Solved

Cisco ASA 5500 Firewall

Posted on 2011-09-12
3
309 Views
Last Modified: 2012-05-12
Hi there,

We work on a site where with two networks, one is a 192.168.1.x and one 192.168.2.x - the .2 being "GUEST" mode on a Cisco ASA 5500 Firewall.

The Firewall has 10 User Licenses.

We don't manage the firewall nor have access to it.

We have found that on the 192.168.1.x sometimes some of the machines don't browse. They can ping the gateway. The same happens on the 192.168.2.x network. It's very sporadic but machines can ping the gateway but not browse.

How is a "User" license decided? Are they fixed, i.e. first 10 devices? Is it connection based? Should it just block all connectivity!?

Any advise which could be offered would be greatfully received.

M
0
Comment
Question by:mattstannard
  • 2
3 Comments
 
LVL 3

Expert Comment

by:Thomas_Roes
ID: 36525168
Cisco want's your cache. This 10 user license mean's 10 devices can access the internet. I'm not exactly sure how long an IP (of MAC) address is cached as using the internet, but you do want to add extra user licenses if you have them.

Good router, but Cisco asks a lot (of cache) for it.

Thomas Roes
0
 

Author Comment

by:mattstannard
ID: 36525227
Hi Thomas,

Does it just block everything?

Can you force the cache to be cleared?

M
0
 
LVL 3

Accepted Solution

by:
Thomas_Roes earned 500 total points
ID: 36525640
As far as I remember, it block's everything for the 11th device. Clearing cache, don't know, rebooting the firewall helps, but you don't want that.

I see two options:
- 10->25 user upgrade (or unlimited)
- replace router (depending on your needs, this can be cheaper that the user license upgrade).

BUT: if you don't have access to it, and you don't manage it, put the problem at the guy's who do.

Thomas
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now