ASA 5585-X IPS SSP system image recovery?

Similar Messages

• Inspect other firewall traffic using ASA 5585-X IPS SSP

  Is it possible to inspect traffic from other firewalls (say checkpoint firewall) apart from the one the ASA firewall the ASA IPS SSP is running on?
  Any help will be appreciated
  O.

  Hello Amit,
  Can you share :
  show ips detail
  show  module 1 details
  show service-policy
  Now, can you explain a little about this:
  on the switch end port tengig 1/8 is connected on nexus and specific vlans are monotored on that interface. But as of now i am not able to see any traffic on that interface. I dont know what wrong i am doing as this is the firstime on this IPS module. there is no ports connected on the firewall. only port connected is tengig 1/8 which is on the ips module which is in promisucs mode.
  I mean the firewall is the one that will redirect the traffic to the IPS sensor so not sure I follow you!
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• System Image Recovery from Network Drive - not found

  Hello all!
  I have been routinely backuping my OS and important files using Windows 7 backup on a NAS. It just so happened that I needed to re-image my OS drive and I got into the Windows 8 recovery boot sequence.
  I booted from a windows 8 USB stick and Under the Advanced tools I selected the System Image Recovery and tried to look for the system image on the network path. Although the prompt said it was connecting to the network , the network share was
  not found. the command prompt couldn't ping google.com and netsh wlan <SSID> command did not work in hopes of connecting to my local wifi.
  Is there a way to connect to the wifi network where my NAS is connected to in order to re-image from the system image found on the NAS? Luckily , there was an older image on a separate local HDD that I could re-image from but I would prefer if
  I could connect to the NAS during the recovery process.
  Any help is greatly appreciated.

  Hi,
  First, I have to say that in WinRE, http and wifi is not supported, that's why you cannot ping google and connect to wifi.
  To access NAS, we have to make sure that your network connection is wired, and try to manually location the NAS via
  \\IP address\...
  I will check if the Windows 7 image backup can be restored in WinRE of Windows 8, and update your soon.
  Edit:
  I have tried this, and it appeared that to restore Windows 7 image backup on this computer from Windows 8 winRE is not supported.
  see following error:
  Kate Li
  TechNet Community Support

• How can i perform system image recovery in windows 8.1 hp pavilion g6

  recently i upgrade my hp pavilion g6 to 8.1pro..i need to create an system image file of my windows 8.1..so plz give me a detailed procedure...to store it on dvds/online hp backup recovery...
                                                 Is this image recovery working properly when my system got in big trouble???

  When requesting assistance, please provide the complete model name and product number of the HP computer in question. HP/Compaq makes thousands of models of computers. Without this information it may be difficult or impossible to assist you in resolving your issue.
  The above requested information can be found on the bottom of the computer, inside the battery compartment, or on the BIOS startup/setup screen. Please do not include the serial number. Please enter the model/product information into HP's Online Consumer Support page and post it here for our review.
  Please use Windows "System Image Backup" utility to create an exact image of the Windows 8.1 partition as it currently is, on an external hard drive. You may also need to create a Windows "repair" disc. If your computer developes issues or you need to replace the hard drive, all you have to do is "restore" the image to the computer. Please see Windows 8.1 Tip: Use System Image Backup for instructions on creating and restoring a "Windows - System Image Backup."
  This process is not a system recovery and is different than using Window Restore or Refresh, or HP System Recovery.
  If you have any further questions, please don't hesitate to ask.
  Please click the white KUDOS star to show your appreciation
  Frank
  {------------ Please click the "White Kudos" Thumbs Up to say THANKS for helping.
  Please click the "Accept As Solution" on my post, if my assistance has solved your issue. ------------V
  This is a user supported forum. I am a volunteer and I don't work for HP.
  HP 15t-j100 (on loan from HP)
  HP 13 Split x2 (on loan from HP)
  HP Slate8 Pro (on loan from HP)
  HP a1632x - Windows 7, 4GB RAM, AMD Radeon HD 6450
  HP p6130y - Windows 7, 8GB RAM, AMD Radeon HD 6450
  HP p6320y - Windows 7, 8GB RAM, NVIDIA GT 240
  HP p7-1026 - Windows 7, 6GB RAM, AMD Radeon HD 6450
  HP p6787c - Windows 7, 8GB RAM, NVIDIA GT 240

• System Image Recovery on Win 7 - Spectre XT 13

  There is no issue of creating a system image onto my seagate external Freeagent goflex hard disk. However, an issue is encountered during the restoring process in which the USB3.0 port turned out to be unavailable during pre-boot.
  The solution I discovered is to plug the hard disk onto the USB2.0 port. I hope this will save someone several hours of trying to figure out where goes wrong.

