ASA 5500 model default setting

Similar Messages

• How to set ASDM image on ASA remain factory-default

  Hi, Cisco Support Community
  I want to configure an ASA to facotry-default using the following commands.
  # configure factory-default
  # wr mem
  But when I use above commands, ASDM is to be unset !
  How can I set ASDM remain factory-default ? I don't want to include " #asdm image disk0:/~~.bin" command in configuration because it is not factory-default configuration.
  I don't know why I can do that on ASDM.
  First , Upgrade ASA&ASDM on ASDM.
  Second Operae factory-default and reboot on ASDM.
  Then ASA is to be factory-default and set ASDM image.
  I want to do that with CLI.
  Thanks in advance. 

  Thank you for reply.
  Of course I put ASDM image on ASA.
  You know we can launch ASDM on truly factory-default ASA.
  I mean how I can reset ASA to that condition using CLI.
  a problem is below.
  1. put ASDM image on asa flash
  2. (configure)#asdm image disk0:~~
  3.#show asdm image
  >> the image is set
  4 (config)#configure factory-default
  5.#show asdm image
  >> unset
  How can I truly reset to factory-default ?

• How to configure Cisco ASA 5500 to work with the iPhone

  We have Cisco ASA 5510 (latest firmware version), and apparently, according to Cisco website it is compatible with new iPhone 3G's IPSec client:
  http://www.cisco.com/en/US/docs/security/vpnclient/cisco_vpnclient/iPhone/2.0/connectivity/guide/iphone.html
  We've setup our first iPhone properly. It connects fine to the network, shows VPN connection as active. Gets a private IP address. But does not let any traffic go to the internal network. We thought it might be DNS problem, but it cannot connect to Exchange server even when using IP address instead of DNS. No luck either.
  After checking ASA logs, we found that iPhone goes through Phase 1 authentication correctly. But then gives some kind of error, mentioning "Attribute 5".
  Has anybody been successful configuring ASA5500 series (in particular 5510) to be used with iPhone?
  I noticed that many people are having these problems.
  Please do not post to this topic if you have ANY OTHER Cisco device.
  Cisco specifies that iPhone is compatible only with Cisco ASA 5500 Security Appliances and PIX Firewalls. Neither Cisco IOS VPN routers nor the VPN 3000 Series Concentrators support the iPhone VPN capabilities.
  Let's keep this topic only for users of ASA 5500 series and PIX Firewalls.
  It would be extremely helpful for a large number of users if somebody posted a list of settings for ASA5500 or PIX firewall that DO work with iPhone 2.0
  Thank you!
  Oleg R

  We found the solution and a bug in Cisco firmware (seems to be a bug).
  First of all, thanks to our Chief Systems Architect Seb, here is a config that worked for us on a Cisco 5520 (latest firmware).
  access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
  access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set iphone esp-3des esp-sha-hmac
  crypto ipsec transform-set iphone mode transport
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set pfs
  crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 iphone
  crypto map outside_map 10 match address vpn
  crypto map outside_map 10 set transform-set ESP-AES-256-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEMDEFAULT_CRYPTOMAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto isakmp policy 20
   authentication pre-share
   encryption aes-256
   hash sha
   group 5
   lifetime 86400
  crypto isakmp nat-traversal 20
  group-policy iphone internal
  group-policy iphone attributes
   wins-server value <insert ip> <insert ip>
   dns-server value <insert ip> <insert ip>
   vpn-tunnel-protocol IPSec
   ipsec-udp enable
   ipsec-udp-port 10000
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value iphone_splitTunnelAcl
   default-domain value <insert domain name>
  tunnel-group iphone type remote-access
  tunnel-group iphone general-attributes
   address-pool VPN-Pool
   authentication-server-group ActiveDirectory2
   default-group-policy iphone
  tunnel-group iphone ipsec-attributes
   pre-shared-key <insert pre-shared key>
  For iPhone you have to be using IPSec tab for configuration.
  We tried to set up this config using the wizards, but it would not work.
  Later it turned out that wizards by default set this setting:
  "crypto isakmp nat-traversal 20"
  equal to zero and there is no way to change it from the GUI.
  Only after we changed it (increased the value from 0 to 20) through the command line the connection started working perfectly.
  Please let me know how it works out for you.
  Message was edited by: Rogik
  Message was edited by: Rogik

• VLAN with ASA 5500 appliance

  We have a CME 4.0 setup and getting ready to configure VLAN's for Voice and data. Our LAN gateway is ASA 5500 security appliance. Do we need a router behind the ASA appliance to do VLAN trunking?
  or can the ASA appliance do VLAN trunk?
  We use 4503 Chassis for Core and 3560 switches for other buildings.
  We use 3845 Router with CME 4.0. Do we make this the LAN gateway and configure default GW on this router as the ASA appliance?
  Thanks
  AD

  Hi,
  You may configure the very CME Router as the InterVLAN Trunking device. If the phones are directly connected to the CME Router, nothing has to be done to the ASA configuration. Remember to configure the CME Router and the phones´ports in the switch as trunk ports.
  Regards.

