ACL not showing in ASDM 7.1 (ASA 9.0)

Similar Messages

• Sh arp does not show mac address of IP --- ASA

  Hi Everyone,
  I can ping the IP from the ASA but when i do sh arp it does not show me mac address od that IP.
  Need to know the reason behind this.
  Regards
  MAhesh

  So your ASA should have a route on the inside interface to internal networks. The address of that next hop in the routing table is the one you should have in your arp table allowing you to reach non-directly-connected (subnet-wise) hosts within the scope of that route statement.
  Think through the logic - ASA pings a host. It needs to determine proper egress interface. It checks and asks "Is it reachable via a directly connected interface (most preferred route)?" Answer no. "Do I have a route statement telling me how to get to it?" Answer yes (otherwise use default). OK - so ASA sends packet out egress interface defined in that route statement to the next hop as defined in route statement and waits for reply.

• ASA not showing CPU Usage

  HI,
  I was polling my ASA on OP manager which was reside on INSIDE zone now we move OP manager on DMZ. Now ASA not showing ACTIVE CONNECTION and CPU Usage in OP manager.
  below are snmp configuration.
  snmp-server host DMZ A.B.C.D community cisco version 2c
  snmp-server enable traps
  snmp-server community cisco
  and recieve a mention log on ASA during polling ASA on OP manager (NMS).
  Kindly advice in this regards.
  Regards,
  Arshad Ahmed

  Any one kindly reply

• Can't View ACL count details using ASDM

  We are running a ASA5520 with system image of "disk0:/asa843-k8.bin".  I'm also running ASDM ver: 6.4(7).
  So my question is while I'm in the ASDM on the configuration of the firewall, I'm looking at the Access Rules.  When I do a show log on any of the rules that have hit counts on them, it opens up a Real-Time Log Viewer but I don't see any information.  It's not showing anything, nothing appears, it just sit's there like it's waiting but no data is coming.  Even though if I go back out to all the rules, I can see the hit count incrementing.  The same thing happens no matter which rule I pick with hit counts on them. 
  I'm hoping in the end I can click on show log on the rule in question and see each individual hit information Source/Destination IP, Srce/Dest Port, Severity, Date and time.
  I'm sure it's just a configuration issue I'm missing somewhere but I can't seem to figure it out.  Any help with this issue would be greatly appreciated.

  Hi,
  Wat you would need to do is to add the log option after the acl that you are viewing, like:
  access-list outside_access_in permit ip any host 1.1.1.1 log
  Then go to ASDM and check the logs in the window.
  Hope that helps.
  Thanks,
  Varun

• How to set ASDM image on ASA remain factory-default

  Hi, Cisco Support Community
  I want to configure an ASA to facotry-default using the following commands.
  # configure factory-default
  # wr mem
  But when I use above commands, ASDM is to be unset !
  How can I set ASDM remain factory-default ? I don't want to include " #asdm image disk0:/~~.bin" command in configuration because it is not factory-default configuration.
  I don't know why I can do that on ASDM.
  First , Upgrade ASA&ASDM on ASDM.
  Second Operae factory-default and reboot on ASDM.
  Then ASA is to be factory-default and set ASDM image.
  I want to do that with CLI.
  Thanks in advance. 

  Thank you for reply.
  Of course I put ASDM image on ASA.
  You know we can launch ASDM on truly factory-default ASA.
  I mean how I can reset ASA to that condition using CLI.
  a problem is below.
  1. put ASDM image on asa flash
  2. (configure)#asdm image disk0:~~
  3.#show asdm image
  >> the image is set
  4 (config)#configure factory-default
  5.#show asdm image
  >> unset
  How can I truly reset to factory-default ?

• Capture of ASDM sessions on ASAs?

  I have TACACS enabled on a number of ASAs, and make use of the accounting data as triggers for various events. Alas, this facility seems much less complete than on switches and routers, as one item I'm interested in trapping is the 'end' of an ASDM session. While 'starts' are captured, there seems to be nothing to signal a 'stop' (i.e. 'disc-cause' or similar.)
  I'm trying to find an alternate method of capturing this (recognizing that an RFF would be the proper approach), though even that seems a challenge: I haven't yet come across any SNMP pollable MIB to identify what sessions exist, nor have I seen that any traps are available.
  The CLI 'show asdm sessions' produces the target list, while using this method feels even more clunky than having to poll a MIB/look for a trap/log, etc.
  Can anyone corroborate that this is the only alternative, or have I overlooked something in the MIBs?

