ASA 5585-X pim-ssm support

Hi
?if there is a way to configure pim-ssm on asa 5585x-ssm20
thanks

Unfortunately PIM-SSM is not supported on any of the ASA platform.

Similar Messages

  • Cisco ASA 5585-X SSP-20 SSL wildcard SSL certificate support ?

    Hello
    i want to verify if Cisco ASA 5585-X SSP-20 supports Wildcard SSL's.
    Cheers

    Supports them how?
    As certificates issued to the ASA and properly bound to it's interfaces to support SSL VPN or ASDM access - yes.
    You can configure a wildcard (or any other) certificate improperly and cause things not to work. However it's not a limitation of the device's operating system not supporting it.

  • Which routing protocols are supported on ASA 5585

    Hi,
    I am curious to know which routing protocol is well supported on Cisco ASA 5585. do someone on the forum has implemented routing on ASA?
    I have ASA 5585 on context mode, as of now 4 contexts have been created. upstream device is Nexus.
    I have ASA with Software Version 8.4(4)1 and Device Manager Version 6.4(9).
    if someone can point me to good implemented example of routing protocol to their environment (like OSPF, BGP) that would be great.
    Thanks

    You're welcome.
    Multiple contexts adds another twist - in ASA 8.4 dynamic routing protocols are not supported at all for multiple contexts. Reference.
    ASA 9.0 added support for dynamic routing protocols in multiple context modes, including OSPF v2 (but not v3 for IPv6). Reference.
    FYI ASA 9.1(2) is current as of this writing and is the recommended release in the 9.x train. (Mentioned near the end of the latest TAC Security podcast - episode #37 here.)

  • Can't Send or Receive Email from Exchange behind ASA 5510 with CSC SSM

    We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM.  We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. Here is a copy of my config:  Any Help would be appreciated.
    show config
    : Saved
    : Written by enable_15 at 07:17:44.760 CST Wed Jan 18 2012
    ASA Version 8.4(3)
    names
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address 216.XXX.XXX.XXX 255.XXX.XXX.XXX
    interface Ethernet0/1
    nameif inside
    security-level 100
    ip address 192.168.0.5 255.255.255.0
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    <--- More --->
      no ip address
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    shutdown
    nameif management
    security-level 100
    no ip address
    management-only
    boot system disk0:/asa843-k8.bin
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    object network obj-192.168.5.0
    subnet 192.168.5.0 255.255.255.0
    object network obj-192.168.0.0
    subnet 192.168.0.0 255.255.255.0
    <--- More --->
    object network obj-192.168.9.2
    host 192.168.9.2
    object network obj-192.168.1.65
    host 192.168.1.65
    object network obj-192.168.1.0
    subnet 192.168.1.0 255.255.255.0
    object network obj-192.168.2.0
    subnet 192.168.2.0 255.255.255.0
    object network obj-192.168.3.0
    subnet 192.168.3.0 255.255.255.0
    object network obj-192.168.6.0
    subnet 192.168.6.0 255.255.255.0
    object network obj-192.168.8.0
    subnet 192.168.8.0 255.255.255.0
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq ftp
    port-object eq www
    port-object eq pop3
    port-object eq smtp
    object-group network Red-Condor
    description Email Filtering
    network-object host 66.234.112.69
    network-object host 66.234.112.89
    object-group service NetLink tcp
    <--- More --->
      port-object eq 36001
    object-group network AECSouth
    network-object 192.168.11.0 255.255.255.0
    object-group service Email_Filter tcp-udp
    port-object eq 389
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    object-group service DM_INLINE_TCP_0 tcp
    group-object Email_Filter
    port-object eq pop3
    port-object eq smtp
    object-group network Exchange-Server
    description Exchange Server
    network-object host 192.168.1.65
    access-list global_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
    access-list outside_access extended permit tcp any object obj-192.168.9.2
    access-list outside_access extended permit icmp any any
    access-list outside_access extended permit tcp any object-group Exchange-Server eq https
    access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq smtp
    access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq pop3
    access-list outside_access extended permit object-group TCPUDP object-group Red-Condor object-group Exchange-Server object-group Email_Filter
    access-list inside_access_in extended permit ip any any
    access-list inside_access_in extended permit icmp any any
    <--- More --->
    pager lines 24
    logging enable
    logging console debugging
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    ip local pool vpnpool 192.168.5.1-192.168.5.254 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    asdm image disk0:/asdm-647.bin
    no asdm history enable
    arp timeout 14400
    object network obj-192.168.9.2
    nat (inside,outside) static 216.XXX.XXX.XXX no-proxy-arp
    object network obj-192.168.1.65
    nat (inside,outside) static 216.XXX.XXX.XXX no-proxy-arp
    object network obj-192.168.1.0
    nat (inside,outside) dynamic interface
    object network obj-192.168.2.0
    nat (inside,outside) dynamic interface
    object network obj-192.168.3.0
    <--- More --->
      nat (inside,outside) dynamic interface
    object network obj-192.168.6.0
    nat (inside,outside) dynamic interface
    object network obj-192.168.8.0
    nat (inside,outside) dynamic interface
    access-group outside_access in interface outside
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 216.XXX.XXX.XXX 1
    route inside 192.168.0.0 255.255.0.0 192.168.0.1 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server isaconn protocol radius
    aaa-server isaconn (inside) host 192.168.1.9
    timeout 5
    key XXXXXXX
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    <--- More --->
    http server enable
    http 192.168.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set AEC esp-des esp-md5-hmac
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca server
    shutdown
    <--- More --->
      smtp from-address [email protected]
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate
      quit
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 192.168.0.0 255.255.0.0 inside
    telnet timeout 5
    ssh 192.168.0.0 255.255.0.0 inside
    ssh timeout 5
    console timeout 0
    management-access inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 208.66.175.36 source outside prefer
    webvpn
    username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
    <--- More --->
    class-map global-class
    match access-list global_mpc
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
    <--- More --->
       inspect netbios
      inspect tftp
      inspect ip-options
    class global-class
      csc fail-close
    service-policy global_policy global
    prompt hostname context
    call-home reporting anonymous

