ASA Service Module with Packeer

Similar Messages

• ASA Service module shut down and on automatically

  hello,
  i have a asa service module which is inserted on 6509 chassis.
  This morning when i came to the office i have noticed my asa service module was restarted at last night but 6509 was up.
  one more thing we dont have failover.only have single asa service module.
  ASA SM version is 8.5
  below is the failover history and details
  ciscoasa up 17 hours 11 mins
  ------------------ show crashinfo ------------------
  No crash file found.
  ------------------ show failover history ------------------
  ==========================================================================
  <--- More --->
  From State                 To State                   Reason
  ==========================================================================
  14:28:40 UTC Apr 7 2013
  Not Detected               Disabled                   No Error
  can any one tell me why this happend.
  thanks in advanced
  Khem

  Hi,
  Would seem to me that it would be best to check this through Cisco TAC to determine the cause.
  It would seem though that no Crashinfo file was generated so thats kinda strange.
  You should be able to confirm if the ASASM is set to save a crashinfo file with the command "show crashinfo save"
  - Jouni

• ASA Service Module on 6500 montoring console session

  We have 6500 with ASA Service Module
  On 6500 how can we configure so that if someone logs in to the ASA Service Module and reboots the firewall we can have logs of it in syslog of switch .
  Thanks for help

  I hate to answer my own posts, but here it is.  TAC tells us that there are 2 choices to make this work.  Apparently the way that worked on an ISR and ISRG2 does not work on the 4000 series routers.  I guess that's progress.
  Option 1. Use a physical cable to connect one of the router's interfaces to one of the etherswitches interfaces and treat it just like the etherswitch is a seperate physical switch.  I'm sure there is a use case for that but I'll not cover that here.
  Option 2. Use the "service instance" feature on the router's internal interface to bind it to a new "BDI" virtual interface on the router.  This is what we'll do.
  On our router ethernet-internal 1/0/0 maps to Gi0/18 on the etherswitch, all internal to the box.  The router will be10.0.0.1 and the switch will be 10.0.0.2.
  Router:
  interface Ethernet-Internal 1/0/0
  service instance 1 ethernet
  encapsulation dot1q 50
  rewrite ingress tag pop 1
  interface BDI 1
  mtu 9216
  ip address 10.0.0.1 255.255.255.0
  Switch:
  interface Gi0/18
  switchport trunk vlan allowed 50
  switchport mode trunk
  vlan 50
  name Egress vlan
  interface vlan 50
  ip address 10.0.0.2 255.255.255.0
  ip route 0.0.0.0 0.0.0.0 10.0.0.1
  Then there are a million ways to design and configure the switch as a normal 3560X switch but that's beyond the scope of my question.

• Migrating from FWSM to ASA Service Module (ASASM)

  I'm migrating from a failover pair of FWSM modules across to a failover pair of ASA Service Modules. In order to avoid a "big bang" switchover I intend to migrate subnets from one to the other over a protracted period.
  With that in mind, can anyone confirm whether there is any restriction on having FWSM and ASASM modules in the same chassis? A trawl of the relevant documentation hasn't revealed anything.
  In this specific case it is Catalyst 6509E VSS chassis pairs with Sup-2T.
  Thanks in advance.

  So long as the chassis has enough power to power these modules you are good.
  Upto 4 FWSMs can be installed in a chassis.
  Upto 4 ASA-SM modules can be installed in a chassis.
  FWSM:
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps4452/product_data_sheet0900aecd803e69c3.html
  • Up to 4 FWSMs (20 Gbps) per Catalyst 6500 chassis
  ASA-SM
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11621/qa_c67-662207.html
  Q. How many ASA Services Modules can I place in a Cisco Catalyst 6500 Series chassis?
  A. Up to four independent ASA Services Modules can simultaneously run in a Cisco Catalyst 6500-E Series chassis.
  -Kureli
  Checkout my breakout session at Cisco Live 2013, Orlando, Florida.
  BRKSEC-2024 Deploying Next-Generation Firewall Services on the ASA 
  Room 314A Tuesday, June 25 3:00 PM - 4:30 PM

• Does ASA Service Module on 6509-E support Remote Access VPN ?

  I'm having a problem configuring Remote Access VPN (SSL, Anyconnect ect.) on ASA Service Module on 6509-E. Is this even supported  or am i wasting my time trying to make something work which will not work in a first place :) ? Site-to-Site works without any problems.
  Tech Info:
  6509-E running SUP 2T 15.1(2)SY
  ASA Module - WS-SVC-ASA-SM1 running image - asa912-smp-k8 & asdm-712
  Licenses on ASA:
  Encryption-DES - Enabled
  Encryption-3DES-AES  -Enabled
  Thanks in Advance for support.

