is all ok ?


Result of the command: "sh start"

: Saved
: Written by enable_15 at 08:36:28.583 CEST Wed Nov 18 2009
!
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 193.242.107.242 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 194.239.134.83
 name-server 193.162.153.164
 domain-name default.domain.invalid
dns server-group OPENDNS
 name-server 208.67.222.222
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq 800
access-list outside_access_in extended permit tcp any interface outside eq 366
access-list outside_access_in extended permit tcp any interface outside eq ftp
access-list outside_access_in extended permit tcp any interface outside eq 5500
access-list outside_access_in extended permit tcp any interface outside eq 1200
access-list outside_access_in extended permit tcp any interface outside eq https
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.100 3389 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.1.100 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface 800 192.168.1.100 800 netmask 255.255.255.255
static (inside,outside) tcp interface 366 192.168.1.100 366 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.1.100 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 5500 192.168.1.100 5500 netmask 255.255.255.255
static (inside,outside) tcp interface 1200 192.168.1.100 1200 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.100 4282 netmask 255.255.255.255
static (inside,outside) tcp interface domain 192.168.1.100 domain netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 193.242.107.1 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
!
prompt hostname context
Cryptochecksum:8ef61b3523fae6ecaa5210e245119a87
0
 
radutAuthor Commented:
on the "old config " is security-level 0 on sh start is security-level 100 what is this ?
0
 
Vito_CorleoneCommented:
Says the config hasn't been written since November 18, so if your time is right, you should be able to reboot and revert back to the old config.
0
 
Vito_CorleoneCommented:
The security levels look the same on both to me. Reboot it.
0
 
radutAuthor Commented:
I can not reboot


Result of the command: "reload"

System config has been modified. Save? [Y]es/[N]o:  


Whau do i send no ?  i tried n .. and N



Result of the command: "N"

N
ERROR: % Incomplete command
0
 
radutAuthor Commented:
I think i done it ..  whau long will it take ?
0
 
Vito_CorleoneCommented:
You can't enter "n"?

0
 
radutAuthor Commented:
Now it is all working..

I made all this mess.. becouse i was woring on makeing Passive FTP to work, can you help ?

0
 
Vito_CorleoneCommented:
Should that be in a new question?
0
 
radutAuthor Commented:
Result of the command: "sh run"

: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 193.242.107.242 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 194.239.134.83
 name-server 193.162.153.164
 domain-name default.domain.invalid
dns server-group OPENDNS
 name-server 208.67.222.222
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any interface outside eq pop3
access-list outside_access_in extended permit tcp any interface outside eq 800
access-list outside_access_in extended permit tcp any interface outside eq 366
access-list outside_access_in extended permit tcp any interface outside eq ftp
access-list outside_access_in extended permit tcp any interface outside eq 5500
access-list outside_access_in extended permit tcp any interface outside eq 1200
access-list outside_access_in extended permit tcp any interface outside eq https
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.1.100 smtp netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.100 3389 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.1.100 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface 800 192.168.1.100 800 netmask 255.255.255.255
static (inside,outside) tcp interface 366 192.168.1.100 366 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.1.100 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 5500 192.168.1.100 5500 netmask 255.255.255.255
static (inside,outside) tcp interface 1200 192.168.1.100 1200 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.100 4282 netmask 255.255.255.255
static (inside,outside) tcp interface domain 192.168.1.100 domain netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 193.242.107.1 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd enable inside
!

!
!
prompt hostname context
Cryptochecksum:8ef61b3523fae6ecaa5210e245119a87
: end

0
 
radutAuthor Commented:
I will make a new question with the passive FTP can you help ?
0
 
Vito_CorleoneCommented:
Yep, I'll jump into it as soon as you make it!
0
 
Istvan KalmarHead of IT Security Division Commented:
what do you want?
0
 
radutAuthor Commented:
i just made it ..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.