Could i make NTP on ASA 5540
hi..
i have asa 5400,
can i make NTP server on asa 5540.
The ASA cannot work as an NTP server, it can only use an NTP server to set its time using the "ntp server" command.
I hope it helps.
PK
Similar Messages
-
ASA 5505 + ASA 5540 static VPN, ssh and rdp problems
Greetings!
I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
Everything works fine, but there is a small problem that is really annoying me.
From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
What can I do to get rid of this problem?
Thanks in advance.Dear Fedor,
You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
class-map TCP_TIMEOUT
match access-list rdp_ssh
policy-map global_policy
class TCP_TIMEOUT
set connection timeout idle 0:30:00
set connection timeout half 0:30:00
* Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
Let me know.
Portu.
Please rate any post you find useful. -
CiscoWorks LMS 4.0.1 and ASA 5540
I've added an ASA-5540 to the group of systems I backup each night. When the admin logs into the ASA in the morning, he sees the "save configuration" flag has been set. This started the same day CiscoWorks saved teh configuration. What is CiscoWorks doing to set this flag, and how do I stop it? It should only be reading the configuration. Thanks.
Ideally LMS should not save configuration only when LMS is taking the backup of configuration. This can be easily tested, if you try to run an instant job for Configuration Archive under Configuration > Sync Archive and see it on the ASA if it shows "save configuration" flag set.
It should be something else on either LMS or somewhere outside. In LMS it could be something like a NetConfig Job which may save configuration or other options like deploy configuration, which is very unlikely.
Before we stop it, we need to test and confirm, it is actually LMS,. You can also try to suspend the device once from LMS to see if next day you still see similar flag set.
Once we confirm it is LMS, we can test which action of LMS is doing it and how to prevent.
-Thanks
Vinod
** Encourage Contributors. RATE them** -
Trying to use DS 6.2 w/ Cisco ASA 5540 for VPN Auth
Hello all,
I'm trying to connect our Cisco ASA 5540 with LDAP authentication to our DSEE 6.2 directory. The authentication is failing and this line in the debug output from the firewall is really getting to me: "No results returned for iPlanet global password policy".
Their authentication process is two-steps.. It binds with a service account, searches on the "naming attribute" (in our case uid), grabs the DN of the user, and unbinds. With step 2, it binds to the directory with the DN it found when searching, and the password the user supplied. If the second bind is successful, then the firewall lets them on the VPN.
When the firewall binds with the service account, it successfully finds the user's DN and disconnects, so I know my ACI is working correctly there. It just seems to fail when trying to re-bind with the user's DN...
We opened a TAC case with Cisco, and this is their response:
The DN configured on the security appliance to access a Sun directory server must be able to access the default password policy on that server. We recommend using the directory administrator, or a user with directory administrator privileges, as the DN. Alternatively, you can place an ACI on the default password policy.
I refuse to let a poorly written application or appliance bind as cn=Directory Administrator!
I tried putting an ACI on the default password policy located at cn=Password Policy,cn=config , but that doesn't seem to make any difference to the ASA.. My best guess is that it's looking somewhere else for the password policy... did it used to be located elsewhere in iPlanet? Has anyone made this work before with a Cisco ASA?My network admin and I ended up solving this problem by sheer dumb luck. In the ASA config, you tell it what kind of LDAP server it's connecting to. In one set of docs, it had the available options as microsoft, sun, or generic. In another set of docs, we found that openldap was also an acceptable option.
I'm guessing the ASA is thinking the "sun" option is connecting to the old Netscape Directory Server. Changing the "server type" to openldap made it work immediately. It also does not look like it's trying to look at the LDAP server's password policy now either. -
ASA 5540 _ I want to ping across inside to outside for testing
ASA 5540 8.2 (5)
I have tried many combinations of command line syntax suggested in this forum but none are providing success so far.
I want to ping from the Inside Interface across to the Outside Interface and visa versa.
I have tried various ACLs as well as "inspect icmp" in the config, etc still no go.
I can ping each interface from the console command line but cannot ping across each interface.
Is this even possible ?
I am open to suggestions.
thanks
Troy
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.10.10 255.255.255.0
ASA-5540-LAB#
ASA-5540-LAB# ping 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA-5540-LAB# ping inside 192.168.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB# ping outside 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA-5540-LAB#Hi Troy,
Remember that the ASA is a security device, so by design it does't support what you are trying to accomplish.
" For For security purposes the security appliance does not support far-end interface ping, that is pinging the IP address of the outside interface from the inside network."
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/trouble.html#wp1059645
Even if you are trying to ping from the ASA since I see you are trying to do a "source" ping. The source of the packet will be an internal IP address going to the outside IP.
Luis Silva -
If I was to get a new computer and transfer all my music from my itunes on my old computer to hard drive then to my new computer and itunes, could I make a new itunes account on my new computer and still be able to use my old songs?
I am getting a new computer and I know I can transfer my music on my old computer to my new one with a hard drive but me and brother currently share an account and I would like my own, once I get a new computer can I make a new account on my new itunes and still be able to keep my old music and be able to sync it and play it etc?? Anyone with information on this would be muchly appreciated!!! Thank you in advance! Oh and I currently have a windows but will be getting a mac book pro most likelyThe music sync is one one way - computer to ipod. The exception is itunes purchases. File>Transfer Purchases
Have you failed to maintain a backup copy of your computer? -
Preview failed because Adobe Muse could not make a connection over HTTP. The most common cause of this is Firewall software which prevents HTTP connections. You may need to change Firewall settings to allow Adobe Muse to make connections.
no firewall at all, in win 8.1, turned it off for all networks
ftp and publish works just fineHi,
Please take a look at this post : Re: Adobe Muse - Preview Failed
Regards,
Aish -
i have a mac osX 10.5.8 and i could always make photo books with iphoto , now all of a sudden i cant because i have iphoto version 7.1.5 i have tried countless updates and nothing is working ? help ?
