CSM 4.4sp1 netflow configuration for ASA

Similar Messages

• Netflow Config for ASA

  Is netflow supported on the ASA? I have been look on teh net with no luck can soemone point the way or tell me if this not possible?
  TIA!!

  Rick - thanks for your response. It would be nice to see NBAR or Netflow type stats on the ASA, when the ASA is performing VPN functions.
  Would syslog or something else give me those type of stats?
  Thanks,
  Steve

• TACACS+ configuration for Cisco ASA

  I tired configuring TACACS+ configuration for ASA but unable to complete it. I have ACS 3.3 for all other Cisco Routers and Switches

  Leo,
  I was looking around and come across this post. It's very late, however, wanted to add my inputs for other community members.
  RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+  with ASDM 6.2+.
  If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.
  CSCtf23419    ASDM OTP authentication support in multi-context and transparent modes
  With WLC is yet not possible and there is a enhancement request filed.
  CSCuf61598    WLC: Need ability to support multiple sessions via OTP authentication
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• How to Configure Cisco ASA 5512 for multiple public IP interfaces

  Hi
  I have a new ASA 5512 that I would like to configure for multiple public IP support.  My problem may be basic but I am an occasional router admin and don't touch this stuff enough to retain everything I have learned.
  Here is my concept.    We have a very basic network setup using three different ISPs that are currently running with cheap routers for internet access.  We use these networks to open up access for Sales to demo different products that use a lot of bandwidth (why we have three)
  I wanted to use the 5512 to consolidate the ISPs so we are using one router to manage the connections.  I have installed an add on license that allows multiple outside interfaces along with a number of other features.
  Outside Networks (I've changed the IPs for security purposes)
  Outside1 E 0/0 : 74.55.55.210  255.255.255.240 gateway 74.55.55.222
  Outside2 E 0/2: 50.241.134.220 255.255.248 gateway 50.241.134.222
  Inside1 : E 0/1 192.168.255.1 255.255.248.0
  Inside2 : E 0/3 172.16.255.1 255.255.248.0
  My goal is to have Inside 1 route all internet traffic using Outside1 and Inside 2 to use Outside2.    The problem is I can't seem to do this. I can get inside 1 to use outside 1 but Inside2 uses Outside 1 as well.
  I tried adding static routes on Outside2 to have all 172.16.248.0/21 traffic use gateway 50.241.134.222 but that doesn't seem to work.   
  I can post my config up as needed.  I am not well versed in Cisco CLI, I've been using the ASDM 7.1 app.  My ASA 5512 is at 9.1.   
  Thanks in advance for the suggestions/help

  I have been away for a while and am just getting caught up on some posts. so my apology for a delayed response.
  I find the response very puzzling. It begins by proclaiming that to achieve the objective we must use Policy Based Routing. But then in the suggested configuration there is no PBR. What it gives us is two OSPF processes using one process for each of the public address ranges and with some strange distribute list which uses a route map. I am not clear what exactly it is that this should accomplish and do not see how it contributes to having one group of users use one specific ISP and the other group of users use the other ISP>
  To the original poster
  It seems to me that you have chosen the wrong device to implement the edge function of your network. The ASA is a good firewall and it does some routing things. But fundamentally it is not a router. And to achieve what you want were a group of users will use a specified ISP and the other group of users will use the other ISP you really need a router. You want to control outbound traffic based on the source of the traffic, and that is a classic situation where PBR is the ideal solution. But the ASA does not do PBR.
  HTH
  Rick

• ASA 5505 configured for WebVPN connecting to Citrix Web Interface

  ASA 5505 configured for WebVPN connecting to Citrix Web Interface.
  i have a ASA 5505 that I am attempting to configure for WebVPN with passthrough into Web Interface .  The user authenticates into WebVPN OK and gets the option to click on the Citrix Link (which is i add bookmark  citrix server http:// 172.30.40.5.) i enter the citrix and then for example  i want to open to outlook it can not open. (when i want to open some application no application is open)).there is no alarm at asa. how i solve this issue?
  thanks.