  Yes, that is a known issue that affects several recovery softwares including HP's
  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c02906094&cc=us&dlc=en&lc=en

• System Image Restore can't see USB hard drive

  Hi
  I've just spent a day taking System Image backup images of three different hard drives. Well ok I didn't just sit and watch the bar move across the screen although it did hold up my computer. Anyway, what a waste of a day from my PC because
  when I try to restore using System Image backup from my USB drive, the USB drive cannot be found. I have followed the procedure on page 750 of Configuring Windows 7, 70-680 precisely.  I tried booting from an OS DVD and a Windows Repair
  DVD, but no USB drive.  I tried using a blank usb stick and that can't be found either. The USB drive can be seen when I logon to Windows to get the images on it. Might this be more to do with hardware such as adjusting BIOS boot settings,
  or updating BIOS firmware. There seems to be others with unresolved problems like this. Should I join them and buy Acronis instead?
  Tx

  Hi,
  Could you please check the following newsgroup posts for your answer. The posts lists different scenarios that might work for you.
  http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/9a082b90-bd7c-46f8-9eb3-9581f9d5efdd
  http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/11d8c552-a841-49ac-ab2e-445e6f95e704
  http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/9a082b90-bd7c-46f8-9eb3-9581f9d5efdd
  Best Regards,
  Kim Zhou
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Thanks for sending me these links and I will check them out. I think I came across most of the answer on the following link although doubts are raised: 
  http://answers.microsoft.com/en-us/windows/forum/windows_7-system/windows-7-restore-from-image-wont-recognize/ce8e3d0a-236d-4eff-8370-c171d2dfa555?tm=1333929198413&page=1#footer
  Basically, I should have had three files on the external drive as follows:
  a.      A file named: MediaID.bin
  b.      A file that has the same named as your computer name (this is where the .zip files are located).
  c.      The 'System Image' folder named 'WindowsImageBackup'.
  By moving my backups into a folder out of the way and doing a fresh backup I prevented some confusion in the system. After this I could at last see the external drive and backup when doing a system image recovery. But how is
  it be possible to store more than one backup of hard drives on an external disk? The only way I know is by moving backups in and out of a folder which will take ages to do. Maybe I can rename the unused backups but this will get confusing
  because there are thee files to a backup and I think files are overwritten when doing backups if left in the route of the external drive. I is too easy to overwrite a backup of another drive by accident.

• 2nd drive unformatted and not restored after attempting restore from a system image

  I created a system image, which included drive C (where Windows is installed) and drive G (where some installed Windows programs are located).  I then ran into a situation where I wanted to restore from the system image.  With my first attempt,
  this process took several days.  When I returned home from work, my computer had booted up into Windows -- drive C had successfully been restored.  I soon found out though that drive G was in an unformatted state.
  Now, given the time it took for each drive to restore and the sizes of data for each drive (160gb for C and 1000gb for G), it seemed odd to me that the entire process had completed already, given the time that had passed and the progress indicated for drive
  G in the status bar, in the morning before I went to work.  It is entirely possible that one of my cats may have jumped on my desk and somehow cancelled the operation.
  My questions are:
  1. if the restore is cancelled while the 2nd disk is being restored, will the 1st disk (C) still be successfully restored?
  2. why does this process take so long?
  3. if there is some other error, is it displayed?  Does system restore automatically reboot after completion/cancellation?  Is there an error file created somewhere if there was an error, or perhaps something mentioned in a log file?  If so,
  where?
  4. has anyone encountered a similar issue before and can provide any insight?
  5. anything else I'm missing?
  I'm attempting to restore a second time, and it is not even halfway through drive C, so it might not be until the end of the week before the entire process completes.  To be safe, especially from nosey cats, I disabled the mouse and keyboard so no input
  can interrupt and accidentally cancel the process.
  thanks,
  Chris

