ASA-5585-X 8.4(6)5 Idle connections are not being removed according to timeout settings

Hi,
Just a quick question if anybody has run into a bug where the ASAs "timeout" settings are not being applied to idle connections.
It seems that our ASA running the software level 8.4(6)5 is not tearing down connections. This mainly seems to be a problem in one Security Context where there are around 300k UDP connections (related to VOIP phones) that are not being torn down. Idle timers on the connections are going as far as 700 hours. Common to all the UDP connections is also the fact that only 19 Bytes of data has been transmitted on the connection built on the firewall. I am not sure what the purpose of these UDP Connections is as both the source and destination port is a random high port.
I was not able find any Bug ID which description would match the situation I am seeing. I did not see anything in the release notes of 8.4(7) or its interrim release either that would list thing kind of bug.
- Jouni

Hi Jouni,
This caveat seems to be the closest match as 8.4.6 is the affected ASA code.
CSCuh13899
Symptoms:-
Some connection may not removed even after reaching idle timeout.
https://tools.cisco.com/bugsearch/bug/CSCuh13899/?reffering_site=dumpcr
You can upgrade to the next stable ASA code as suggested in the referred document.
HTH
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.

Similar Messages

  • Idle Connections Are Dropping -- Official Response, Please?

    I recently used a WRT54G v.3 router with no problems until it one day decided to kick the bucket in an odd manner -- it actually still transmits a network that I can connect to wirelessly, but for whatever reason, it no longer allows either my wired or my wireless to connect to the internet. I figure something must be wrong in the hardware the registers internet input. Anyway --, so I purchased a WRT54G v.6 with SpeedBooster, and that's the one that my problem is occurring with. While everything works fine in the sense that I can connect to the internet, surf and browse normally, etc., I'm finding that my telnet connections are being dropped if they are allowed to idle for too long. It's really frustrating, and I'm wondering if there's anyone out there with a similar problem and, hopefully, a fix. Thanks in advance.

    See my postings here:
    http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&thread.id=35284
    I had a verison 6 (non speedboost though) that was firware updated as well and had issues with it. My wired side always worked but the wireless side was a nightmare - dropped connections while idle, dropped connections while not idle, machines not connecting above 1MB, etc, etc.
    I got fed up with it after toying with it for so long and replaced the version 6 with a version 8 last Friday. I have not had a single problem since the swap.
    I spent a good long time reading posts and other articles on the web and one thing that most WRT54G users with problems had in common - all version 6 of the router. I'm sure that there are those out there with a version 6 that run flawlessly but of the complaints I've read, the version 6 was almost always the common point.
    That's just my experience though - thought I would pass it on.

  • Business Continuity features available in ASA-5585-x

    Hi,
    in Data Center environment using only one ASA-5585-x, what kind of business continuity features, a single 5585-x offers or can be configured to keep the business running, in case the firewall got failed.
    Thanks
    Mike

    Hi,
    I am not sure if I understood the question completely.
    I am not really sure how any configuration on the device can help you if the actual device fails completely.
    With regards to the hardware I think only the high end model with SSP-60 comes by default with 2 PSUs while others come with 1 PSUs though you can install a second PSU to the units and in this way provide some redundancy in the event of power failure though that naturally depends on other factors than the ASA alone.
    To my understanding it is also possible to set up the single ASA 5585-X unit with dual SSPs. I have not had to set up such an environment so I am not sure how it exactly works. I am not sure how they handle together. I can't seem to find the document I was once reading about this. But I would imagine that this could provide redudancy to the firewall setup.
    Then there is also Clustering ASAs (not same as Failover pair) units but again this naturally requires additional hardware and is something I have not setup up myself.
    Then there is naturally configuring 2 identical ASA 5585-X units in Failover pair (Active/Standby or Active/Active) to provide redudancy in case of hardware failure.
    We have some less critical environments set up with single ASA5585-X units and we naturally dont guarantee the same availability for those services as with setup where we have 2x ASA5585-X units in Failover. We do have replacement units for these and can naturally get replacements otherwise also.
    - Jouni