    Hello Scott,
    So Exchange server ip is obj-192.168.1.65 natted to 216.x.x.x
    object network obj-192.168.1.65
    "nat (inside,outside) static 216.XXX.XXX.XXX no-proxy-arp"
    The ACL says
    access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq smtp
    access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq pop3
    From witch ip addresses are you trying to send traffic to the exchange server?
    Please do a packet-tracer and give us the output
    packet-tracer input outside tcp x.x.x.x( Outside host ip) 1025 216.x.x.x.x 25
    Regards,
    Julio
    Rate helpful posts!!!

  • More Detailed Specifications for ASA 5585-X

    Hi:
    Does anyone know about a document in which is specified who may ACE rules are supported in an ASA5585-SSP-20?
    I need to compare this an other several specification versus a FWSM. I found the information for the module, but not for the ASA 5585-X..
    In the data sheet this information is not specified
    Thank you very much

    Hello Marco,
    That is because the FWSM does have a limit,  I have not seen any limit on the ASA, The asa does support way way way more than the FWSM, I have not seen any limit  yet but I have heard that it will let you know as  soon as is full of ACL's or you will start seeing a degradation of the performance. Anyway dude you have an 5585, that is a giant and amazing box You are more than safe.
    Hope this helps
    Julio

  • Symantec PKI on Cisco ASA 5585

    I am using a Cisco ASA 5585 in my network, the decision was made to use Symantec PKIs for the certificates. My question is, what the correct syntex would be to implement these PKIs on the ASA. I am trying to get this on the first go, as I want to limit down time.

    Hi,
    250 virtual contexts and 1024 VLAN’s are supported.
    Don't forget to rate helpfull posts.
    Sajid Ali Pathan.

