Go Premium for a chance to win a PS4. Enter to Win

x

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Share tech news, updates, or what's on your mind.

Sign up to Post

can someone help why the below commands doesn't work?

xxx#

xxx#del flash:c3560e-universalk9-mz.122-53.SE2

Delete filename [c3560e-universalk9-mz.122-53.SE2]?

Delete flash:c3560e-universalk9-mz.122-53.SE2? [confirm]

%Error deleting flash:c3560e-universalk9-mz.122-53.SE2 (Is a directory)

xxx#Delete /force/recursive flash:c3560e-universalk9-mz.122-53.SE2

                      ^

% Invalid input detected at '^' marker.

 

xxx#Delete /force/recursive flash:/c3560e-universalk9-mz.122-53.SE2

                      ^

% Invalid input detected at '^' marker.

 

xxx#rmdir flash:c3560e-universalk9-mz.122-53.SE2

Remove directory filename [c3560e-universalk9-mz.122-53.SE2]?

Delete flash:c3560e-universalk9-mz.122-53.SE2? [confirm]

%Error Removing dir flash:c3560e-universalk9-mz.122-53.SE2 (Directory not empty)

xxx#



xxx> dir flash:
Directory of flash:/

    2  -rwx        8716  Aug 24 2016 14:58:09 -05:00  config.text
    3  -rwx        4120  Aug 24 2016 14:58:09 -05:00  multiple-fs
    4  -rwx    14581903  Mar 15 2013 20:12:53 -05:00  c3560e-universalk9-mz.122-55.SE5.bin
    5  -rwx        3816  Aug 24 2016 14:58:09 -05:00  private-config.text
    6  drwx         512  Feb 28 1993 18:15:07 -06:00  c3560e-universalk9-mz.122-53.SE2
0
I currently have remote users connecting  to the exchange server via my location to a VPN tunnel over our Cisco ASA network to Switzerland  to a  Exchange data store in Switzerland.

I want to maybe create a host file or on the outlook client or put a router on the switch to utilize the proxy setting instead over going over the network.  Image of proxy setting attached
SwitchSG500.jpg
1
I'm getting these errors, and I kind of understand why, but  I guess I might need some help in knowing how to configure the ports so they go away.
vlanmismatch
here's a small portion of my current network setup
current setup
here's how the network should be, as I have to install more cameras and use a POE switch.
proposed setup
I'm guessing I'll still continue to get those errors even with the new setup?
How do I need to configure those few switches so I don't get those errors?
The two switches with vlan 800, I only need to connect to them for management, and monitoring. I don't need and don't want any of that traffic to traverse my vlan1 network.

Any thoughts of what I'm doing wrong?
0
Hello,

I was given a retired Cisco 3550 to help determine if the netgear we have currently is the source of some odd performance issues on the network.

I'm running into an issue where anything plugged into the Cisco will only connect at 100Mb/s.   I have successfully reset the switch to factory defaults, as far as I can tell.  I have been able to run some commands, but I'm not very familiar with the Cisco IOS or configuring these switches.  If anyone can help me get this connecting at 1000Mb/s I would be grateful.  Let me know what information you need and how to get and I will gather the info as fast as possible.

I also seem to have a port flapping that I cannot figure out why or how to stop.

Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(9)EA1c, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Tue 28-May-02 10:06 by antonino
Image text-base: 0x00003000, data-base: 0x004E4568

ROM: Bootstrap program is C3550 boot loader

Switch uptime is 47 minutes
System returned to ROM by power-on
System image file is "flash:/c3550-i9q3l2-mz.121-9.EA1c/c3550-i9q3l2-mz.121-9.EA1c.bin"

cisco WS-C3550-48 (PowerPC) processor (revision E0) with 65526K/8192K bytes of memory.
Processor board ID CHK0632W0FS
Last reset from warm-reset
Running Layer2 Switching Only Image

Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 2 has 12 …
0
Hello
I have purchased a second hand ASA and trying my first config attempt. I was wondering if an expert could check over it and advise if it looks ok or recommend any changes.

I will be connecting a modem to a VDSL connection and placing it into Bridge mode so the ASA will be the main gateway to the internet for my home/lab. I don't need DHCP internally as I have a DCHP server internally for devices. I also have a Static IP address from my ISP.