• Default setting for Budget Report S_ALR_87013558

  Dear All,
  In Budget Report S_ALR_87013558, when it is executed every time when we enter, 2 number formats are displayed, one in Lakhs (Factor 1,00,000) and one in units (Factor 1). When I change it to Factor 1 through "Number format", then it comes as per selection.
  This is only in prod server, dev server is ok.
  How can I make it default to normal for all users on client level, i.e. to Factor 1.
  Thanks
  Shubham

  Execute the report, now change the number format as per your requirement, now after changing, Press Ctrl+S, this will save the setting to this report. so if you execute the report system will take the number format which you saved as default setting.

• How to change Default setting AutoCommit to 0 in Procedure or in Connecting

  [tttest@host1 ~]$ ttisql "dsn=ana_tt1122"
  Copyright (c) 1996-2011, Oracle. All rights reserved.
  Type ? or "help" for help, type "exit" to quit ttIsql.
  connect "dsn=ana_tt1122";
  Warning 20000: Use of a deprecated feature: Authenticate (ignored)
  Connection successful: DSN=ana_tt1122;UID=tttest;DataStore=/timesten/TimesTen/tt1122/info/ana/ana;DatabaseCharacterSet=ZHS16GBK;ConnectionCharacterSet=ZHS16GBK;DRIVER=/timesten/TimesTen/tt1122/lib/libtten.so;OracleId=ABCD;PermSize=1200;TempSize=500;TypeMode=0;OracleNetServiceName=ABCD;
  (Default setting AutoCommit=1)
  The "Default setting AutoCommit=1",I can modify it only later using :
  Command> autocommit 0;
  But, I want to know: Can I set the "Default setting AutoCommit=0"? When I connect the DSN? or Can I set "Default setting AutoCommit=0" in a procedure ? Because sometime I maybe want to change it in procedure.
  Thanks very.

  As you have pointed out, in ttisql session you can use AUTOCOMMIT 0 to disable the autocommit feature.
  Similarly in ODBC-based applications, execute SQLSetConnectOption function with SQL_AUTOCOMMIT_OFF.
  For JDBC applications, Connection.setAutoCommit(false) method to disable autocommit feature .

• Z ALV with Default Setting in save layout option disabled

  Hi friends! I need a little help. I have a Z ALV and we trying to save layout, but the option "Default Setting" is grey and I cannot use this. How can I enable this option in save layout?
  Thanks!!

  hi,
            there is a field  in the FM REUSE_ALV_GRID_DISPLAY HAVE export parameters "I_SAVE"   PASS  'X' to it. I think it will work.
  regards,
  Edited by: ZAHID HAMEED on Oct 26, 2011 10:41 PM

• Is there a way to have iCal notify of events by email as the default setting? Now I get Message with Sound as the default. I have OS 10.9.2/Mavericks.

  Is there a way to have iCal notify of events by email to myself [My Card in Contacts] as the default setting? Now I get Message with Sound as the default. I have OS 10.9.2/Mavericks.

  Is there a way to have iCal notify of events by email to myself [My Card in Contacts] as the default setting? Now I get Message with Sound as the default. I have OS 10.9.2/Mavericks.

• Can I over-ride the default setting in Organizer to allow sorting photos by filename ?

  I am converting slides from the 1970's and 80's to digital files and using PSE 8 to Organize them but it is important to me that they stay in the order of the file name I give them and NOT "Date: newest first or last" because it would seem that PSE, in the absence of metafile information, uses the date and time I uploaded the file to the Organizer as the "Date:".  ACDSee has a much more sensible arrangement in giving me full control of how my photos are sorted.  I am being driven to using ACDSee as the organizer and PSE as the photo editor, a not very convenient arrangement.  So my question is, "Can I over-ride the default setting in Organizer to allow sorting photos by filename ?"

  The type of file system that you're trying to set up, is actually done better by creating you own file heirarchy in Windows, and then viewing by import batch.  For example; you might create a top level folder "My Slide Scans", then perhaps, "My son John". So, the scans of john all go in the same folder, you import the folder in one batch, and you're where you want to be.
  That said, PSE will fight you at every turn to do this, since with the scanner hooked up with PSE, PSE is going to want to store your photos in "scanned photos" and import them as you scan them.
  I woud suggest this.  After the scan and import, use PSE to move the photos to their final destination folder, say " Hawaii 1994", and create a tag of the same name". Then when you're done scanning photos of this event, use the tag to view all the scans at once. Then, delete all the photos from the organizer. (Yeah, sounds radical I know). Take heart! All you've gotta do then is to reimport the whole folder. All the same name photos will be in one import batch. And with all the photos of any given topic in one folder, you'll be able to also use Windows Explorer in any number of modes to view the photos outside PSE.
  Keep in mind you can rename batchs of photos by selecting them, or by import batch or even tag, then "Ctrl. > Shift > N" will bring up the name change dialog box.
  This technique is quite contensious, but, it makes a whole lot more sense than storing all your photos in the "My Photos" folder on the "C:/" drive where any viral or malware hiccup might cause the necessity of a reformat, which could cause the loss of years of work.
  If a name search is a priority, that would be "Ctrl ."Shift" > "K" then type in whatever your heart desires.
  Caution: Before attempting a delete/ reimport manuver, Alway, always, write the tag and file info to the photo. "File" >"Write Tag and Properties Info to File".
  I always am quite adamantine about suggesting that you do NOT use the same physical HDD that contains Windows to store your photos, that's just asking for trouble. HDDs are quite cheap nowadays, and they're worth every penny in piece of mind. Plus to use a storage ("Volume") drive, you have to create your own file heirarchy anyway, so that leads right back to the beginning of this discussion.