Books are no longer supported with iPhoto '08 (a roughly six yeal old product) - you can purchase an iLife '09 DVD from someplace like Amazon or eBay and install it - iPhoto '09 is still supported this year
LN -
I created a new folder on "My Pictures" on my PC to sync some new photos, but when I went into my device to sync the new folder I created I couldnt find the new folder under "selected folders" in the sync photo section. How could I make it a choice to find my new folder I created so i could find it under "selected folder" so I could be able to sync?
Hi there!
Could you clarify for me: are you still using Photoshop Elements on your new Mac or are you now using the Revel Mac Desktop app?
Thank you!
Glenyse -
Could i make a call with ipad 2 ?
could i make a call with ipad 2 ?
Yes, using SKYPE, FaceTime or any social-networking app-related. there's a lot of app out there in app store, from paid app until free app.
-
How do I get an ASA-5540 back to default config?
Is there an easy way to re-apply the default config that comes with a new ASA-5540? I'd like to have our ASA-5540 be back to its default with 192.168.1.1 on the inside interface and act as a DHCP server so I have connect a PC to it to begin initial configuration using the ASDM.
The ASA-5540 is running on asa723-k8.bin.configure factory-default
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c4_72.html#wp2039866
a simple "write erase/reload" would also do the trick. -
How (in windows 8) could I make an screen shot of a PDF figure or table
In windows 8, How could I make an screen shot of a figure or table?
The Windows 8/RT operating system can take screen shots. Please see the Microsoft Windows Support page below.
Take a screen shot (print your screen)
With the steps above, it is possible to capture screen shots of your entire screen or one window.
Please note that Adobe Reader Touch does not provide the functionality to extract or export any objects (text, images, tables, etc.) from a PDF document (yet). -
How could I make face time available in my iPhone 5 setting? I bought it on United Arab Emirate and use it in Afghanistan, with Etisalat GSM connection.
You can not do so. It is permanently removed from all iPhones sold in UAE and KSA. This is a requirement of the goverenments there. Apple has no choice in the matter.
-
Could not make connection to 11g PS1 BAM from Jdev 11.1.1.2.0
Hi,
Could not make a connection to 11g PS1 BAM store from Jdev 11.1.1.2.0.
gave the same host and port details for BAM web host/BAM server host(specified in BAM server properties on the server) in the BAM connection details.
gives the following error when testing the connection.
Testing HTTP connection ... success.
Testing Data Object browsing ... success.
Testing JNDI connection ... failed.
Failed to establish a connection to "ewftwn58.ebiz.verizon.com" at port 9001;
Please verify BAM Server Host & JNDI Port.
2 of 3 tests successful..
i have tried by giving host name and IP address but still getting this error.
Thanks in Adv.
Regards,
Chaitu.I am getting this same problem with PS2 11.1.1.3. This works on my single node environment, but not on our clustered environment. Same error as chaitu
Testing HTTP connection ... success.
Testing Data Object browsing ... success.
Testing JNDI connection ... failed.
Failed to establish a connection to "vprbamch1vhn1.mfltest.co.uk" at port 9001;
Please verify BAM Server Host & JNDI Port.
2 of 3 tests successful.
I have checked my proxy settings in JDev - I have included *.mfltest.co.uk.
I have checked my adapter config and it all seems correct.
Anyone find out what was wrong with their configuration when they get this issue.
Mark.
Edited by: marksimpson on Sep 1, 2010 6:02 PM -
My friend has an apple iphone 4s, He could not make the ID on icloud, becase at the end of ID creation procedure, the message displayed, " the free icloud ID is not eligible for this device" what is the solution, thanx
Your friend will have to create his iCloud account on a different iOS device. His device has already created the maximum number of iCloud accounts and cannot create another one.
Maybe you are looking for
-
I've used "Moneypad" app to record my financial transaction for over a year and I got an update today. After updating all the icons where misplaced and there were a lot of bugs in the app. The update said "Restore original app icon". So I decided to
-
Declaring top level classes instead of subclasses
I seem to have misunderstood something very basic. It's always better, where possible, to declare the top-level class instead of the sub-class, right? Ok, then why do I have the following problem? I declare, from the JavaMail API the following: Messa
-
Visual C++ 6.0 usage with TestStand
Greetings! I would like to have a jump start in using Visual C++ 6.0 with Test Stand. Any example of Visual C++ DLL and sequency file which demonstrates the most basic function as below : Example 1: a. Test stand sequence calls a Visual C++ 6.0 DL
-
dear all: 1, the user's requirement is below: the project have a budget. When exceed budget, system auto send a message to the relevant person in charge (such as: project managers, financial, WBS responsible person, etc.) FYI: workflow can't meet th
-
SIRI won't call "the mother of my girlfriend"
SIRI won't call "the mother of my girlfriend" and says that an error occured or calls my own "mother"! Please, help me out. I work my self by an Apple Reseller and no one of my collegas can help me out! *the problem is not coming from my Contacts Boo