  As of ASDM 7.1(4), it's still not working.  ASDM 7.1(5) has given me nothing but grief from a Mac perspective, so I haven't moved beyond 7.1(4) except to verify that 7.1(5) is borked with current Java versions (there's been reports of some people having success with 7.1(5) if they downgrade their Java, but I've neither the inclination nor the time to start down that rabbit hole).  I should note that the "success" I'm referring to is not multiple instances of ASDM, but rather basic functionality; ASDM 7.1(5) and current Java versions don't mix.  At all.
  tl;dr - if you want multiple instances of ASDM on a Mac, you'll need Parallels and Windows.  :/

• Migration Assistant Mav.: not showing ML Time Machine backup

  Hi Mac community,
  my own MBP mid 2010:
  clean install of Mavericks
  connected FireWire 800 external hard disk with recent Time Machine backup done in Mountain Lion
  started Migration Assistant, selected the Time Machine disk, and transferred all user data
  everything worked absolutely PERFECTLY and now Mavericks runs smoothly with all my old user data
  So I wanted to do the same thing with a relative's late 2009 iMac:
  still in Mountain Lion, doing Time Machine backups to TWO different USB 2.0 hard disks
  browsing the Time Machine disks manually to check whether all the files are there -- they are, including the (hidden) ~/Library folder
  clean install worked fine, Mavericks runs OK
  starting Migration Assistant in Mavericks ⇒ and - OH HORROR - the connected external Time Machine hard disk does not show up as a source - in fact, NOTHING shows up
  So I copied over the data manually, for which I had to enable the root account (how else would one delete/replace a whole ~/Library folder??)
  Then I tried to fix permissions manually (because other users could now read the files in the home folder).
  All the old data (mails, contacts, calendars) is still there, but the whole thing doesn't really run smoothly; each time one logs into the account, keychain asks weird questions and dock icons pointing to programs show questions marks again. Later today, I'll try to fix permissions for the home folder as a whole (Recovery Boot ⇒ Terminal ⇒ resetpassword ⇒ Reset Home Folder Permissions and ACLs), but I'd rather do another clean install and somehow get Migration Assistant to offer me the Time Machine backup as a source for user data transfer - AS IT SHOULD in an OS that 'just works' ...
  Anything I could do to convince Mavericks to use my old Time Machine backup??
  This is a real nightmare for me ⇒ I f*cked up a relative's system -- really hope I can fix it again.
  Cheers, folks!

  sorry, i don't know what else it could be then. if you have another external drive you can try doing a full system restore from the TM backups onto that drive and see if MA will recognize that drive and migrate from it. other than this there is always manual migration. slow and tedious but it can be done. see this link for help with that
  http://discussions.apple.com/message.jspa?messageID=6185507

• Hard Drive Not Showing in Terminal

  My Mac Pro started running slow even after clearing cookies and deleting unnecessary data including pics, documents, trash and history. So I recently upgraded to Macbook OSX Maverick (version 10.9.3) and uninstalled Mackeeper and all files associated with it according to the instructions here https://www.youtube.com/watch?v=efnXbn1nC4E. Then I repaired disk permissions. I also tried to repair ACLs according to the instructions here pondini.org/OSX/Password.html. All was going well until I reached the reset password window. I was instructed to select the volume containing the user account but there was nothing at all in the volume box. Macintosh HD is not showing up there. I can still see it and the files in my finder though. Weird. I do not know what to do. Everytime I try to access the web I get the message "connection was reset." The tab reads "problem loading page." After reading I realize that the home file needs permissions reset but is there a way to get the HD to show up in the terminal so I can reset home folder permissions and ACLs? Is there a Sudo command for this? This is too time consuming for me to keep researching this. I need help please. I just want my laptop functioning again. I am so frustrated. Uggghhh!!!

  I have also run into the problem of my Mac running slow and learned about the repair utility that can be reached upon rebooting and holding down the cmd key and R then running the terminal and putting in resetpassword which brings up the reset utility and the last instruction is to reset home folder and ACLs.  When I did all this my reset utility was empty not showing my hard drive or any users.  But once I turned off the FileVault both the hard drive and users showed up and was able to do the reset.  For me it took many hours to decrypt the hard drive and it appears that it is going to take twice as long to encrypt it again.

