[Webinar] Streamline your web hosting managementRegister Today

x

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

Good day folks

This month I am going to upgrade our Cisco ASA and ASDM.  I want to go from ASA version 9.6(1) and ASDM 7.6(1) to the latest stable version of both.  I have a few questions.

1.  What is the most current, stable and inter compatible versions of both the ASA and ASDM?  
2.  If I see ASA Firepower tab located in the ASDM, does that mean I also need to upgrade a corresponding file for this as well?
3.  Can I do a direct upgrade from the versions I have to the latest versions, or do I need some intermediary version?  I hope this is not the case.
(4).  If so, are there other considerations, like changing the startup and running configs in some way to be compatible with these newer versions?
5.  Is it as simple as logging into the ASDM, taking a full backup and then tools --> upgrade software from local computer, ASA and ASDM images separately and then setting them to boot images?  Note I prefer the GUI to command line as I am mild/moderately dyslexic, and if it can be done in the GUI, why not.  Save running to start up config, reboot, profit ?
6.  Is it ok to leave the old versions on there and is switching back to them as boot images in emergency ok to do?

I have only even done this once before and it was years ago, with an older now EOL version, with a non complicated running config, and I can't remember.  I do remember it was a non issue, but this is Cisco.

Thanks again for the advice and feedback.
0
Choose an Exciting Career in Cybersecurity
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Hello their community, i have a big problem how impact our environement production,
I have a CISCO ASA firewall version 9.4 (4) 16. hardware type ASA5515.
But when i active  Enable LDAP over SSL with port : 3269  in  LDAP Parameters for authentification/authorization users have error authentification " ERROR: Authentication Server not responding: AAA Server has been removed " 
If i desactive this option and use port 389 evrything work and users can connect to VPN
can you help me please to resolve this issue ?
capture-vpn-ios-asa.png
eurreur-asa.png
0
This is using a CISCO Catalyst switch 2960-24 port. There is another netgear GSM7248v2 switch. On Cisco switch, there are VLANs 1, 10, 20, and 30. Howerver, there are only VLANs 1, and 10 on netgear. I managed to form an uplink between these 2 switches carrying only vlan 10, and this is how i configured:

     Cisco:
     int gig0/23
     switchport mode access
     switchport access vlan 1
     
     netgear (GUi):
     On switching, VLAN Membership, select Port 23 (Untagged for VLAN 1, but "empty" for VLAN 10)
     On PVID, select Port 23, tick VLAN 1

the VLAN 10 works perfectly on this uplink (as access port). However, I used the same method for vlan 1, but failed.

How can I form a trunk link carrying both vlan 1 & 10 between these 2 switches?

These are my configuration:

Cisco:
int gig0/24
switchport mode trunk
switchport trunk native vlan 1
switchport turnk allowed vlan 1,10

netgear:
on switching, select port 24 as VLAN 1 (Untagged), and VLAN 10 (Tagged)
On PVID, select port 24 as VLAN 1

Anything missed out?


thanks in advance.
0
I have upgraded Cisco C2960 switch to Cisco C2960X. The configuration has been migrated to the new switch from the old switch C2960. The new C2960X switch does not ping anything outside its subnet. It can ping the router but nothing on the other subnets. Systems from the other subnets cannot ping either. I checked the Vlan1 gateway on the new switch and its the same as the earlier switch. not sure why I am not able to ping outside the subnet.
Background: There are two aging Cisco C2960 switches A and B configured in redundant configuration.  These switches were to be upgraded to C2960X switches C and D. Configurations have been copied to new switches from A and B to C and D. When switch B was replaced with switch D, all the communications were restored but it was not able to see other subnets. The switch can ping switch A and some uplink switches in the same subnet and also the router. The router can ping the Switch D. Having touble seeing other subnets.
0
Have never done this before, so just looking for quick confirmation... Trying to figure out best way to connect this:

I will have a fiber channel SAN, a Cisco fiber channel switch and a pair of servers running ESX 6.5 with the appropriate FC cards.