  Are you running multiple context mode?
  If you are, remote access VPN is not supported in that case:
  "Note Multiple context mode only applies to IKEv2 and IKEv1 site to site and does not apply to AnyConnect, clientless SSL VPN, the legacy Cisco VPN client, the Apple native VPN client, the Microsoft native VPN client, or cTCP for IKEv1 IPsec."
  Reference.

• Is the ASA Service Module consider a Next Generation Firewall?

  Thank you!

  The term does not have a standard meaning. However, as Cisco uses it, it refers to a platform capable of running their NGFW services (AVC, WSE and IPS running on a CX module).
  In that usage the answer is no. The ASA SM is not capable of running the CX module and associated software. Reference 1. Reference 2. 

• VPN service module with EFM

  Dears,
          we are already user VPN module in our chassis 6500 where all communication lines are terminated.
  now we will using EFM line , but i am not sure how to cahnage configuration related to it.

  Hello,
  You will need both. The 7600-SSC-400 is the carrier module of the SPA-IPSec-2G.
  There is more information on this via the following link:
  http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html
  Warm Regards,
  Rose

• AR invoice issued from Service module with approval procedures

  When an AR invoice is issued from Service Call tab, due to the reason that we require approval, when the invoice is approved and added, the AR invoice is not captured in service call tab as a linkage. Is this the limitation in Business one? Any ideas about how to resolve this issue?

  hi,
  It may be due to application error,
  Check this  Note 1052012 - Docs that need approval cannot be created from service call
  [https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1052012]
  Jeyakanthan

• Firewall service module vs ASA

  Hi
  Someone told me that the cisco firewall service module of 6500 has poor performances compared to ASA
  What do you recommend as a core firewall (to protect internal servers): ASA or firewall service module ?
  thanks

  Hi,
  We are using 5 FWSMs at the moment but are moving away from them to ASA5585-X models.
  I wouldnt suggest going to FWSMs anymore at this point if you have any plan on having support for new features.
  End Of Life and End of Sale Notice
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/eol_c51-699134.html
  The follower for the FWSM is the ASA Service Module which supports the newer softwares (while the FWSM doesnt). Heres a link to a document about the ASASM
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps11621/data_sheet_c78-672507.html
  Also you could always consider a separate ASA models. Here are links to both the orignal ASA 5500 series and new ASA 5500-X series
  ASA 5500 Series
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
  ASA 5500-X Series
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf
  I guess the question for you is what are the requirements for the device regarding performance. All of the above documentation should give you a clue about which model might be the best for you.
  - Jouni

• XML Publisher with Service Module - Service Request Reports -- URGENT

  Hi all ... any pointers/help/guidance with the problem listed below would be much appreciated.
  I'm working in the context of the Oracle Service Module & Service Request Reports.
  I'm required to configure the XML Publisher Responsibility seeded functionality with the service module reports.
  Listed below are the two reporting requirements that I'm considering , corresponding to the following seeded XMLP Responsibility seeded components:
  (I'm quoting an extract from the Oracle TeleService Implementation & User Guide here).
  Detailed Report
  Data Definition: Service Request Detail Definition (CS_SR_DETAIL_DEF)
  Corresponding Template: Service Request Detail Report Template (CS_SR_DETAIL_TMP.en)
  Template Description: Includes all of the available service request attributes including charges, the two descriptive flexfields, and extensible attributes.
  Summary Report
  Data Definition: Service Request Summary Definition (CS_SR_SUMMARY_DEF)
  Corresponding Template: Service Request Summary Report Template (CS_SR_SUMMARY_TMP_en)
  Template Description: Includes a subset of the detailed report attributes including the same charges information as the detailed report.
  When I log into the EBS >> XML Publisher Administrator Responsibility >> Service Application ... I find these seeded XMLP components, together with the preview data, downloadable templates & sample output.
  The question is:
  Where (responsibility/application/navigation/etc.) do I find the seeded EBS Service Reports to provide the expected XML input to the seeded XMLP Service Request Data Definitions & Templates????
  Notes ...
  I have found the following two reports, under the Service Application in EBS, set their output type to XML and viewed the output of the submitted request:
  - Service Request Detail Report
  - Service Request Summary Report
  ... but each of these two reports produce XML output of a different data model/structure to that expected by each of the corresponding seeded XMLP data-definitions/templates.
  Additionally, I cannot find any corresponding concurrent program definitions on the system with the same SHORT-NAME/CODE as the seeded XMLP data definitions themselves i.e. CS_SR_DETAIL_DEF and CS_SR_SUMMARY_DEF.
  Are the necessary reports not actually seeded within EBS? Do the seeded XMLP data definitions & templates require development of new Concurrent Programs from scratch to access the database tables and provide the necessary data/input, or am I missing something here??