  Hi Chris,
  For the first problem, if the restore is cancelled while the 2nd disk is being restored, the 1st disk (C) can be successfully restored.
  For the second problem, I think it is normal to take a long time to finish the process, it is depend on the size of the date.
  For the third problem, you may check the setup log files to find the clue of the cause.
  For you convenience: Windows Setup Log Files and Event Logs
  http://technet.microsoft.com/en-us/library/hh824819.aspx
  You may try the methods listed in the following article step by step.
  How to Do a System Image Recovery in Windows 7
  http://www.sevenforums.com/tutorials/675-system-image-recovery.html
  Please note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  Hope it helps.
  Regards,
  Blair Deng
  Blair Deng
  TechNet Community Support

• Cisco asa 5585 syslog options for ips?

  We have CISCO ASA 5585 with a separate module for IPS, I want to know what are the options for configuring syslog? Its nearly impossible to find ; and there are some forums on the internet which says that cisco ips stores logs in native / proprietary format and cannot be exported.
  Please elaborate
  Thanks.

  Some sensor-related events generate syslog messages. Those will be forwarded according to the parent ASA syslog settings.
  Detailed IPS events (signature triggers actions etc.) are stored locally and must be retrieved using the SDEE protocol (tcp-based). That requires use of a management system like Cisco Security Manager (CSM), IPS Manager Express (IME) etc. There is a good document here that explains SDEE in more detail.

• Cisco ASA 5585-X SSP-20 SSL wildcard SSL certificate support ?

  Hello
  i want to verify if Cisco ASA 5585-X SSP-20 supports Wildcard SSL's.
  Cheers

  Supports them how?
  As certificates issued to the ASA and properly bound to it's interfaces to support SSL VPN or ASDM access - yes.
  You can configure a wildcard (or any other) certificate improperly and cause things not to work. However it's not a limitation of the device's operating system not supporting it.

• When HP Recovery isn't available... system image using Windows 8 as backup?