Appreciate your assistance.
ASA-config-EE.txt
0
this is a proactive kinda request.   here it goes:  what is the best way to handle when you run out of private ips especially in a vpn ip sect situations?  for example:  Main siteA:  has 192.168.10.x , remotesiteB: 192.168.11.x,   remotesiteC:192.168.11.x , on both sitesB&C, i really do not want to change their lan ips out due to humongous devices already in placed that will require complicated reconfigurations.   with that being said, what is the best way to handle this without changing lan ips for siteB&C?  appreciate your advise.

all devices invovled are: SiteA ciscoasa5515, siteB&C CiscoAsa5506-x
0
Hello all!

I'm trying to find out what the best process is to create a full read-only user in a Cisco switch (3750 and 4500). TACACS+/RADIUS/AAA is not an option.

The user must be able to get the full output from "show config" and "show run" as well as pipe and include/exclude on "show run" commands. The user also needs to be able to do every show command (including things like "show banner motd/login", "show config archive diff" and the like").

The best I've found so far looks something like the following:
username <USERNAME> privilege 1 password <PASSWORD>
privilege exec level 1 show run full
privilege exec level 1 show config
privilege exec level 1 show banner login

Open in new window


However, I am wondering if there is a faster/easier way.
0
Hello, I have a Teamed 4 port nic that is used in my Host machine.  They are used for a Virtual switch that my current VMs connect to our physical network. Here is the port configuration on my Cisco switch they plug into (all 4 ports are configured the same):

"interface GigabitEthernet1/0/29
 description Dell Server
 power inline never
 speed 1000
 duplex full
 spanning-tree portfast"

 I am visualizing a Shoretel Director physical server that needs to be on a vlan 201 and will only work if I set my CIsco port configuration to;

"interface GigabitEthernet1/0/40
 description Shoretel Server
 switchport access vlan 201
 switchport mode access"

How would I add the Switchport Access VLAN 201 to work with my current virtual switch?  
Would I change one of the 4 cisco switch ports to this setting and leave the other 3 as is?
If I change one of the Cisco ports would I create a new Virtual switch and enable the VLAN 201 for that one server?

Thanks for your help
0
What is the maximum number of clients can be associated per WLAN and per Radio with Cisco 2504 WLC which has 25 AP's License?
0
Hi.

I have a Cisco ASA 5508-X Next Generation Firewall, set up to allow users to connect via Cisco Anyconnect. It is running 6.2.0.0 of the FTD (not ASA) software, and controlled by a vFMC.

Incoming client requests are authorised by a local DC, running Network Policy Server via RADIUS. This is configured to allow clients to connect if they provide the credentials for an AD account that is in a specified security group. The server is running 2008R2.

This all works! :)

Management have now requested that only machines that are members of the local domain be allowed to connect.  (not users on home machines for example)  Any ideas how this could be implemented?
0
Is there any free simulator for CCNA / CCNP ?

Thx
0
Is it possible to utilize two factor authentication with the Cisco AnyConnect VPN client?  If yes, can i use Google Authenticator?
1
Hello all, this is my 1st questions in this forum.  hopefully, I am in the correct place.  if not, my apologies.

Hoping to get some guidance on dual WAN links configuration... here goes...

I presently have 1 x 100mb fibre from Rogers as our main WAN link.  actually, I also have 100mb BELL MPLS as well, soon to be decommissioned.  Also have 2 x 3750 cisco - stacked.

We recently got another 100mb link to be used as our backup link if the primary fails.

Rogers primary - EIGRP
Bell - OSPF
Rogers Backup - will be EIGRP

presently have VLAN 340 carved out for PRIMARY link.  will use VLAN 350 for BACKUP.

like to get some guidance how to configure the 2nd link to be a failover link in case the PRIMARY goes down.