• [SOLVED] Printer not showing up in print options but working (CUPS)

  I am using Lexmark X1270 and have got it working via CUPS web interface (printed test page and all), but even after restarting CUPS daemon and rebooting, it does not show up in File > Print in any apps like Firefox, Openoffice, etc. All I see in the print is "Print to file," no printer shows up.
  Last edited by colbert (2010-12-11 03:18:44)

  Same problem here with a HP LaserJet Professional 1102W.
  Also:
  [luc@borlox ~]$ lp
  lp: Error - scheduler not responding!
  [luc@borlox ~]$ lpstat -a
  lpstat: Connection refused
  /var/log/cups/error_log:
  W [06/Dec/2010:14:27:23 +0100] Duplicate listen address "127.0.0.1" ignored!
  E [06/Dec/2010:14:27:23 +0100] Unable to set ACLs on root certificate "/var/run/cups/certs/0" - Operation not supported
  W [06/Dec/2010:14:30:19 +0100] Duplicate listen address "127.0.0.1" ignored!
  E [06/Dec/2010:14:30:19 +0100] Unable to set ACLs on root certificate "/var/run/cups/certs/0" - Operation not supported
  /etc/cups/cupsd.conf:
  # "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $"
  # Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
  # complete description of this file.
  # Log general information in error_log - change "warn" to "debug"
  # for troubleshooting...
  LogLevel warn
  # Administrator user group...
  SystemGroup sys root
  HostNameLookups Double
  # Only listen for connections from the local machine.
  Listen localhost:631
  Listen 127.0.0.1:631
  Listen /var/run/cups/cups.sock
  # Show shared printers on the local network.
  Browsing On
  BrowseOrder allow,deny
  BrowseAllow all
  BrowseLocalProtocols CUPS dnssd
  # Default authentication type, when authentication is required...
  DefaultAuthType Basic
  # Restrict access to the server...
  <Location />
    Order allow,deny
    Allow from All
  </Location>
  # Restrict access to the admin pages...
  <Location /admin>
    Order allow,deny
  </Location>
  # Restrict access to configuration files...
  <Location /admin/conf>
    AuthType Default
    Require user @SYSTEM
    Order allow,deny
  </Location>
  # Set the default printer/job policies...
  <Policy default>
    # Job-related operations must be done by the owner or an administrator...
    <Limit Create-Job Print-Job Print-URI Validate-Job>
      Order deny,allow
    </Limit>
    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
      Require user @OWNER @SYSTEM
      Order deny,allow
    </Limit>
    # All administration operations require an administrator to authenticate...
    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
      AuthType Default
      Require user @SYSTEM
      Order deny,allow
    </Limit>
    # All printer operations require a printer operator to authenticate...
    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
      AuthType Default
      Require user @SYSTEM
      Order deny,allow
    </Limit>
    # Only the owner or an administrator can cancel or authenticate a job...
    <Limit Cancel-Job CUPS-Authenticate-Job>
      Require user @OWNER @SYSTEM
      Order deny,allow
    </Limit>
    <Limit All>
      Order deny,allow
    </Limit>
  </Policy>
  # Set the authenticated printer/job policies...
  <Policy authenticated>
    # Job-related operations must be done by the owner or an administrator...
    <Limit Create-Job Print-Job Print-URI Validate-Job>
      AuthType Default
      Order deny,allow
    </Limit>
    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
      AuthType Default
      Require user @OWNER @SYSTEM
      Order deny,allow
    </Limit>
    # All administration operations require an administrator to authenticate...
    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
      AuthType Default
      Require user @SYSTEM
      Order deny,allow
    </Limit>
    # All printer operations require a printer operator to authenticate...
    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
      AuthType Default
      Require user @SYSTEM
      Order deny,allow
    </Limit>
    # Only the owner or an administrator can cancel or authenticate a job...
    <Limit Cancel-Job CUPS-Authenticate-Job>
      AuthType Default
      Require user @OWNER @SYSTEM
      Order deny,allow
    </Limit>
    <Limit All>
      Order deny,allow
    </Limit>
  </Policy>
  # End of "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $".
  I would be very thankful for any hint.

• Print management not showing up under administrative tools

  hello!
  for some reason even though i have all the proper roles etc installed print management is not showing up under admin tools. i have manually added the snap in to mmc console and saved that to a location for easy access, but the members on my team would like
  to have it available to them under admin tools, does anyone know a) why it does not show up or b) how to add my saved mmc snap in so it shows up under admin tools?
  thanks in advance.
  -chaz

  Very strange.  I just added it to a Windows Server 2012 R2 server and it shows up in Tools.
  Microsoft tools, into the Tools menu on Server Manager, you just need to put an entry in the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools directory.  You can even rearrange things, create sub-directories with different sets
  of tools, ACL the entries, etc.
  .:|:.:|:. tim

• CUCM 8.5 Not showing all device licenses

  I noticed when adding more device licenses today that the License Unit Report is not showing the new licenses.  I can view each license file and have verified the correct MAC address, but I am 40 device licenses short of what I should have.
  I have tried restarting licensing service as well as restarting CUCM completly.                   