  Would like to start out with a big shout out to Paul T for his VERY useful thread here !    http://h30434.www3.hp.com/t5/Notebook-Operating-Systems-and-Software/Windows-8-Product-Key-for-Pavilion-G6/m-p/3882966/highlight/false#M205987 A friend's family asked me to work on their laptop since I know more about computers than they do ... they're very good people, was happy to help them out but true to form like a lot of PC users they didn't bother keeping ANY of the documentation that came with the laptop (HP Pavilion g6-2298nr ), nor did they bother to burn recovery DVD's using HP's built in recovery software program that comes standard on the laptops... if I'm interpreting what HP's website had to say about the laptop , model HP Pavilion g6-2298nr, correctly, according to it's serial number it no longer qualifies for free tech support and I'd have to pay HP a fee just to talk to someone and order  the recovery DVD's  (friend's family bought it back in Dec 2014  so to me it seems REALLY strange that I wouldn't be able to just order the recovery DVD's without having to pay tech support a fee just to ask to order  the recover DVD's !  .. but anyways...)...  This is where having the product key "built into" the BIOS really comes in handy !   I crossed my fingers, used the method mentioned in the thread linked above, and it worked !    ... have to admit it was a bit strange at first not using the product key sticker like the old days but I can see how this works better in the long run - helps to prevent piracy, you don't have to worry if someone who doesn't realize the importance of the product key sticker peels it off and throws it away ... Unfortunately it looks like when you reinstall Windows this way you lose the HP Backup and Recovery Program     ... in this case my friend's family had the misfortune of paying someone to repair this laptop who didn't bother to tell them " Hey, I replaced the hard drive that's going bad but if you don't get a laptop cooler for this sucker the laptop's just going to overheat again ! " ... sure enough, the money they paid this so called "tech repair" person went down the drain when the laptop fried a second hard drive, or maybe the tech saddled them with a bad hard drive who knows? (the tech bought an OEM hard drive off ebay) ... ... sorry to sound harsh about this tech guy, I will admit I only worked in the PC repair field for a few months over a decade ago before leaving it to be a stay-at-home-dad (wife is a pharmacist so I'm lucky enough to be able to stay home) so my experience is VERY limited compared to other people .. but back then  I always treated my customers the way I'd treat a friend, and if it's a friend you offer advice on how to prevent problems like this in the future... this laptop gets HOT like you wouldn't believe , I have it sitting on a very reliable laptop cooler (thick slab of aluminum that does a great job as a heatsink with fans, this one http://www.newegg.com/Product/Product.aspx?Item=N82E16834953038 and I've let my friend's family know in no uncertain terms they need to order this laptop cooler if they're going to use this laptop) ...  The hard drive  replacement I installed seems to be working fine but of course it's not an "official WD hard drive" .... when I tried to install the photolink cyberdirector software for example at the link below got  a " this isn't a WD hard drive so can't install this software" error message...  http://support.hp.com/us-en/drivers/selfservice/hp-pavilion-g6-2200-notebook-pc-series/5296082/model/5333338#Z7_3054ICK0K8UDA0AQC11TA930O2 which is fine I really don't think my friend's family will care about that program... but it makes me wonder, even if I trusted the download at this link below http://www.techspot.com/downloads/5190-hp-backup-and-recovery-manager.html if the HP Backup and Recovery manager program would even work to begin with since it's not an official WD hard drive (I also ordered an OEM hard  drive  off ebay    .. but not charging my friend's family for the hard drive since they've been good to my munchkins and didn't want them to pay through the nose for a more  expensive hard drive so of course I wanted to minimize my own expenses...)... also I think that sort of program relies on a " C " and " D " drive being set up like it was when the laptop shipped with the original hard drive and saves a backup copy on the " D " drive.. I suppose I could use disk management to create a different partition, label it " D " and see if HP Backup and Recovery worked but it seems a bit.. iffy... not to mention that I feel uncomfortable downloading something that isn't directly on HP's website as an "official" download...  I  know that Windows 8 has a "system image"  utility built into it that lets you make just that.. a system image.. like I said my friend's family are good people but I'm guessing sooner or later they're going to screw this laptop up again like a lot of computer users do .. it would be nice if I could burn a system image of what's on the laptop right now onto DVD and hang onto it so when they come back to me in the future hollering "Help , laptop isn't working again ! " I can just restore from the system image on DVD rather than having to go through the hassle of reinstalling Windows, graphics/audio/et cetera drivers, zillion and one Windows updates et cetera all over  again. What I'm wondering is... would this even work?    I've never tried to use system image in a situation like this with the product key being "built into" the BIOS , that sort of thing is brand new to me... is it worth burning the DVD's and hanging onto them just in case?  Sorry for the long essay and thanks in advance to anyone who actually takes the time to read all of this !    

  Thanks man it's really helpful to know that someone else has used this exact same method successfully to back up their HP computers !      Will do just that... yep, yep I know it'll be at least 10 DVD's or something crazy like that after all those windows updates download    ... problem with using an external hard drive is I can't convince my friend's family to buy one no matter how many times I warn them it's not "if" your PC gets messed up it's " when "    ..... and my external hard drives are all in use with system image backups of my own PC's ... so will burn the DVD's for 'em then just hang on to them and wait for the inevitable   And thanks for the kind words about my work for them too !    .. it's a lot of effort but they've been super nice to me so it's the least I can do  ... they're actually parents of one of my daughter's best friends and  they've taken my munchkin out to various places and flat out refused to let me pay them back for it so it feels good to be able to help them out this way... though I wish they'd come to me first instead of letting themselves get ripped off by the so called PC tech I mentioned earlier (would it have killed the guy to burn them a set of recovery DVD's?   Heck if he wanted to be selfish and greedy he could have just offered it to them for an "additional fee" but it would have saved them and me a lot of trouble !    Though I'm not sure if the recovery DVD's would cooperate given that it's not an "official HP hard drive" I put in there? ) It occured to me that if I call tech support they probably can't charge me if I don't give them a credit card number   .. so I did (1-888-698-3762).. they said the warranty on this laptop expired Dec 2013 !     Friend's family said they bought it in Dec 2014 from QVC, hope QVC didn't sell them a used laptop !   ... HP wanted over a hundred dollars for an "official" HP hard drive said no thanks to that... HP says despite me putting in a non-HP hard drive that recovery DVD's should work ... HP wanted  $     for recovery DVD's (tried to help me order recovery  DVD's off  HP website, they couldn't find the link on there to them either for some reason... maybe 'cause laptop is an older model??? ) ...  HP asked for thirty dollars (cheapest option!) for recovery DVD's ... but mentioned that if the laptop really was purchased Dec 2014 and if I e-mail them proof of purchase they'll ship out recovery DVD's for free instead since it would be within it's one year warranty period.. I'm waiting on the friend's family to give me the proof of purchase for me to scan and e-mail  to HP ... though I think I'm going to go ahead and use system image to burn the DVD's first THEN run the HP recovery DVD's (if they do in fact turn out ot be free) in case the HP rep made a mistake and the HP recovery DVD's don't like the "unofficial" HP hard drive on this laptop... 