  Teymur,
  Can you confim that after disabling the ssl/tls on the Citrix server (secure connectivity) that you are getting exactly the same error.  It is possible that it is generating a different error.
  The bug where we have see the existing error was CSCtf06303 but that has been fixed in 8.4.1.  Can you confirm the exact version of code you are running on the ASA.
  If you have confirmed the above two notes it may be adventageous to open a TAC case as we may need to do some live additional troubleshooting.
  Thanks
  -Jay

• ASA 8.2 configuration for an ASA 9.1.(1) device

  Hello, I have a configuration file from a 5510 running ASA ver 8.2
  I have a brand new ASA5525 running ASA ver 9.1(1)
  It is my understanding the configuration syntax is different between these versions
  I need to take this config I have and somehow auto-format it to work with 9.1(1).  Upgrade is not an option since the firewall is already on 9.1(1)
  Anyone know how would I go about this?

  Hi,
  I think you can use this Document to understand the Syntax changes and you will find the corresponding syntax for ASA 9.x as well.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
  Also , you can check out this Automated tool as well:-
  http://www.tunnelsup.com/nat-converter
  I would recommend going through and manually converting the configuration to prevent any errors.
  Thanks and Regards,
  Vibhor Amrodia

• How we archieve configuration for Cisco ASA 5500 series appliances

  Hi,
  We need to archieve configuration for Cisco ASA 5500 series appliances.
  We have Cisco works LMS 3.0.1.
  Device package installed is 4.2
  Any help would be appricated.
  Thanks in advance.
  Samir

  Hi ,
  Thanks for your answer.
  Right now we are using TACAS to login in to the ASA. That means we need single username and password to login via
  Cisoworks. Am I correct ?
  Waiting for your reply.
  thanks,
  Samir

• Configuration guide for ASA Ipsec.

  Ho guys.
  I need configuration guide for ASA Ipsec using Cli.
  Thank you.
  Sent from Cisco Technical Support iPad App

  Hi,
  please check the below link
  http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080b4ae61.shtml?referring_site=smartnavRD
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml
  Thanks and Regards,
          ROHAN 

• I need help configuring a connection with asdm 5.2 for asa

  Hi All
  I am very much a novice with asdm 5.2 for asa and I urgently need to configure a connection but don’t know how to. I have 2 domains at work and someone is trying to connect their sql client from their pc in one domain to the sql server in the other domain (DMZ).
  When he tries to connect he gets the error
  Cant connect to MySql Server at "IP Address" (10060)
  He is trying to connect on port 3306. Could anyone please give me any tips on how i can resolve this quickly? I know i am
  trying a shortcut on this one but I recently started a new job and thrown in the deep end here and need to learn this asdm 5.2 for asa product from scratch with nothing more than the manual that come with the cd . My Cisco knowledge is from 2001 when i did half of a ccna course.
  Any help would be greatly appreciated

  Hi,
  I'm not a security specialist but here is how I had it set up at home:
  Essentially a NAT and a rule forwarding the port are needed. In this particular case I had an Oracle server running and a person requested remote access. So, for example, the source address was his external IP and the destination was the Oracle's external IP. For the NAT the source was the internal IP of the Oracle server and the interface was Outside.
  Hope this points you in the right direction.

• How to setup netflow V9 on ASA

  Hi Forumers'
  want to check out how to configure the ASA to support netflow V9, either in ASDM or CLI mode as welcome.
  i follow the PRTG guide it doens't seem success to make the detection on netflow activity,
  please advice
  Noel

  Hello Joel,
  This video should help you confirm that the ASA NetFlow configuration is setup correctly.
  Jake

• ASDM is unable to read the configuration from ASA.

  Earlier today I was configuring the Cisco ASA (7.2(2)) using the ASDM, but after a reboot of the appliance I now get the following:
  ASDM is unable to read the configuration from ASA.
  This happens shortly after ?Loading running configuration from the device? appears in the ASDM status window.
  I have tried restarting both the appliance and my workstation, but the issue persists. I have also tried clearing the ASDM cache, but that doesn?t help either. The issue occurs whether I used the Cisco ASDM Launcher or the web interface.
  SSH access to the appliance works fine.
  Thanks for any assistance (why is it that Cisco?s GUIs always have issues?!?).

  I have exactly the same issue , SSH works fine but ASDM and Web interface reply with that error message "ASDM is unable to read the configuration from ASA".
  My ASA is a 5520 ver 7.1(2) with ASDM 5.1(2)
  Could it be something related to Java ?
  Thanks for any hint.

• CSM 4.5 Event Manager for IOS firewall on routers?