• Cannot ping inside IP behind sonicwall from Cisco ASA 5500

  I have a sonicwall at site B and the cisco asa5500 at the main office. (site A)
  The site to site VPN is working, but I can not ping the inside ip (10.1.5.2) of the sonic wall from Site A. I need this only to access the computers behind the sonicwall for remote desktop and dameware.
  I have another office that also has a sonicwall (same config)  and I can ping that inside IP from Site A.
  I can not see why I can ping one site and not the other.
  What needs to be configured on the ASA 5500 to be able to ping inside the sonicwall at site B?
  I prefer the wizard over the CLI.
  Thanks,

  Hi
  AFAIK No you can not make vpn, transparent and routing in the same unit.
  I would not want the DMZ and the outside interface to have overlapping ip address ranges.
  logging and trying to keep track of it all would be way to confusing for me.
  so what I would do is to split the external network into two network units (/25) and move all the units that can be moved to a dmz with rfc1918 addresses.
  The units that can not be moved from the external network would have to stay put "for now" in another dmz with the 190 addresses /25
  This would need the isp to change their routing table in the edge equipment, the lower (or upper) part of 190.X.X.X/25 would be the dmz and needs to be routed to the firewall ip address.
  Then as time passes by the DMZ will be depopulated when equipment is moved out and replaced and in the end you will have the isp to merge the two 190.x.x.x/25 address ranges to one /24 and you will be back to todays setup but with all the servers in a rfc1918 network.
  Do not use NAT, use PAT instead when it comes to the ip addresses translated from the internet side. it makes for a much more secure network and you do not need as much ip addresses (in a normal case)
  With NAT you are translating the whole ip address but with PAT you translate the port so you can have ip X port 25 go to ip Y and port 25 and then you can have ip X port 80 go to ip Z port 80 or maybe 8080 or what ever port you want.
  good luck
  HTH

• Print driver for HP Designjet 5500 (Model Q1251A)

  Looking for print driver for HP Designjet 5500 (Model Q1251A), non-PS (post script) printer for MacBook Pro, OS X 10.7.5.  Current drivers on HP web support does not have driver for the non-PS printer and directs me to Apple's support site, but can't find location to look for a driver.

  Hello ..
  Try here > OS X: Printer and scanner software available for download

• How do I change the default setting from Pages to MS Word for Mac?

  How do I change the default setting from Pages to MS Word for Mac?

  https://discussions.apple.com/message/13008817#13008817

• How do I change the default setting on messages I print in "Mail".

  I know I can use the Font box on the tool bar and change each individual message but I don't want to have to do this. I can't adequately see the present default setting. I am sure it is something simple, but being new to the Mac I can't seem to find the right solution.

  Go to Mail>Preferences>Fonts and colors and set your font permanently there.

• Disk Utility Erase - Default Setting?

  Hi everyone, what is the default setting when erasing the HD from Disk Utility? Is it 'Don't Erase Data' option? I didn't check the Security Options before erasing but after it did erase the first time, I went back and used the 7 pass option. Is it safe to assume that all my data is erased from the HD now after taking these steps?
  Thanks
  JF

  Unless you're a Russian/Chinese/No. Korean spy or go out with Bin Ladin's descendants, you're golden already. And if you do form part of the beforementioned groups, the NSA/CIA/ETC. have tools that can overcome anything you can do with DU.
  So don't worry about it.

• How do I change the default setting on  the 'view scale'?

  I'll try submitting this a second time - it didn't seem to go through the first time.
  I have an iMac G5 (OSX 10.4.4.), my first encounter with Apple. I find that the default size that text displays on screen in the wordprocessing application is too small for my eyes (I ain't as young as I used to be ...). The text always displays in what seems to be about font 8 or 10, no matter what size I set the document font (it will print in the size I set, but not display in it).
  I have discovered that I can change the display size by using the 'view scale' tab in the lower left corner of the window. Size 140 suits me just fine. Problem is that I have to change the view scale each time I open a new document.
  Can anyone tell me how to change the default setting on 'view scale' ?
  iMac G5   Mac OS X (10.4.4)  

  Welcome to Apple Discussions
  You can create default documents with the settings you want for each type of AppleWorks document. I wrote a user tip, New, blank documents with your settings, that details how to do this.
  Peggy