  • Nexus 5548UP vPC PIM-SSM

    Hi
    Does anyone configure pim-ssm in vPC domain ? I am looking for some config/experience before I start.
    I know that PIM-SSM in vPC is only supported  with FabricPath licencse which I allready got it.
    Regs
    Martin

    Hi lilyzima1
    direct link to the post : http://blog.alainmoretti.com/pim-ssm-through-nexus-vpc/

  • ASR9K PIM-SSM

    Could someone please explain how pim-ssm works in the ASR9K?  I've read the MCAST configuration guide but I'm not sure I understand exactly how to configure ssm.  I thought we would be able to use dns queries but I can not find anything related to configuring ssm other than creating static mappings for legacy integrations.  Most of our HE equipment does not support IGMPv3 so that is not really an option at this point.

    Hi Charles,
    DNS query is not supported on the ASR9k
    HTH
    Laurent.

  • Open nms and Asa 5585-ssp-20

    Have anybody configured open nms to monitor Asa 5585... I am
    Trying to get a difference in MIB's in 5540 vs 5585. Please if someone know the MIB difference please let me know. Thanks
    Sent from Cisco Technical Support iPhone App

    Send and email to [email protected] and provide them the S/N of the chassis.   Inform them what you want to do and they'll verify the data for you.

  • ASA 5585 port-channels

    I want to create a port-channel with 2 10Gbs interfaces on 2 ASA 5585 firewalls, and set them up in a failover pair.
    In order to do this, do I simply put two 10Gbs interfaces into a channel and then configure the IP addressing and failover address on the logical port-channel interface? (aka interface po1).
    Any limitations with this?

    Yes, that is exactly what you do..
    Create portchannel on switch and ASA
    Trunk the vlan on switch side
    Create logical interfaces on ASA

  • Vlan on asa-5585

    Hi,
    Is there any way to create vlans on cisco asa 5585 similar way we do for cisco switches.
    The asa in this case is an interface for subsidary users to connect into this new network.
    We require few vlans to be created for some servers on the firewall. the firewall should be the gateway for these servers.
    eg. vlan 100 - 192.168.100.1/24 should be on the ASA firewall.
    How do we achieve this?
    Appreciate all help on this.

    Hi,
    You will have to configure atleast one physical interface as a Trunk interface if you want to bring the Vlan all the way to the ASA. Essentially the configuration follows the same lines as configuring a Cisco router to act as the gateway for multiple Vlans behind a switch.
    The actual configuration format depends on how you have set up the ASA. Is it Single Context or Multiple Context?
    In Single Context the configuration would be something like this
    interface GigabitEthernet0/0
    description TRUNK
    interface GigabitEthernet0/0.100
    vlan 100
    nameif LAN
    security-level 100
    ip add 10.10.10.1 255.255.255.0
    interface GigabitEthernet0/0.200
    vlan 200
    nameif DMZ
    security-level 50
    ip add 192.168.10.1 255.255.255.0
    If you are running Multiple Context mode the configuration could be something like this
    interface GigabitEthernet0/0
    description TRUNK
    interface GigabitEthernet0/0.100
    description LAN
    vlan 100
    interface GigabitEthernet0/0.200
    description DMZ
    vlan 200
    context EXAMPLE-CONTEXT
    allocate-interface GigabitEthernet0/0.100
    allocate-interface GigabitEthernet0/0.200
    config-url disk0:/EXAMPLE-CONTEXT.cfg
    Or something along these lines
    Hope this helps
    Please do remember to mark a reply as the correct answer if it answered your question.
    Feel free to ask more if needed.
    - Jouni

  • Business Continuity features available in ASA-5585-x

    Hi,
    in Data Center environment using only one ASA-5585-x, what kind of business continuity features, a single 5585-x offers or can be configured to keep the business running, in case the firewall got failed.
    Thanks
    Mike