I am no way a routing expert...
what would be an acceptable configuration that I can apply?  Nothing fancy, just wanted to make backup link available as quickly as possible when primary goes down.

this is what I presently have in my PRIMARY EIGRP:
router eigrp 1
 network 10.30.0.7 0.0.0.0
 network 192.168.30.1 0.0.0.0
 network 192.168.31.1 0.0.0.0
 network 192.168.32.1 0.0.0.0
 network 192.168.33.1 0.0.0.0
 network 192.168.36.1 0.0.0.0
 network 192.168.37.1 0.0.0.0
 network 192.168.130.1 0.0.0.0
 redistribute ospf 1 metric 1500 20000 255 1 1500
 redistribute static
 passive-interface default
 no passive-interface Vlan340

the OSPF lines will go away eventually.


is it best to use VLAN or L3 interface?  does it matter or is …
0
Hi

Currently there is a  network new socket device connected to port 2  in network switch ?

Packet fail after checking  It was tagging to server Vlan.

How to untag the port 2 in Cisco ASA firewall ?

Thanks
0
Sorry if this question is too basic. I have setup 2  cisco routers 1841 model. I have the first one configured with the following

Fe0 dhcp <------this interface is connected directly to the internet
Fe1 10.0.3.1 <----This interface is connected to the LAN

My problem is how do you get Internet traffic from FE0 to FE1 and other interfaces.

I am using OSPF and i can route  traffic from 10.0.3.x to any other private ip address within the 10.x.x.x network. How can I forward ISP traffic to my internal network, thanks
0
Hi,

I'm currently transitioning over from my DD-WRT Router to Cisco ASA 5510 Firewall.  On my DD-WRT Router I currently use Dynamic DNS with the provider No-IP.com.  On the DD-WRT Router it was very simple to go to the DDNS tab, select No-IP.com as the provider, enter in your credentials, and that was it.  Then of course you would do port forwarding on the router for whatever you were using with DDNS.

I'm trying to do this same thing but on the Cisco ASA 5510 Firewall.  I've read a couple articles but I still don't understand how to transition over.  If anyone could help assist me, in detail, explaining what goes where, what gets set, either through the GUI (ASDM), or the CLI (in detail), step by step I would appreciate it.

I've attached a couple screenshots as well showing the DD-WRT Router DDNS section and the potential location on the Cisco ASA 5510 Firewall.

DD-WRT Router DDNS
Cisco ASA 5510 Firewall DDNS
Thanks
0
Today we were doing a new firewall install, the old firewall is a cisco ASA 5510 that was going to be replaced by a Sonicwall TZ 400(This was happening at 2 locations, the main office and the Colo).
The install was a bust and we were switching back to the Cisco, now upon switching back we cannot get virtual machines at the Colo to work, their office is up and running without issue, or any computer to use a couple IP addresses. Example LAN IP:
192.168.0.10
255.255.255.0
192.168.0.1
(it doesn't matter what the DNS is set to whether it is a public google/xfinity or to a DNS server that's local)
The systems cannot reach the outside network whatsoever
We have tried rebooting all network equipment
tried running netsh winsock reset
rebooting systems multiple times
destroying VM Switch adapter and recreating
investigated Cisco Firewall and no rules are in place stopping it.
The Cisco did show that from the inside out it is fine, but from outside in (Google dns to local ip) fails and defaults to the basic deny rule.
I have exhausted every resource I have and I am just short of going and sacrificing live chickens to the IT gods.
Please someone save me from this nightmare.
0
Hello!

I have searched, attempted, etc. for countless hours prior to posting my question here. I am looking to add a Guest SSID/wireless network to my existing topology. For whatever reason, I cannot seam to get anywhere using the Cisco configuration guides. One in particular, https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html#configs

It is rather dated as well.

Here is my current setup:

ISP--> Cisco ASA --> Cisco Router --> Cisco Switch
Cisco WLC and Cisco APs connected to Cisco Switch

The ASA and Router are on 192.168.1.0 network, and the port from router to the switch are on 192.168.0.0 network.
I have a Win 2012 Server on the 192.168.0.0 network that acts as my DHCP and DNS server.
I have 3 Cisco APs that are on the 192.168.0.0 network. (my management interface on WLC is on the 192.168.0.0 network as well)

What is the best method to incorporate a guest wireless network? Also, to correct my above setup (granted the management interface on WLC should not be on the same network as everything else)

I have attempted to create VLANs, but end up losing connectivity to the network, and there are two many possible areas of failure given all the components.