  I am sure you found a solution to your problem. If not, to give a pointer to this issue, I guess these reports are gererated right from the service request screen and this definition is used there.This report can be generated from several places based on where you are within SR scree.
  Thanks
  Nagamohan

• Function module for Create service order with reference to sales doc (RAS )

  Hi All,
  I have to create a service order (type SM03) with reference to sales document (doc type RAS, in other way it is called as repair order).
  I have used function module 'ALM_ME_ORDER_CREATE' && 'CO_ZV_ORDER_POST' to create service order and its working fine but problem is that i am not able to create linking between repair order and service order.
  Can anyone suggest me function module, BAPI to create service order with reference as sales document (RAS) so that all related details of sales document will automatically reflect to service order..
  Sumit

  Try this function module BAPI_ORDER_MAINTAIN. Just search with BAPI_ORDER* in SE37 you will get some more functions.
  Regards
  Kathirvel

• Service Modules in 6500s, IPS/IDS and Stand-alone options.

  Hi,
  My first post here and it's a question regarding knowledge that I can't seem to find via CCW and through people I know.
  Does the Service Module in the 6500 i.e. WS-SVC-ASASM1B-K9 come with or support an IPS/IDS option?
  Does a stand-alone ASA5500 come with an installed IPS/IDS option.
  Thanks.

  > Does the Service Module in the 6500 i.e. WS-SVC-ASASM1B-K9 come with or support an IPS/IDS option?
  On the Cat6k5 is the IDSM2. Thats a completely outdated module with 500 MBit/s of throuput. For the Datacenter designs Cisco recommends the standalone IPS 4500 instead a module if you need good IPS throughput.
  > Does a stand-alone ASA5500 come with an installed IPS/IDS option.
  The ASA has build-in IPS with a fixed signature-set that is not such rerlevant. The better way of doing IPS on the ASa is to have an optional IPS-module. These modules are didicated hardware on the legacy ASAs (the ones without -X) and pure software-modules on the new ASAs. The 5585 is an exception where IPS is also a dedicated hardware-module.
  Sent from Cisco Technical Support iPad App

• APEX Listener 2.0 - RESTful Services Failure with  404 - Not Found

  Versions used:
  * APEX Listener 2.0.0.354.17.05
  * Application Express 4.2.1.00.08
  * Oracle Database 11.2.0.1
  When testing the sample RESTful Service Module oracle.example.hr I always get 404 - Not Found page.
  I followed the documentation to install and configure APEX 4.2 and the Listener 2.0. Everything in my APEX installation works fine except RESTful Services.
  For example, when calling this RESTful Service:
  http://company.com:45678/apex/DEV/xxuapex/hr/empinfo/
  I get a 404 page.
  The corresponding entry in url-mapping.xml is:
  <pool base-path="/DEV" name="od01" workspace-id="xxuapex"/>
  where xxuapex is the name of the schema as well as the workspace where the RESTful Service is installed.
  Moreover, the corresponding od01.xml, od01_rt.xml and od01_al.xml in the conf directory seem correct.
  Any help is greatly appreciated.
  Thanks.
  Eddie Awad.

  Hi Eddie,
  +> try the other option base-url of the url-mapping+
  I did. No change. Still getting 404.When active it should transform the 404 page into a detailed 404 with a description of what the error is. Just to be sure, this is activated in the defaults.xml file of the APEX Listener as: *<entry key="log.logging">true</entry>*.
  You should then see a detailed 404 output in your browser of what's going wrong first of all.
  +> Could you post your url-mapping.xml file?+
  <?xml version="1.0" encoding="UTF-8"?>
  <pool-config xmlns="http://xmlns.oracle.com/apex/pool-config">
  <pool base-path="/DEV" name="od01" workspace-id="xxuapex"/>
  <pool base-path="/TEST" name="ot01" workspace-id="xxuapex"/>
  </pool-config>
  Despite using the url mapping script, it didn't map mine correctly and had to edit it manually. It was the use of "apex" that got it to work for me:
  *<pool base-path="/" name="apex" workspace-id="workspace-name-here" updated="2013-01-09T20:48:59.75Z"/>*
  Nick.