• Recovery from System Image without 8.1 Installation Medium possible?

  Hi guys,
  I have Windows 8.1 installed as an upgrade from Windows 8 Pro
  (64-bit). Now my hard drive crashed, all data is lost. Fortunately I have a recent system image of the 8.1 installation on a backup drive. However,
  I did not make a System Rescue DVD after the upgrade. I understood this was actually discouraged. My fault, but that's
  the situation. When I try to restore the installation with the Windows 8 Pro DVD, I get the message that my 8.1 image file ist not compatible. Thanks for any advice!
  Ralf

  Hi  wittmarf,
  Since the hard disk crashed and a new system is installed on your computer, system restore won’t work on the new system. However, you
  can recovery the data from the previous system image.
  To retrieve the file from former system backup image, you can refer to the link below for the detailed steps:
  How to Recover Specific Files from a Windows Syste Image
  http://www.howtogeek.com/howto/34630/how-to-recover-specific-files-from-a-windows-system-image/
  NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. 
  Microsoft does not control these sites and has not tested any software or information found on these sites.
  In addition, here is another blog talking about system backup recovery, you can take it as reference:
  Recovering your files in Windows 7:
  http://blogs.technet.com/b/filecab/archive/2009/11/12/recovering-your-files-in-windows-7.aspx
  Note: Both these contents is applies to Windows 8.1.
  Regards
  Wade Liu
  TechNet Community Support

• U330 System Image = System recovery disk?

  hi all
  i have created a system image into a portable external harddisk for my U330 laptop.
  once that is done, i was prompted if i want to create a system recovery disk.
  just wondering, do i still need to create a system recovery disk if i have already created an image?
  if i want to recover my system, just plug in the hard disk containing the system image during boot-up, and follow the onwards instructions?
  also, in what ways is this way of recovering different from the one-key recovery by Lenovo?
  pls advise.

  if windows vista installed, run one-key recover 6.0.
  already got backups, skip "back up" otherwise click that.
  select full backup, quick compression and next >
  choose the path or leave it default and next >
  and start.
  after back up ends, restart the application one-key recover 6.0
  click "create recovery disc" and next >
  select the backup you have and next>
  this screen will tell you how much cd or dvd you need, min 2 dvd or 8cd, max 7 dvd or 28 cd. and next>
  insert the blank cds or dvds into driver and wait until done.
  you may need the system image, you can lose your back-up cd, or  cds may not working after a while, so , i still recommend that you keep the original copy or more than one backup.
  size of recovery  cd depens on how much size of disk space you use. its up 2-7 dvd or 4-28 cd.
  after upgrading to win7, have you seen new part of hard disk such as lenovo system and backup files included?
  http://img194.imageshack.us/img194/8528/99892440.png
  one-key recover 6.0 doesn't work on win7, at least for me, but you can try.
  i got error when i want to ""an internal program error has occured error code : 0xe0dd001f."
  and for that, i'm still working on and waiting for the solution.
  http://forums.lenovo.com/t5/IdeaPad-Y-and-U-series-Laptops/Onekey-recovery-error-y550-serie/td-p/182...

• On reinstalling system from recovery image

  Just pondering what lenovo's advice is {regarding the ad/malware pre-installed on our new laptops,which by now we've all decontaminated} should a user suffer a catastrophic system failure and need to reinstall the system via recovery partition?I assume in this scenario,one would again reload our superfishy friend and have to start working on removal yet again?Does it seem reasonable to hope lenovo may feel moved to offer all affected/infected customers a clean recovery image?Say via a download link-or better still an image on removeable media?

