Export physical and logical details on ASA 5520 and 8.0 software

Hello...does anybody know if there is any way to export details of the physical and logical interface details (including interface descriptions) to Excel, PDF or and other format from the command line or ASDM? 
Thanks,
John

Export directly in xls, xlsx or pdf - no.
The output of "show run interface" or "show interface" is pretty structured however and easily parsed by Excel - either manually or via a macro. See output below (you can omit the interface identifier to get all interfaces. I used one for brevity.)
One can build a script to log in, perform an arbitrary command logging the output to a file which can then be massaged to extract the information you want in a suitable format (csv, etc.). Once in Excel it can be saved as pdf if you're so inclined.
Of couse, some of the full-featured network management tools do a lot of this (and lots more) if you have them.
ASA-1# sh run int eth0/0
interface Ethernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.224
ASA-1#
ASA-1# sh int eth0/0
Interface Ethernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
MAC address 0013.c480.6b50, MTU 1500
IP address x.x.x.x, subnet mask 255.255.255.224
14156274 packets input, 16095096189 bytes, 0 no buffer
Received 44764 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
8548524 packets output, 1006461151 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 64 collisions, 6 interface resets
95 late collisions, 627 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/125)
  Traffic Statistics for "outside":
14156267 packets input, 15839536990 bytes
8548619 packets output, 820243613 bytes
39502 packets dropped
      1 minute input rate 2 pkts/sec,  349 bytes/sec
      1 minute output rate 2 pkts/sec,  425 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 2 pkts/sec,  2091 bytes/sec
      5 minute output rate 1 pkts/sec,  352 bytes/sec
      5 minute drop rate, 0 pkts/sec

Similar Messages

  • HA between a Cisco ASA 5520 and a Cisco ASA 5525-X

    Hi all!
    we have a couple of Cisco ASA 5520 running 8.4(3) software, and we want to improve throughput changing them with a couple of Cisco ASA 5525-X. Since software is theorically compatible, we are not going to upgrade it right now.
    We don't want to stop service, so we are thinking about switching off backup 5520 firewall, change it with a 5525-X and balance service to that one while we change the other 5520 fw. So the question is, has someone tried to make an active-pasive cluster with both technologies, Cisco ASA an Cisco ASA-X firewalls? We were said that it should be theorically compatible, but we'd like to know if someone tried before.
    Best regards for all,

    You cannot make a 5520 establish failover with the mate being a 5525-X.
    1. The configuration guide (here) states:
    The two units in a failover configuration must be the same model, have the same number and types of interfaces, the same SSMs installed (if any), and the same RAM installed.
    2. A 5525-X requires 8.6 software. 8.6 does not support non-X series ASAs. (Reference) Even if you wait until 9.0 is available (next month) for both you still fail on the model and RAM (X series has much more than the 5520) checks noted above.

  • Site to Site VPN between Cisco ASA 5520 and Avaya VPN Phone

    Hi,
    I am wondering if anyone can assist me on configuring Cisco ASA 5520 site to site vpn with Avaya VPN Phone? According to Avaya, the Avaya 9630 phone acts as a VPN client so a VPN router or firewall is not needed.
    The scanario:
    Avaya System ------ ASA 5520 ------ INTERNET ----- Avaya 9630 VPN Phone
    Any help or advice is much appreciated.
    Thanks.

    Hello Bernard,
    What you are looking for is a Remote Ipsec VPN mode not a L2L.
    Here is the link you should use to make this happen:)
    https://devconnect.avaya.com/public/download/interop/vpnphon_asa.pdf
    Regards,
    Julio