  • Stateful Session Beans are not passivated / serialized when cache idle time

    Technology: Sun Application Server version 7.0.0_01; JDK 1.4.1; developed on Windows 2000; Tested on Sun Solaris.
    Initial error on Sun Solaris:
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr: Exception in thread "service-j2ee-25" org.omg.CORBA.OBJ_ADAPTER: vmcid: SUN minor code: 1015 completed: No
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.POA.GenericPOAServerSC.preinvoke(GenericPOAServerSC.java:389)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.POA.ServantCachePOAClientSC.initServant(ServantCachePOAClientSC.java:112)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.POA.ServantCachePOAClientSC.setOrb(ServantCachePOAClientSC.java:95)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.createDelegate(CDRInputStream_1_0.java:760)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.internalIORToObject(CDRInputStream_1_0.java:750)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.read_Object(CDRInputStream_1_0.java:669)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.read_abstract_interface(CDRInputStream_1_0.java:890)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.read_abstract_interface(CDRInputStream_1_0.java:884)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream.read_abstract_interface(CDRInputStream.java:307)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.IIOPInputStream.readObjectDelegate(IIOPInputStream.java:228)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.IIOPInputStream.readObjectOverride(IIOPInputStream.java:381)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:318)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.enterprise.iiop.IIOPHandleDelegate.getStub(IIOPHandleDelegate.java:58)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.enterprise.iiop.IIOPHandleDelegate.readEJBObject(IIOPHandleDelegate.java:38)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.ejb.portable.HandleImpl.readObject(HandleImpl.java:91)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.IIOPInputStream.readObject(Native Method)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.IIOPInputStream.invokeObjectReader(IIOPInputStream.java:1298)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.IIOPInputStream.inputObject(IIOPInputStream.java:908)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.IIOPInputStream.simpleReadObject(IIOPInputStream.java:261)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.ValueHandlerImpl.readValueInternal(ValueHandlerImpl.java:247)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.se.internal.io.ValueHandlerImpl.readValue(ValueHandlerImpl.java:209)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.read_value(CDRInputStream_1_0.java:981)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.iiop.CDRInputStream.read_value(CDRInputStream.java:287)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.sun.corba.ee.internal.javax.rmi.CORBA.Util.copyObject(Util.java:598)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at javax.rmi.CORBA.Util.copyObject(Util.java:314)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.telstra.nodeman.ejb._NodeMaint_Stub.getHandle(Unknown Source)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.telstra.nodeman.arch.NMAViewBeanProxy.checkBeans(NMAViewBeanProxy.java:631)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.telstra.nodeman.view.html.NMAStandardButton.handleRequest(NMAStandardButton.java:143)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.telstra.nodeman.arch.NMAViewBeanBase.handleRequest(NMAViewBeanBase.java:1573)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:824)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:637)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:595)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:772)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:446)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:324)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.telstra.nodeman.view.ViewServlet.doPost(ViewServlet.java:243)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:720)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperValve.java:118)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.java:278)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at java.security.AccessController.doPrivileged(Native Method)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:274)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:203)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:158)
    [10/Aug/2004:08:04:57] WARNING (17227): CORE3283: stderr:      at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
    The above error caused the server to use all available memory and required a reboot to proceed.
    Subsequent testing against the Sun Appliucation Server 7 on Windows 2000 dev environment using the Sun Studio IDE for debugging and trace statements inserted in the code indicate that the Application Server is removing the Stateful Session Beans when they time out without an ejbPassivate event and without serializing the beans to the data-store. cache-idle-timeout-in-seconds set to 180 and removal-timeout-in-seconds set to 1800.
    The server.log indicates that the beans are timing out:
    [19/Aug/2004:18:15:10] WARNING ( 1664): [NRU-com.telstra.nodeman.ejb.AddressMaintBean]: IdleBeanCleanerTask finished after removing 2 idle beans
    Trace statements inserted in ejbPassivate do not appear in the log.
    It is my understanding that the above timeout should have caused an ejbPasssivate and serialization of the beans.
    The beans have been validated using Sun Java Studio Enterprise 6 with 'EJB validate'.
    My reading of the problem is that the beans are not being serialized and the error occurs when the application attempts to reference (getHandle) the bean after timeout.
    Any suggestions would be appreciated.