Should the router be the DHCP server instead of the Win 2012 server?

Please advise!!

Thank you in advance!!
0
I can not longer locate a setting in my Cisco Aironet 1130AG Access Point to make the LEDs blink for locating it.

I want a way to tell which of my 5 units I'm logged into with my web access.

Thank you,

John
0
Question about Cisco support.
Is it required to buy a Cisco smartnet support option?  Is there a default manufacture support from Cisco?
Do I need to buy a support that re-seller is offering besides the manufacture support from Cisco?
Cisco gear in question - ISR, Firepower, mgig switches, WAP controllers and WAPs.
0
We have two sites with a Cisco 1921 router at each.  Each has a VDSL HWIC and a batch of 8 IP addresses assigned by the ISP, with the inside interface (GigabitEthernet 0/0) connected to a pfSense firewall.  We have it working with a single IP assigned to the pfSense using the config below, but would like to make use of more IP addresses.  How can we configure the Cisco 1921 to allow this?  It's not possible to configure the inside and outside interfaces on the same subnet, so we split the 8 address subnet into two.

For this config, the assigned IP range is xxx.xxx.xxx.8/29, and the IP being automatically assigned by the ISP is xxx.xxx.xxx.9/32.  The pfSense firewall is on xxx.xxx.xxx.14/30.

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 ######
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn #####
!
!
username ##### secret 4 #####
!
!
controller VDSL 0/0/0
 operating mode vdsl2
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address xxx.xxx.xxx.13 255.255.255.252
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm 

Open in new window

0
Hi,

Just wanted some details on re-configuring(changing) ip address details on the management port on a WAE-674-K9?

THe system management port is an Ethernet port and i need to change the ip address and vlan details.

Any help would be much appreciated.

Thanks
0
I am having trouble getting netflow to work on PRTG from Cisco 800, 1800 and 2800 series routers.  

I configure a router to export v5 or v9 flows - same problem on each.

I go into PRTG and set up a corresponding sensor.  

I want detail, so in the channels section I tick detail on a couple of categories.  set all the other bits like listening IPS and port number

The sensor will go to 'OK' with a green icon, but not receive any data.  I try their netflow test tool and can see data hitting the machine, so I know that netflow is set up and the firewall is not an issue.  Playing with settings yields no results.  

I then set up a netflow listener for another router, but I don't change the channel definitions and it works!

I realise I need more detail, so I go into the sensor settings and tick 'No' for a couple of channels and 'Detail' for the OTHER channel.  

The graphs disappear.  The sensor stays green, but it show no data.  I wait 1/2 an hour and still no luck

I set the channel definitions back to defaults and wait.  The sensor still does not show any data.  This would be consistent with the first router.  Channel definitions were changed from defaults and the sensor will never work.  

I delete the sensor and add a new one with the same settings as before.  No data shows.  A broken sensor persists even after deleting it.  

Is this a PRTG bug or am I doing something wrong?

I want detailed graphs so I can identify what data is hogging bandwidth, …
0
Hi, I connected two asa5505 with a crossover cable to learn site2site vpn, I have these configures for both but it just not working, there are no activities on the outside interfaces. I have tested each asa5505 connected to my home LAN with internet access to make sure the interfaces are working. Thanks!


ASA Version 8.2(5)
!
hostname asa-a
domain-name asa-a.domain
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.1.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
 domain-name asa-a.domain
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn …
0
This is using Cisco ASA 5505 with firmware version 8.0.3. We are using 2 interfaces, ethernet0/0 for WAN (Outside) connection, with 16 public IPs (d.e.f.144/28). ethernet 0/1 to 0/7 are configured for LAN (inside). NAT is configured, and there should be 3 static 1-to-1 mapping for the internal servers to public IPs. Please see the attached asa config file.

Now, we got a new internal server with IP - 172.16.1.44. How should we configured so as the next public IP - d.e.f.150 is mapped with services available on port 8383?

Thanks in advance.
AAA-Cisco-ASA-5505-config.txt
0

Cisco

23K

Solutions

14K

Contributors

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).