I am trying to scope IP ranges for the network where this will run. So does any of the above require IP addresses? Data is running on copper over a separate switch. Fiber is for storage communications only.
0
Hows everyone's experience with Palo Alto Networks Premium support?  Do they pickup the phone 24/7?  How is it compare to Cisco SmartNet support?
We were on hold for critical issue with pan for 30 min elevator music.  By that time we figured things out and ended the call.  Doesn't look like quick enough.

Anyone experienced the same or better?
0
Ok can someone please explain how to get my VPN IP pool talking to my inside network. Everything works fine using any connect VPN client. Assigns IP address but I can not ping inside subnet and the firewall itself cannot ping the VPN IP pool address .

update: ok now the firewall can ping connected client in the VPN IP Pool address 192.168.10.1 and it can ping the internal (inside) network but the VPN client cannot ping the inside subnet.

My goal here is to be able to launch ASDM to administer the firewall from afar. Any help would be appreciated..
0
Hi,

I have a Cisco Aironet 1602i-e-k9, I have configured it (attached config) and I wanted to assign the DHCP pool Wifi (created in the config) to assign it to the users. It works if I put the IP address in manually but I wanted to have the AP do the DHCP leases.

Cisco_Aironet_AP_trial.txt

Thanks in advance
0
Hi All!

I need a suggestion, hope you people help me.
I have done CCNA,CCNP in Routing&Switching and Security now want to do CCIE  in Security but little confused about future because everything is moving into Cloud, so can you anyone suggest me doing CCIE will worth it or not? I heard that Cloud technology jobs have good packages Compare to Cisco platform.
0
Is there away to change the Site to Site VPN Tunnel on a Cisco ASA to use a different non-standard VPN Port (ISAKMP 500/udp)?
0
Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Hi,

I have set up a IPSec Site to Site VPN between an ASA and a Cisco 4G 897 Router. The VPN is up and the setup is as follows:

HQ: 10.10.5.0/24----------ASA-----------------Site to Site VPN--------------------------------Cisco 4G---------------Branch Office 1: 10.21.1.0/24

from the HQ, I can access the servers on the Branch office, (except cannot ping the gateway: 10.21.1.1)

But from the Branch Office, I cannot reach any devices in the HQ.

All internet traffic from branch office needs to go through the VPN as well.

Any suggestions as to what I missed here?

Configs attached:
Branch Office 1: Mel_Site-Config-EE.txt
ASA: asa-config.txt
0
I have an inbound fiber circuit, with 5 static IP's.  I'm using 2 (.10 & .11), one for voice and one for data.  Problem is, this comes through a single port from the provider's router.

I have a cisco catalyst 2960-CX.  WAN is on port 1

I would like to pass all voice traffic to WAN .11, through port 7, to our host's internal router.  This should is to be a pass through with priority & QOS.

All LAN data traffic will pass .10 through to our firewall.

Which settings are necessary to accomplish this.
0
Hello,

I am looking into a solution for load balancing to 2 physical servers that sit on a cisco nexus switches, 5ks. Is this doable? if so, how? Also, if not an option on a nexus, I can move it to an IOS switch 6800.

2018-02-15-09_41_44-Book1---Excel.png
Thank you
0
We replaced a RV320 with an RV345. In the old router we had a routing to another network: 10.10.69.0/24 with next hop of 192.168.1.253, this worked fine.

When we enter the routing in the new RV, we can only seem to ping the 10.10.69.0 network, but our applications to the eternal network stopped worked.

We worked around this by adding the routing option to the PC’s itself, however this cannot be the solution for use with the Cisco RV345.

What can be the cause of this?
0
We have two Cisco switches directly connected.  One is using vlan 118, and one is using vlan 0.  All devices connected to both switches can communicate with each other - via ping, web interface, etc.  The only exception is that we cannot access any Linksys routers from a different subnet.  If I am using a computer on the 0 subnet, I can't ping or access the web GUI of a Linksys router that is on vlan 118, and vice versa.  I have asked Linksys about this several times, and I get answers like "you should never be able to access a device that is on a different subnet".  What I need to know is, is this by design?  Are the Linksys routers somehow just set up this way and it will never work, or is there something I can do to fix this?  If I have routers in a bunch of different subnets it becomes difficult to manage them if I can't access them from a different subnet.
0
0
Hello,

Have a Cisco ASA 5515 in a failover setup. Want to upgrade image  to 9.9(1) from 9.7(1) and asdm to 7.9(1) from 7.7(1) without down time. Looking for upgrade procedure. Any help is great! Thanks.
0
I had this question after viewing Cisco 2504 wireless controller with multiple VLANs.