  A couple things I'd try would be:
  1) Check the "Call Statistics" on each phone (during a call) to confirm they think they are sending and recieving video.
  1) Is a privacy shutter closed on one end or the other? Is one side or the other muted?
  2) factory reset both of the phones...
  3) Remove both phones from UCM and reregister them.
  4) Grab a capture on a port connected to one of the phones..to see what traffic you're actually seeing
  5) Are there any firewalls/ACLs that would block the video stream?

• Express does not show IP address of wireless camera

  I have a functioning Axis M1011 wireless camera, with a live stream into Safari on my local iMac.  All is well.
  My brand new Airport Express is definitely providing the wireless camera feed, as my internal airport card on my iMac is OFF.
  What is odd is that Express does not show IP address of the wireless camera when you click on it in Airport Utility.
  The iMac is static at 10.0.1.2.  Express LAN IP is static at 10.0.1.1.   The camera's wireless IP is static at 10.0.1.3.
  I have a working, hidden network created by express.
  I am baffled why express does not "report" the IP address of the camera that it definitely sees.
  It does not report any wireless clients at all.
  Any ideas?
  Thanks.
  mac

  So your ASA should have a route on the inside interface to internal networks. The address of that next hop in the routing table is the one you should have in your arp table allowing you to reach non-directly-connected (subnet-wise) hosts within the scope of that route statement.
  Think through the logic - ASA pings a host. It needs to determine proper egress interface. It checks and asks "Is it reachable via a directly connected interface (most preferred route)?" Answer no. "Do I have a route statement telling me how to get to it?" Answer yes (otherwise use default). OK - so ASA sends packet out egress interface defined in that route statement to the next hop as defined in route statement and waits for reply.

• ITunes does not show up on apple tv 1st gen.

  i have a 1st gen apple tv with the 160 gig HD. recently, it will not show the itunes site. Under teh movies tab there are my movies and trailers and that's it. Does anyone know how to get the itunes store back on apple tv?

  Known issue currently, you'll need to wait for the fix.

• My downloaded text sounds do not show up under the sounds tab in settings after installing 8.1.1. can someone help me please?

  i downloaded a couple text tones and since installing 8.1.1, they will not show up under the sounds tab. in fact, they do not show up in my recent purchases on itunes, but when i go to buy them again, it says that i have already bought this tone. I just want to use the tones i paid for as the tones on my phone. not asking much.... thanks for the help. i hope someone can help me get the tones working. thank you.

  This was happening to me too but only for some of my songs. I have a mac so I dunno about PCs, but for most of my ringtones I had to create an ACC version in itunes to make them short enough then turn that into a m4r and those all worked fine. But if the song was already short enough and I didn't create an ACC version and just turned the original into a m4r, then it wouldn't appear in my itunes.
  so if you're on a mac:
  1. go to get info, options, pick when you want the song to start and end.
       Has to be pretty short to work, 30 second or less is good
       if it's already short enough that's fine
  2. right click and click 'create ACC version'
       a copy with the length you put in will appear, drag that into a folder or whatever and just type in m4r where m4a would be
       still make an ACC version even if it's the right length
  Hopefully this helps someone else.

• Internet Streams in Playlists do not show up on Apple TV

  I use the following setup:
  - Apple TV MD199LL/A (Software 6.0.1) just updated to the latest
  - iTunes 11.1.3 for Windows (from a Windows 7 x64)
  - iTunes 11.1.3 for MAC (from a Apple MacBook Pro x64, Maverix)
  Homesharing is turned on both computers
  From both machines I share pictures, videos and music.
  All photos, videos and music files are getting displayed  on the Apple TV menu, and can be played.
  All iTunes playlists from both machines are  getting displazed on the Apple TV
  BUT!
  If a internet stream is added to a playlist, this entry does not show on the Apple TV menu.
  If the playlist contains only internet streams the Apple TV menu says "There are no songs in this library"
  If I hit the play key on my remote, it  will randomly play the first stream in the playlist (not realy reproducable pattern)
  I can play those streams in iTunes and send it via AirPlay without problems,
  Can anyone help me with this and tell me what I'm doing wrong?
  Thank you

  You can only view that rental on the iPad. For it to show up it has to be rented directly on ATV or through a computer and streamed via home sharing