    Thanks Thorick.
    I am using NRU caching. WL 7.0 SP2.
    I have not defined idle-timeout-seconds in my weblogic-ejb-jar.xml. As I understand
    the default value for this is 600secs. So the ejbs should be removed after this
    time. Below is the
    weblogic-ejb-jar.xml that I am using.
    <!DOCTYPE weblogic-ejb-jar PUBLIC '-//BEA Systems, Inc.//DTD WebLogic 7.0.0 EJB//EN'
    'http://www.bea.com/servers/wls700/dtd/weblogic-ejb-jar.dtd'>
    <!-- Generated XML! -->
    <weblogic-ejb-jar>
    <weblogic-enterprise-bean>
    <ejb-name>Cart</ejb-name>
    <stateful-session-descriptor>
    <stateful-session-clustering>
    <home-is-clusterable>true</home-is-clusterable>
    <replication-type>InMemory</replication-type>
    </stateful-session-clustering>
    </stateful-session-descriptor>
    <transaction-descriptor>
         <trans-timeout-seconds>
              60
         </trans-timeout-seconds>
    </transaction-descriptor>
    <jndi-name>CartHome</jndi-name>
    </weblogic-enterprise-bean>
    </weblogic-ejb-jar>
    "thorick" <[email protected]> wrote:
    >
    The idle-timeout-seconds property controls the timeout/removal behavior.
    which stateful session cache type are you using ? LRUCache or NRUCache

  • Huge number of idle connections from loopback ip on oracle RAC node

    Hi,
    We have a 2node 11gR2(11.2.0.3) oracle RAC node. We are seeing huge number of idle connection(more than 5000 in each node) on both the nodes and increasing day by day. All the idle connections are from VIP and loopback address(127.0.0.1.47971 )
    netstat -an |grep -i idle|more
    127.0.0.1.47971 Idle
    any insight will be helpful.
    The server is suffering memory issues occasionally (once in a month).
    ORA-27300: OS system dependent operation:fork failed with status: 11
    ORA-27301: OS failure message: Resource temporarily unavailable
    Thanks

    user12959884 wrote:
    Hi,
    We have a 2node 11gR2(11.2.0.3) oracle RAC node. We are seeing huge number of idle connection(more than 5000 in each node) on both the nodes and increasing day by day. All the idle connections are from VIP and loopback address(127.0.0.1.47971 )
    netstat -an |grep -i idle|more
    127.0.0.1.47971 Idle
    any insight will be helpful.
    The server is suffering memory issues occasionally (once in a month).
    ORA-27300: OS system dependent operation:fork failed with status: 11
    ORA-27301: OS failure message: Resource temporarily unavailable
    Thankswe can not control what occurs on your DB Server.
    How do I ask a question on the forums?
    SQL and PL/SQL FAQ
    post results from following SQL
    SELECT * FROM V$VERSION;

  • EclipseLink timeout on idle connections

    Hi,
    I'm using EclipseLink 2.1.0 + MySql for a web application. Internal connection pool is used instead of Tomcat maintained pool.
    The issue I'm currently facing is that connections in the pool become idle during the night (when the application is indeed idle).
    In the morning the first attempt to use a connection fails, but further attempts work fine.
    I've heard that H3C0 (Hibernate) and other connection pools support a feature that sends a sort of heartbeat packet to
    keep the connection alive so that every connection in the pool does not timeout (e.g. using the testConnectionOnCheckout
    property).
    Is it possible to get the same behaviour on EclipseLink in order to avoid that an idle connection times out ?
    Matteo

    It turned out that the feature I was looking for is not implemented in EclipseLink 2.1.0.
    In order to fix my problem I had to change the configuration of EclipseLink to use the Tomcat connection pool (dbcp). This provides the following useful parameters:
         testWhileIdle="true"
         validationQuery="select count(*) from dual"
         minEvictableIdleTimeMillis="2880000"
    Basically this checks every 8h idle connections performing the validation query, thus avoiding timeout. Simple and good!

  • ASA TCP Idle Connection Timeout Suspense

    Hello I upgraded our Cisco ASA 5520 with a Cisco ASA 5585. Though both ASA were configured with default TCP Idle Connection Timeout values people are now starting to complaint that idle SSH connections are being terminated. This is proper behavior but they were claiming it didn't occur with the old firewall. Our users are setting keepalives for 1800 seconds to get around this before I can bump the setting to infinite (setting 0). Is there a bug with the feature in older ASA OS?