  If you do an OKR backup now then that backup is free of the adware. However, if you do a factory restore that adware is still there. But once you start and update Windows Defender it should also be removed.

• USB recovery disk won't restore System Image - U410 internal harddrives don't load? Error 0x80042414

  Hello all. My name's Richard and I have a problem. 
  My U410 was stolen (bastards!) on Christmas Eve (double bastards!) but I had an old System Image saved on an external hard drive. So I bought exactly the same laptop second-hand intending to restore the image. 
  However, when I try to restore it via Control Panel, after the restart the computer tells me I have to do the restore process from a Windows System Repair disc instead, because it needs to reformat the drive that the Restore Environment is running from. Obviously, the U410 doesn't have a CD drive, so I made a Windows 7 64 bit USB restore drive, and moved the USB drive up in my boot list so I can boot from it. 
  This lets me get to the stage of selecting my system image from the external hard drive. The restore process starts for three seconds, then I get error 0x80042414: the system cannot find the drives onto which the image should be copied. 
  I've done some digging around and used diskpart to discover that the two internal hard drives aren't loading / aren't visible when I boot from the USB. When I run diskpart from windows I have four disks: the USB, the external hard drive, an 8GB one which I guess is the SSD and the 698GB HDD. When I navigate to the command promt in the Recovery Environment diskpart only lists the USB and the external hard drive.
  So I'm thinking that the internal drives aren't loading up for some reason when I boot from the USB. Is there any way round this? I've tried the 'load drivers' function in the Recovery Environment but even when i save all drivers listed for the internal hard drives onto the boot USB key, then navigate to them and try to load them, each one just returns "the selected file contains nothing about your hardware".
  I'd be so grateful for any help. I was so sad when my laptop was stolen, so happy when I discovered the system image, so sad when I found out I needed exactly the same computer, so happy when I found one online, and now.... i'm emotionally exhausted. 
  Thanks guys, 
  Richard

  Hi Richard, 
  I'm sorry you had to go through some pretty emotional trauma with your U410 getting stolen and all. However, I do hope you are back on track now. 
  I haven't been as unfortunate as you. However, I need to restore Win 7 on my U410. I have with me the recovery disks purchased from Lenovo. My question is, were you able to get the image onto a USB disk to perform the restoration? If so, could you point me to some instructions? 
  Seriously, Lenovo ships laptop specific recovery images on optical disks for their laptops that do not have optical drives. Makes no sense to me. It's time they sell recovery images on USB drives. 

• Cisco ASA 5585-X SSP-20 8.4(2) - TCP Syslog problem

  Hi,
  We have a firewall service environment where logging is handled with UDP at the moment.
  Recently we have noticed that some messages get lost on the way to the server (Since the server doesnt seem to be under huge stress from syslog traffic). We decided to try sending the syslog via TCP.
  You can imagine my surprise when I enabled the "logging host <interface name> <server ip> tcp/1470" on an ASA Security context and find out that all the connections through that firewall are now being blocked. Granted, I could have checked the command reference for this specific command but I never even thought of the possibility of a logging command beeing able to stop all traffic on a firewall.
  The TCP syslog connection failing was caused by a missmatched TCP port on the server which got corrected quickly. Even though I could now view log messages from the firewall in question in real time, the only message logged was the blocking of new connections with the following syslog message:
  "%ASA-3-201008: Disallowing new connections."
  Here start my questions:
  - New connections are supposed to be blocked when the the TCP Syslog server aint reachable. How is it possible that I am seeing the TCP syslog sent to the server and the ASA Security Context is still blocking the traffic?
  - I configured the "logging permit-hostdown" after I found the command and it supposedly should prevent the above problem/situation from happening. Yet after issuing this command on the Security Context in question, connections were still being blocked with the same syslog message. Why is this?
  - Eventually I changed the logging back to UDP. This yet again caused no change to the situation. All the customer connections were still being blocked. Why is this?
  - After all the above I removed all possible logging configurations from the Security Context. This had absolutely no effect on the situation either.
  - As a last measure I changed to the system context of the ASA and totally removed the syslog interface from the Security Context. This also had absolutely no effect on the situation.
  At the end I was forced to save the configuration on the ASAs Flash -memory, remove the Security Context, create the SC again, attach the interfaces again and load the configuration from the flash into the Security Context. This in the end corrected the problem.
  Seems to me this is some sort of bug since the syslog server was receiving the syslog messages from the SC but the ASA was still blocking all new connections. Even the command "logging permit-hostdown" command didnt help or changing back to UDP.
  It seems the Security Context in question just simply got stuck and continued blocking all connections even though in the end it didnt have ANY logging configurations on.
  Seems to me that this is quite a risky configuration if you are possibly facing cutting all traffic for hundreds of customers when the syslog connection is lost or the above situation happens and isnt corrected by any of the above measures we took (like the command "logging permit-hostdown" which is supposed to avoid this situation alltogether).
  - Jouni