Hi Experts I am having an issue with Cisco Wlc 2504,I have about 15 AP's and eight switches spanning eight floors,the network part works well with all switches working and multiple vlans (each floor is a different vlan)configured.However i want configure one vlan for wifi that spans all switches and floors (vlan 113).I have setup the vlan on the core switch and on my dhcp server. If i plug my computer on switchport configured for vlan 113 i get an ip and everything works but now once I plug an AP to the switch it does not get an ip and doesn't even join controller.I have configure the switchport that connects to the WLC as trunk and the switch port that go to the AP's as accesports to acces vlan 113,On the Wlc the management interface (port 1)is untagged and the wifi vlan interface (int 113)is tagged to vlan 113 and mapped to wlan SSId what could be issue here now.
0
I have a client who bought an ASA5505 and requested me to replace existing firewall.
As I am not an expert in Cisco I seek help from a friend and did it.
Now if I send an email from Exchange it goes with internet/gateway IP not the email server dedicated IP.
If I type whatismy IP I get gateway IP.
I did it many times in Sophos and Fortinet but I am not good in ASA.
Is there anyone who is good in Cisco  can guide me?

Thanks
0
Get expert help—faster!
LVL 11
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Hi EE,

I have a Cisco stack containing 4 cisco switches. The Firm have decided to upgrade one of the smaller datacenters. So the stack needs to be divided into 2 smaller stacks containing 2 switches each.

(It is Out of Band, meaning a restart is not a problem).

I have an IP for the new stack.
I have a rack available with everything ready.

So what is the "Best practice" or best way to go about doing that?

BR
S
0
Trying to stack 2 3650 switches and one member stuck in initializing, looks like IOS issue, seems they have different versions, but one seems way off and not sure if its reporting correctly?

*    1 52    WS-C3650-48PS      03.06.06E         cat3k_caa-universalk9 INSTALL

*    2 52    WS-C3650-48PS      16.3.5b           CAT3K_CAA-UNIVERSALK9 INSTALL


the second one is the one that will stay in initialization.  not sure how two switches purchased together could be that far off.
0
I just purchased a Siemon 10g ip 24 port patch panel and mounted it in my house for a home lab. I punched down my first port last night but something strange is happening. Right now I just have the cable coming directly from a laptop NIC to a punched down port on the Siemon 10g ip. The CAT 6E cable I made myself using the T-568B configuration. While this is my first patch panel punchdown, I have created a lot of cables in the past, using this same exact roll of 6E, so I am fairly sure my wiring is correct. I then have another cable going from the patch panel port to my Cisco SG300 switch. Now the problem is that I have no light on the SG300 switch port. I have 20 other devices working fine on the switch. I thought I wired it wrong but I re-wired the cable 3 times. The strange thing is that the laptop has full connectivity with lights on the laptop NIC. When I plug a cable into the laptop and plug directly into the switch I get lights on the switch port. I have tried multiple cables and multiple ports with the same result. When I unplug the cable coming out of the switch that is coming from the patch panel and insert it into a cable tester I don't get any lights on the cable tester check. Nothing whatsoever. without the patch panel the cable tester works fine. What could be wrong? Why do I have connectivity just no light on the switch? Why is the cable tester not showing me the wire checks? I have asked several network people and they have no idea. Did I purchase the wrong …
0
Is there a show command that should all router route decisions whether spawned by policy based routing (next hop) or a dynamic or static route? I think show ip route will not include pbr based route decisions.
0
Is there a special way to cable or config two 3650's as a stack with a stacking kit?
0
Hi ,

Am facing Port flapping problem on Cisco 2950/2960 switches which are connected to EDN/ESN since last couple of days...I have tried all basic troubleshooting still facing same issue..

Please suggest me to resolve issue...
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).