  • Inter VLAN Routing with ASA 5520 and Cat 2960

    Hi there,
    I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).
    As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other.  The attached screenshot shows the topology.
    I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs.  Any assistance would be greatly appreciated.
    ROUTER CONFIG:
    ciscoasa#
    ciscoasa# show run
    : Saved
    ASA Version 8.3(1)
    hostname ciscoasa
    domain-name null
    enable password ###### encrypted
    passwd ###### encrypted
    names
    dns-guard
    interface GigabitEthernet0/0
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/1
    no nameif
    security-level 100
    ip address 10.10.1.1 255.255.255.0
    interface GigabitEthernet0/1.10
    vlan 10
    nameif vlan10
    security-level 100
    ip address 10.10.10.1 255.255.255.0
    interface GigabitEthernet0/1.20
    vlan 20
    nameif vlan20
    security-level 100
    ip address 10.10.20.1 255.255.255.0
    interface GigabitEthernet0/1.30
    vlan 30
    nameif vlan30
    security-level 100
    ip address 10.10.30.1 255.255.255.0
    interface GigabitEthernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    boot system disk0:/asa831-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name null
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    access-list global_access extended permit icmp any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu vlan10 1500
    mtu vlan20 1500
    mtu vlan30 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    asdm image disk0:/asdm-631.bin
    no asdm history enable
    arp timeout 14400
    access-group global_access global
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd address 192.168.1.2-192.168.1.5 inside
    dhcpd enable inside
    dhcpd address 10.10.10.101-10.10.10.253 vlan10
    dhcpd enable vlan10
    dhcpd address 10.10.20.101-10.10.20.253 vlan20
    dhcpd enable vlan20
    dhcpd address 10.10.30.101-10.10.30.253 vlan30
    dhcpd enable vlan30
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns migrated_dns_map_1
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns migrated_dns_map_1
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DD
    CEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:4ad1bba72f1f51b2a47e8cacb9d3606a
    : end
    SWITCH CONFIG
    Switch#show run
    Building configuration...
    Current configuration : 2543 bytes
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Switch
    boot-start-marker
    boot-end-marker
    no aaa new-model
    system mtu routing 1500
    ip subnet-zero
    spanning-tree mode pvst
    spanning-tree extend system-id
    no spanning-tree vlan 1
    vlan internal allocation policy ascending
    interface GigabitEthernet0/1
    description Port Configured As Trunk
    switchport trunk allowed vlan 1,10,20,30,1002-1005
    switchport mode trunk
    interface GigabitEthernet0/2
    switchport access vlan 10
    switchport mode access
    interface GigabitEthernet0/3
    switchport access vlan 20
    switchport mode access
    interface GigabitEthernet0/4
    switchport access vlan 30
    switchport mode access
    interface GigabitEthernet0/5
    interface GigabitEthernet0/6
    interface GigabitEthernet0/7
    interface GigabitEthernet0/8
    interface GigabitEthernet0/9
    interface GigabitEthernet0/10
    interface GigabitEthernet0/11
    interface GigabitEthernet0/12
    interface GigabitEthernet0/13
    interface GigabitEthernet0/14
    interface GigabitEthernet0/15
    interface GigabitEthernet0/16
    interface GigabitEthernet0/17
    interface GigabitEthernet0/18
    interface GigabitEthernet0/19
    interface GigabitEthernet0/20
    interface GigabitEthernet0/21
    interface GigabitEthernet0/22
    interface GigabitEthernet0/23
    interface GigabitEthernet0/24
    interface GigabitEthernet0/25
    interface GigabitEthernet0/26
    interface GigabitEthernet0/27
    interface GigabitEthernet0/28
    interface GigabitEthernet0/29
    interface GigabitEthernet0/30
    interface GigabitEthernet0/31
    interface GigabitEthernet0/32
    interface GigabitEthernet0/33
    interface GigabitEthernet0/34
    interface GigabitEthernet0/35
    interface GigabitEthernet0/36
    interface GigabitEthernet0/37
    interface GigabitEthernet0/38
    interface GigabitEthernet0/39
    interface GigabitEthernet0/40
    interface GigabitEthernet0/41
    interface GigabitEthernet0/42
    interface GigabitEthernet0/43
    interface GigabitEthernet0/44
    interface GigabitEthernet0/45
    interface GigabitEthernet0/46
    interface GigabitEthernet0/47
    interface GigabitEthernet0/48
    interface Vlan1
    ip address 10.10.1.2 255.255.255.0
    no ip route-cache
    interface Vlan10
    no ip address
    no ip route-cache
    interface Vlan20
    no ip address
    no ip route-cache
    interface Vlan30
    no ip address
    no ip route-cache
    ip default-gateway 10.10.1.1
    ip http server
    ip http secure-server
    control-plane
    line con 0
    line vty 5 15
    end