    Hi,
    Before looking for a bug I would check the ASA logs (hopefully you are storing them to a separate Syslog server) and see why the connections are torn down (Teardown reason) and how long have they been on the ASAs connection table before they were torn down.
    You also have the option to perform traffic capture on the ASA for the traffic in question and confirm why or which party terminates the connection.
    I guess you can use the MPF on the ASA to configure separate idle timeouts for just these SSH Connections if you do not want to touch the global timeout values.
    I have not run into any problems with the timeout settings on the older softwares. In the newer softwares (8.3+) I have run into these problems. In those situation the ASA has not removed the connection that have reached the timeout value. I have seen connection that have been idle for over 1000h.
    - Jouni

  • ASA 5585 port-channels

    I want to create a port-channel with 2 10Gbs interfaces on 2 ASA 5585 firewalls, and set them up in a failover pair.
    In order to do this, do I simply put two 10Gbs interfaces into a channel and then configure the IP addressing and failover address on the logical port-channel interface? (aka interface po1).
    Any limitations with this?

    Yes, that is exactly what you do..
    Create portchannel on switch and ASA
    Trunk the vlan on switch side
    Create logical interfaces on ASA

  • ASA 5510 8.3(2.25) Failover Pair AnyConnect Sessions not Idle-Timing Out

    Hi guys,
    I have an Active/Standby pair of ASA 5510's running 8.3(2.25) software that are showing AnyConnect sessions running at 10 days +.
    The users in question are not connected...
    I have configured the profile's policy to idle-timeout after 90 minutes.
    Is this a bug?
    Kind regards, Ash.

    Hi guys,
    I have an Active/Standby pair of ASA 5510's running 8.3(2.25) software that are showing AnyConnect sessions running at 10 days +.
    The users in question are not connected...
    I have configured the profile's policy to idle-timeout after 90 minutes.
    Is this a bug?
    Kind regards, Ash.

  • Vlan on asa-5585

    Hi,
    Is there any way to create vlans on cisco asa 5585 similar way we do for cisco switches.
    The asa in this case is an interface for subsidary users to connect into this new network.
    We require few vlans to be created for some servers on the firewall. the firewall should be the gateway for these servers.
    eg. vlan 100 - 192.168.100.1/24 should be on the ASA firewall.
    How do we achieve this?
    Appreciate all help on this.

    Hi,
    You will have to configure atleast one physical interface as a Trunk interface if you want to bring the Vlan all the way to the ASA. Essentially the configuration follows the same lines as configuring a Cisco router to act as the gateway for multiple Vlans behind a switch.
    The actual configuration format depends on how you have set up the ASA. Is it Single Context or Multiple Context?
    In Single Context the configuration would be something like this
    interface GigabitEthernet0/0
    description TRUNK
    interface GigabitEthernet0/0.100
    vlan 100
    nameif LAN
    security-level 100
    ip add 10.10.10.1 255.255.255.0
    interface GigabitEthernet0/0.200
    vlan 200
    nameif DMZ
    security-level 50
    ip add 192.168.10.1 255.255.255.0
    If you are running Multiple Context mode the configuration could be something like this
    interface GigabitEthernet0/0
    description TRUNK
    interface GigabitEthernet0/0.100
    description LAN
    vlan 100
    interface GigabitEthernet0/0.200
    description DMZ
    vlan 200
    context EXAMPLE-CONTEXT
    allocate-interface GigabitEthernet0/0.100
    allocate-interface GigabitEthernet0/0.200
    config-url disk0:/EXAMPLE-CONTEXT.cfg
    Or something along these lines
    Hope this helps
    Please do remember to mark a reply as the correct answer if it answered your question.
    Feel free to ask more if needed.
    - Jouni

  • More Detailed Specifications for ASA 5585-X

    Hi:
    Does anyone know about a document in which is specified who may ACE rules are supported in an ASA5585-SSP-20?
    I need to compare this an other several specification versus a FWSM. I found the information for the module, but not for the ASA 5585-X..
    In the data sheet this information is not specified
    Thank you very much

    Hello Marco,
    That is because the FWSM does have a limit,  I have not seen any limit on the ASA, The asa does support way way way more than the FWSM, I have not seen any limit  yet but I have heard that it will let you know as  soon as is full of ACL's or you will start seeing a degradation of the performance. Anyway dude you have an 5585, that is a giant and amazing box You are more than safe.
    Hope this helps
    Julio

  • Visio stencil for ASA 5585-X?