  Hi,
  Can anyone confirm fo me whether it's possible to send syslog messages from routers running IOS firewall feature set to CSM, so that the events appear in CSM Event Manager, similar to the way that ASA's do?
  I've setup one of my routers to do this and have confirmed using wireshark that the syslog packets are received on the CSM 4.5 machine, but they don't seem to turn up in Event Manager.
  This would be an extremely useful feature if I can get it to work!
  Thanks,
  Matt                  

  Hello friends,
  Please, allow me to resurect this old post. 
  I have already installed CSM 4.4 and I am already managing an ASA through CSM. I have configured CSM according to next the User Guide.
  http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-4/user/guide/CSMUserGuide_wrapper/evntchap.html
  I am not able to see the Events in the Event viewer client. Would you give me an advise about how to troublehoot that?
  Regards!

• Redundant etherchannels for ASA 5585X

  Hi there ,  We have procured 2 ASA 5585X units for Active / Standby setup . In the interim we will go with etherchannelling 1 Gig links to upstream 6513 swtiches (non VSS).  Can I have this configuration for resiliency. 
  Etherchannel from ASA Primary - Switch 1 & Switch 2
  Etherchannel from ASA Standby - Switch 1 & Switch 2
  or
  Etherchannel from ASA Primary - Switch 1
  Etherchannel from ASA Standby - Switch 2
  ( Failover links between the Firewalls are already configured )
  Currently I am reviewing which would be the best way to configure redundancies to upstream switches. Appreciate any suggestions
  Thanks

  The delay is not in the failover. The delay is in the traffic flowing through the 6513's now take a different path. I assume you are trunking your 6513's together, and thus that's how you're dual-homing devices to your 6500's and connecting them to same VLAN's?
  I've run into this issue many times. Are there active SVI's on the switches, or are the active SVI's on the firewalls themselves (meaning, are you trunking the VLAN's to the firewalls)?
  One way of handling this is to put your VLAN SVI's in HSRP between the 6513's, and then create routed links to your Firewalls (utilizing OSPF or EIGRP). That way your routes will change dynamically (almost instantly) with the failure of a switch or a firewall. This way your next hop is covered both directions.

• New Terminal Service client plugin for ASA?

  Hi all,
  since Feb a new version (rdp-plugin.111024.jar) of the Terminal Service client plugin for ASA is available.
  Can somebody tell me what is changed or new in this version? There are no release notes for this version, only for the older rdp-plugin.101215.jar.
  Thanks,
  Markus

  Hi Yasser,
  Thank you for posting in Windows Server Forum.
  As you have commented it happens with single user so might possible there is some issue with specific user profile. 
  Have you tried to login that user from different systems and check result?
  Here I can suggest you to delete the roaming profile cache and verify result. You can enable GPO policy as below steps & then try to religion and check the result. 
  1. Edit the GPO that you want to modify.
  2. Locate the following section: Computer Configuration \ Administrative Templates \ System \ User Profiles.
  3. Double-click Delete cached copies of roaming profiles (the Group Policy setting).
  4. Click Enabled.
  In addition, you can checkthis article for user profiles guide. Also see whether you have applied proper
  permission to that user for accessing that application.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Flash File for ASA Firewall

                     can you anyone  provide the link for Flash type learning for ASA Firewall 5505.

  Hi,
  To be honest I havent used that many online resources of the type you are after.
  I would imagine that the CCNP Security - Firewall certification book current version would have a lot of usefull information related to the Cisco firewalls.
  The CSC also has some videos related to firewalling
  https://supportforums.cisco.com/community/netpro/security/firewall?view=video
  There is also the Cisco Live 365 site which has all the documents from the Cisco Live events around the world. You will need to register to get access to my understanding. There are also videos of the presentations there (atleast for some). Naturally the documents dont go deep into theory but they do have some helpfull information
  https://www.ciscolive365.com/connect/publicDashboard.ww
  You can also find a lot of guide videos on Youtube for example like this one
  http://www.youtube.com/watch?v=Y0ZnRmgINgE
  Sadly I cant help you much in this case. I personally learnt most about the Cisco firewall the hard way, basically without any supporting material and education (we only had CCNA and CCNP Routing&Swithching wihtout any course on the PIX firewall that was in use at that time and ASAs were still new). Eventually I learned what I needed and nowadays I just tend to refresh information from documents and mostly refer to the ASA Configuration Guide and Command Reference if I need to check on some command or confirm how something worked.
  Hope this helps
  - Jouni