    ciscoasa# capture cap10 interface vlan10
    ciscoasa# capture cap20 interface vlan20
    ciscoasa# show cap cap10
    97 packets captured
       1: 17:32:32.541262 802.1Q vlan#10 P0 10.10.10.101.2461 > 10.10.10.1.8905:  ud
    p 96
       2: 17:32:36.741294 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
       3: 17:32:36.741523 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
       4: 17:32:37.539217 802.1Q vlan#10 P0 10.10.10.101.2462 > 10.10.10.1.8905:  ud
    p 98
       5: 17:32:39.104914 802.1Q vlan#10 P0 10.10.10.101.2463 > 10.12.5.64.8906:  ud
    p 95
       6: 17:32:41.738914 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
       7: 17:32:41.739143 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
       8: 17:32:42.544023 802.1Q vlan#10 P0 10.10.10.101.2464 > 10.10.10.1.8905:  ud
    p 93
       9: 17:32:46.747352 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      10: 17:32:46.747580 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      11: 17:32:47.546633 802.1Q vlan#10 P0 10.10.10.101.2465 > 10.10.10.1.8905:  ud
    p 98
      12: 17:32:51.739921 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      13: 17:32:51.740150 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      14: 17:32:52.544100 802.1Q vlan#10 P0 10.10.10.101.2466 > 10.10.10.1.8905:  ud
    p 98
      15: 17:32:56.741859 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      16: 17:32:56.742088 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      17: 17:32:57.547396 802.1Q vlan#10 P0 10.10.10.101.2467 > 10.10.10.1.8905:  ud
    p 98
      18: 17:33:01.742728 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      19: 17:33:01.742957 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      20: 17:33:02.547609 802.1Q vlan#10 P0 10.10.10.101.2468 > 10.10.10.1.8905:  ud
    p 97
      21: 17:33:06.742774 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      22: 17:33:06.743018 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      23: 17:33:07.543337 802.1Q vlan#10 P0 10.10.10.101.2469 > 10.10.10.1.8905:  ud
    p 93
      24: 17:33:10.375514 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137:  ud
    p 50
      25: 17:33:11.114679 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137:  ud
    p 50
      26: 17:33:11.742728 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      27: 17:33:11.742957 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      28: 17:33:11.864731 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137:  ud
    p 50
      29: 17:33:12.546266 802.1Q vlan#10 P0 10.10.10.101.2470 > 10.10.10.1.8905:  ud
    p 98
      30: 17:33:16.746497 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      31: 17:33:16.746726 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      32: 17:33:17.548403 802.1Q vlan#10 P0 10.10.10.101.2471 > 10.10.10.1.8905:  ud
    p 97
      33: 17:33:21.744880 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      34: 17:33:21.745109 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      35: 17:33:22.545351 802.1Q vlan#10 P0 10.10.10.101.2472 > 10.10.10.1.8905:  ud
    p 95
      36: 17:33:23.785558 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137:  ud
    p 50
      37: 17:33:24.522464 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137:  ud
    p 50
      38: 17:33:25.272568 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137:  ud
    p 50
      39: 17:33:26.744926 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      40: 17:33:26.745154 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      41: 17:33:27.548708 802.1Q vlan#10 P0 10.10.10.101.2473 > 10.10.10.1.8905:  ud
    p 96
      42: 17:33:31.749625 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      43: 17:33:31.749854 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      44: 17:33:32.550096 802.1Q vlan#10 P0 10.10.10.101.2474 > 10.10.10.1.8905:  ud
    p 97
      45: 17:33:36.748343 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      46: 17:33:36.748572 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      47: 17:33:37.546251 802.1Q vlan#10 P0 10.10.10.101.2475 > 10.10.10.1.8905:  ud
    p 95
      48: 17:33:41.745566 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      49: 17:33:41.745795 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      50: 17:33:42.547975 802.1Q vlan#10 P0 10.10.10.101.2476 > 10.10.10.1.8905:  ud
    p 97
      51: 17:33:46.747855 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      52: 17:33:46.748084 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      53: 17:33:47.548403 802.1Q vlan#10 P0 10.10.10.101.2477 > 10.10.10.1.8905:  ud
    p 94
      54: 17:33:51.747718 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      55: 17:33:51.747931 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      56: 17:33:52.547670 802.1Q vlan#10 P0 10.10.10.101.2478 > 10.10.10.1.8905:  ud
    p 97
      57: 17:33:54.134239 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      58: 17:33:56.750678 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      59: 17:33:56.750891 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      60: 17:33:57.563035 802.1Q vlan#10 P0 10.10.10.101.2479 > 10.10.10.1.8905:  ud
    p 97
      61: 17:33:59.245272 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      62: 17:34:01.752188 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      63: 17:34:01.752402 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      64: 17:34:01.995737 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 49
      65: 17:34:01.995813 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 34
      66: 17:34:01.995950 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 49
      67: 17:34:01.996011 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 34
      68: 17:34:01.996118 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 49
      69: 17:34:01.996179 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 34
      70: 17:34:02.551836 802.1Q vlan#10 P0 10.10.10.101.2480 > 10.10.10.1.8905:  ud
    p 98
      71: 17:34:03.011306 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 49
      72: 17:34:03.011367 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 34
      73: 17:34:03.011443 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 49
      74: 17:34:03.011489 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 34
      75: 17:34:03.011550 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 49
      76: 17:34:03.011596 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 34