  Hi,
  I FINALLY had the time to look at this issue as I was testing something else in our lab too.
  In short, here is what I did:
  I configured the TCP logging in the same way as in the original post
  I configured the TCP logging giving the commands in different order
  Did some other tests related to the proble
  Device used: ASA 5585-X
  Software: 8.4(2)
  Original Device and software : ASA 5585-X running 8.4(1)9
  Heres the above scenarions and what actually happened
  Original situation
  Before doing any changes the test firewall context in question is working normally and the log sent by UDP/514 is arriving to the Syslog server as usual.
  I now change the syslog to TCP by giving a command "logging host tcp/1471" (actual port being TCP/1470)
  The firewall immediatly starts blocking all connections going through it.
  I change the configuration to the correct port TCP/1470 after which log starts appearing in my realtime view on the syslog server. The firewall context in question is still sending only the message "Disallowing new connections" even though the TCP -port on the Syslog server is clearly reachable and the connection is active.
  After this I try to do the suggest "clear local-host all" command. This has no effect on the firewall context. No connections are getting through. No connections/xlates are formed on the firewall. I can only see the firewall doing DNS queries with its outside interface (related to another configuration).
  After this I try to start correcting the situation the same way as before. I add "logging permit-hostdown" command which has no effect on the situation. I remove all logging configurations and it doesnt have any effect on the situation.
  After this I activate UDP logging and can see the logs arriving on the syslog server but again I can only see "Disallowing new connections" message.
  In the end I have no other option (to my knowledge) other than to delete the Security Context and create it again with same interfaces and with the configuration saved to the Flash -memory of the ASA.
  After this the connections work like usual. (UDP logging in the saved configuration)
  Giving the configurations in different order
  After I've created the firewall again and all is working I have another try in configuring the TCP Syslog while giving the commands in different order.
  First I add the command "logging permit-hostdown" command
  Then I add the command "logging host tcp/1470"
  After this logs start arriving on the syslog server and connections work as usual. Seems giving the "logging permit-hostdown" first before any other configurations is the right way to go.
  Removing the "logging permit-hostdown" command
  After I saw that everything was working I tried to remove the "logging permit-hostdown" command and see what happens. Everything worked fine.
  Configuring wrong TCP port to "logging host" command
  I decide to try and change the TCP port used to a wrong one and see if anything happens. (logging permit-hostdown is active). Firewall works as usual. Naturally no logs can be viewed at the syslog server.
  Configuring the TCP Syslogging without "logging permit-hostdown" but with correct port
  Finally I tried to configure the TCP Syslogging on ASA with the correct TCP port without issuing the "logging permit-hostdown" command. Everything seemed to work fine after this.
  So in conclusion it seems that IF you don't have the "logging permit-hostdown" command issued before you start configuring "logging host tcp/xxxx" , you might run into problems IF you don't have matching settings on the ASA sending the log and the Syslog server receiving the log.
  There doesnt seem to be any easy way to correct the situation (with the connections getting blocked) after you have once messed up the configurations. Seems your only option is to reconfigure the Security Context (which is easy) or if this problem exists in the same way in a single ASA you will have to reboot the device which means longer downtime than reconfiguring a context.
  There would still be a couple of things to test but at the moment I have no more time for this. I will update if there is any new information.
  - Jouni