    Hello,
    Can anybody help pointing me to where I can get a visio stencil for a asa-5585-x.
    I really appreciate it.
    Thanks,
    John

    Hi John,
    The official Cisco Visio stencils can be found here:
    http://www.cisco.com/en/US/partner/products/hw/prod_cat_visios.html
    I don't see the 5585 there yet, but once it's available that set should be updated.
    -Mike

  • ASA 5585-X Route-Map

    Hi,
    how can apply  route-map rules to an interface ?
    i set up some rules but i cannot apply these rules any interface.
    Thanks a lot.

    Thank you Kanwal.
    in a cisco router you can apply your route-map by using command ip policy map ... İ didnt find any command like this. İ set up some match and set conditions but i do not apply any interface.
    can i use route-map to manipulate routing table İn asa 5585-x.?
    sincerely

  • ASA 5585-X Licensing

    Hi,
    I was hoping to get some assistance from the community on 5585 part numbers/licensing.
    We have recently purchased some 5585-X SSP-20's.  The part number ordered was ASA5585-S20C20XK9       "ASA 5585-X Chas w/SSP20,CX SSP20,16GE,4 SFP+,2 AC,3DES/AES".  We want to enable the 10GE ports on the SSP-20, do we just purchase an additional license?  We are being guided by our reseller to swap the hardware for ASA5585-S20C20XK9      "ASA 5585-X Chas w/SSP20,CX SSP20,16GE,4 SFP+,2 AC,3DES/AES".
    Thanks,
    Colin

    Based on the documentation you need the Security-Plus License to enable 10G for the 5585 with SSP10 or SSP20.

  • ASA 5585-X TACACS+/RADIUS Server

    All,
    Can the ASA 5585-X's act as a AAA TACACS+ and/or RADIUS server for network infrastructure devices?
    I've used Cisco Secure ACS for TACACS and RADIUS AAA..
    My client has ordered a bunch of them.   They don't have an AAA solution and were just told they will need to implement AAA on network infrastructure devices.
    Thanks for any information.
    Stephanie

    Adding to Jan's correct answer.
    The current Cisco RADIUS offerings are either the ACS product (RADIUS and TACACS+) or Identity Services Engine (ISE - RADIUS only). Both are offered in both appliance and VM formats.
    Beside NPS on Windows server, there are also open source projects of both RADIUS and TACACS servers available.

Maybe you are looking for

  • Wrong assignment field (ZUORN) running MR08

    Hi all, On SAP R/3 4.6b we run transaction MR01 with unplanned delivery costs. As we have some price differences, the FI document has a line with the right price diff. G/L account. This G/L account has its sort key field (ZUAWA) filled with code '013

  • Process Chain Tables (Help)

    Hi,  I am reporting from the RSPCPROCESS table and found that a unique combination of fields is LOGID, TYPE, VARIANT, and INSTANCE.  That is until I found that we have an ABAP Process that when it fails does not populate the INSTANCE field.  The proc

  • How do I install Mac os X ?

      I have a PowerBook(Firewire) Power PC G3. I using os 9.2.2, but I want to upgrade to Mac os X. Now, I'm a new user and I don't know a lot about computers. But, I am eager to learn. I need your help. Could someone explain to me (like I was a two yea

  • Is it possible to use all the render service in a single process?

    is it possible to use all the render service in a single process?, my requirement is to start the process by email or by workspace and the form shud be available in both pdf and html form for the users.Please suggest a way to implement this, really s

  • XDebug on FlashBuilder.

    Hi everyone! I would like to set Xdebug as default PHP debugger; but it seems that some eclipse configuration is missing. After installing FlashBuilder 4 plugin into my eclipse PHP installation, the Xdebug option is missing in the installed debuggers