• How to configure link between 2921 and SM-D-ES3G-48-P EtherSwitch Service Module

  hi,
  I can't do that like the procedure given by Cisco.
  http://www.cisco.com/en/US/partner/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1942894
  Cisco Procedure :
  interface gi10/0
  ip address x.x.x.x x.x.x.x
  service-module gigabitethernet 1/0 session
  My result :
  R2921-8CPITR-1(config)#int gi 1/1
  R2921-8CPITR-1(config-if)#ip address 2.2.2.2 255.255.255.192
  % IP addresses may not be configured on L2 links.
  R2921-8CPITR-1(config-if)
  R2921-8CPITR-1(config)#interface gigabitEthernet 1/1.1 ?
  % Unrecognized command
  R2921-8CPITR-1(config)#interface gigabitEthernet 1/1 ?
    <cr>
  R2921-8CPITR-1(config)#
  the session is not possible also ?
  R2921-8CPITR-1#service-module gigabitEthernet 1/1 sess
                                                    ^
  % Invalid input detected at '^' marker.
  R2921-8CPITR-1#
  The routeur said that it's not a L3 port, so how to configure it to allow communication between the 2921 and the card ?
  Is there a bug with that version I'm in 15.1(4)M4 ????
  R2921-8CPITR-1#sh ver
  Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 20-Mar-12 18:57 by prod_rel_team
  ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
  R2921-8CPITR-1 uptime is 19 hours, 21 minutes
  System returned to ROM by power-on
  System restarted at 16:00:45 GAB Fri Sep 14 2012
  System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
  Last reload type: Normal Reload
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory.
  Processor board ID FGL1618119E
  6 Gigabit Ethernet interfaces
  2 terminal lines
  DRAM configuration is 64 bits wide with parity enabled.
  255K bytes of non-volatile configuration memory.
  250880K bytes of ATA System CompactFlash 0 (Read/Write)
  License Info:
  License UDI:
  Device#   PID                   SN
  *0        CISCO2921/K9          FGL1618119E
  Technology Package License Information for Module:'c2900'
  Technology    Technology-package           Technology-package
                Current       Type           Next reboot
  ipbase        ipbasek9      Permanent      ipbasek9
  security      None          None           None
  uc            None          None           None
  data          None          None           None
  Configuration register is 0x2102
  R2921-8CPITR-1#

  Same issue here.
  I just waited a few minutes and the interface went down and back up, this time it was a L3 interface.
  My guess is that it was booting the switch module IOS, and it detected it until it was fully booted:
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
  Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
  Apr 11 05:26:52.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
  Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
  Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
  Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
  Apr 11 05:27:46.947: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
  Apr 11 05:27:47.031: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
  Apr 11 05:27:47.083: %LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to administratively down
  Apr 11 05:27:47.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
  Apr 11 05:27:48.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to down
  Apr 11 05:27:49.283: %IP-5-WEBINST_KILL: Terminating DNS process
  Apr 11 05:27:52.499: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up
  Apr 11 05:27:53.087: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 04-Sep-12 16:50 by prod_rel_team
  Apr 11 05:27:53.255: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
  Apr 11 05:27:53.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
  Apr 11 05:28:21.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
  Apr 11 05:29:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
  Apr 11 05:29:22.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Router>en
  Router#sh ip int brief
  Interface                  IP-Address      OK? Method Status                Protocol
  Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down
  GigabitEthernet0/0         unassigned      YES unset  administratively down down
  GigabitEthernet0/1         unassigned      YES unset  administratively down down
  GigabitEthernet0/2         unassigned      YES unset  administratively down down
  GigabitEthernet1/0         unassigned      YES unset  administratively down down
  GigabitEthernet1/1         unassigned      YES unset  up                    down
  Vlan1                      unassigned      YES unset  down                  down
  Router#
  Apr 11 05:29:46.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to upconf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  Router(config)#int g1/0
  Router(config-if)#ip add 1.1.1.1 255.255.255.0
  Router(config-if)#no shut
  Router(config-if)#
  Apr 11 05:30:09.046: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
  Apr 11 05:30:10.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
  Router(config-if)#end

• Is Mobile 2007 Stock Management Service Compatibile with R/3 4.7

  Can any one tell me if I can implement Mobile Service - Service Parts management - Van stock with R/3 47 back-end
  Installation guide says ERP 6.0 as a landscape requirements..
  I have few questions
  Can Ii implement CRM Mobile 2007 Service Module including the Vanstock with a R/3 47 Back-end
  If I can what is the plug-in I use to integrate the Mobile database to CDB and to R/3
  Any help will be rewarded.
  Thanks
  Raj

  Hi Raj,
  For using Vanstock scenrios on the mobile service application, SAP ECC 6.0 and SAP Netweaver Mobile 7.1 are the minimum requirements.
  It cannot be implemented for any release lower than these because these functionalities/APIs are available from the mentioned releases.
  Best Regards,
  Pravin..