    Hi,
    I am not sure if I understood the question completely.
    I am not really sure how any configuration on the device can help you if the actual device fails completely.
    With regards to the hardware I think only the high end model with SSP-60 comes by default with 2 PSUs while others come with 1 PSUs though you can install a second PSU to the units and in this way provide some redundancy in the event of power failure though that naturally depends on other factors than the ASA alone.
    To my understanding it is also possible to set up the single ASA 5585-X unit with dual SSPs. I have not had to set up such an environment so I am not sure how it exactly works. I am not sure how they handle together. I can't seem to find the document I was once reading about this. But I would imagine that this could provide redudancy to the firewall setup.
    Then there is also Clustering ASAs (not same as Failover pair) units but again this naturally requires additional hardware and is something I have not setup up myself.
    Then there is naturally configuring 2 identical ASA 5585-X units in Failover pair (Active/Standby or Active/Active) to provide redudancy in case of hardware failure.
    We have some less critical environments set up with single ASA5585-X units and we naturally dont guarantee the same availability for those services as with setup where we have 2x ASA5585-X units in Failover. We do have replacement units for these and can naturally get replacements otherwise also.
    - Jouni

  • Visio stencil for ASA 5585-X?

    Hello,
    Can anybody help pointing me to where I can get a visio stencil for a asa-5585-x.
    I really appreciate it.
    Thanks,
    John

    Hi John,
    The official Cisco Visio stencils can be found here:
    http://www.cisco.com/en/US/partner/products/hw/prod_cat_visios.html
    I don't see the 5585 there yet, but once it's available that set should be updated.
    -Mike

  • ASA 5585-X Route-Map

    Hi,
    how can apply  route-map rules to an interface ?
    i set up some rules but i cannot apply these rules any interface.
    Thanks a lot.

    Thank you Kanwal.
    in a cisco router you can apply your route-map by using command ip policy map ... İ didnt find any command like this. İ set up some match and set conditions but i do not apply any interface.
    can i use route-map to manipulate routing table İn asa 5585-x.?
    sincerely

  • ASA 5585-X Licensing

    Hi,
    I was hoping to get some assistance from the community on 5585 part numbers/licensing.
    We have recently purchased some 5585-X SSP-20's.  The part number ordered was ASA5585-S20C20XK9       "ASA 5585-X Chas w/SSP20,CX SSP20,16GE,4 SFP+,2 AC,3DES/AES".  We want to enable the 10GE ports on the SSP-20, do we just purchase an additional license?  We are being guided by our reseller to swap the hardware for ASA5585-S20C20XK9      "ASA 5585-X Chas w/SSP20,CX SSP20,16GE,4 SFP+,2 AC,3DES/AES".
    Thanks,
    Colin

    Based on the documentation you need the Security-Plus License to enable 10G for the 5585 with SSP10 or SSP20.

Maybe you are looking for

  • Problem with skin in a server

    I've created a skin for my project.. It works fine in embedded OC4J server. But when I deployed it on JBOSS server, my buttons' icons don't show... by the way and tree components' icons are hidden,.. instead oracle provides the default ones instead..

  • How do I get an older version of Pages for older Macbook?

    I am interested in an older version of Pages, one that had the good template options for flyers. I have OS 10.7.5 and since I have an older mac book laptop, I cannot upgrade to Mavericks. How do I get an older version of Pages? Ultimately, I'm intere

  • What Does It Actually Mean to "Buy" an Apple TV Movie?

    Have searched but can't find the answer to the following: When I "buy" a movie via Apple TV, what happens to my "ownership" of that movie in the future? If I have to replace the original Apple TV device? If I get rid of Apple TV, then later buy anoth

  • System has got very slow

    just a couple of months since i installed the os x mt lion the apps crash by themselves,saying an unexpected error caused it why is this happening AND FINDER used to be fast enough but now it has become **** a lot sluggish and this irritates when it

  • R12 rapid clone issue.

    Dear All, I wanted to clarify a question regarding rapid clone since I encountered this in one of our customer site recently. If preclone was not run before moving the source system to the target host, will the following work-around be sufficient. 1.