      77: 17:34:04.027037 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 49
      78: 17:34:04.027082 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 34
      79: 17:34:04.027174 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 49
      80: 17:34:04.027250 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 34
      81: 17:34:04.027311 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 49
      82: 17:34:04.027357 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 34
      83: 17:34:04.745811 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      84: 17:34:06.058514 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 49
      85: 17:34:06.058605 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427:  u
    dp 34
      86: 17:34:06.058651 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 49
      87: 17:34:06.058712 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427:  u
    dp 34
      88: 17:34:06.058758 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 49
      89: 17:34:06.058819 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
    udp 34
      90: 17:34:06.750907 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      91: 17:34:06.751151 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      92: 17:34:07.552751 802.1Q vlan#10 P0 10.10.10.101.2481 > 10.10.10.1.8905:  ud
    p 96
      93: 17:34:11.752082 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      94: 17:34:11.752326 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      95: 17:34:12.553392 802.1Q vlan#10 P0 10.10.10.101.2482 > 10.10.10.1.8905:  ud
    p 96
      96: 17:34:16.755438 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
      97: 17:34:16.755682 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
      98: 17:34:17.554811 802.1Q vlan#10 P0 10.10.10.101.2483 > 10.10.10.1.8905:  ud
    p 97
      99: 17:34:21.751303 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
    100: 17:34:21.751563 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
    101: 17:34:22.552034 802.1Q vlan#10 P0 10.10.10.101.2484 > 10.10.10.1.8905:  ud
    p 95
    102: 17:34:26.753989 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
    103: 17:34:26.754218 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
    104: 17:34:27.560334 802.1Q vlan#10 P0 10.10.10.101.2485 > 10.10.10.1.8905:  ud
    p 98
    105: 17:34:31.755499 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
    quest
    106: 17:34:31.755728 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
    ply
    107: 17:34:32.563950 802.1Q vlan#10 P0 10.10.10.101.2486 > 10.10.10.1.8905:  ud
    p 95
    107 packets shown
    ciscoasa# show cap cap20
    92 packets captured
       1: 17:26:53.653378 802.1Q vlan#20 P0 10.10.20.101.1187 > 216.49.94.13.80: S 8
    20343450:820343450(0) win 65535
       2: 17:27:12.019133 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
       3: 17:27:17.214481 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
       4: 17:27:55.593688 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
    499891746:1499891746(0) win 65535
       5: 17:27:58.555284 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
    499891746:1499891746(0) win 65535
       6: 17:28:04.564790 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
    499891746:1499891746(0) win 65535
       7: 17:29:06.504856 802.1Q vlan#20 P0 arp who-has 10.10.20.1 tell 10.10.20.101
       8: 17:29:06.504917 802.1Q vlan#20 P0 arp reply 10.10.20.1 is-at 54:75:d0:ba:4
    6:bb
       9: 17:29:06.505222 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
    7080594:47080594(0) win 65535
      10: 17:29:09.467032 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
    7080594:47080594(0) win 65535
      11: 17:29:15.476537 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
    7080594:47080594(0) win 65535
      12: 17:30:17.417245 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
    445997597:1445997597(0) win 65535
      13: 17:30:18.156043 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      14: 17:30:20.378688 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
    445997597:1445997597(0) win 65535
      15: 17:30:23.220356 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      16: 17:30:26.388102 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
    445997597:1445997597(0) win 65535
      17: 17:30:28.721047 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      18: 17:30:34.222507 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      19: 17:33:43.156928 802.1Q vlan#20 P0 arp who-has 10.10.20.101 tell 10.10.20.1
    01
      20: 17:33:44.187002 802.1Q vlan#20 P0 arp who-has 10.10.20.1 tell 10.10.20.101
      21: 17:33:44.187047 802.1Q vlan#20 P0 arp reply 10.10.20.1 is-at 54:75:d0:ba:4
    6:bb
      22: 17:33:44.187261 802.1Q vlan#20 P0 10.10.20.101 > 10.10.20.1: icmp: echo re
    quest
      23: 17:33:44.187520 802.1Q vlan#20 P0 10.10.20.1 > 10.10.20.101: icmp: echo re
    ply
      24: 17:33:44.239016 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      25: 17:33:44.327360 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
    udp 34
      26: 17:33:44.989740 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      27: 17:33:45.150611 802.1Q vlan#20 P0 10.10.20.101.6646 > 10.10.20.255.6646:
    udp 236
      28: 17:33:45.331312 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
    udp 34
      29: 17:33:45.740943 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      30: 17:33:46.331892 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
    udp 34
      31: 17:33:46.492131 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      32: 17:33:47.243502 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      33: 17:33:47.994501 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      34: 17:33:48.335050 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
    udp 34
      35: 17:33:48.335141 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
    udp 34
      36: 17:33:48.745658 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      37: 17:33:49.496861 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      38: 17:33:50.248812 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      39: 17:33:50.249300 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      40: 17:33:50.999170 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      41: 17:33:50.999246 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      42: 17:33:51.750342 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      43: 17:33:51.750418 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      44: 17:33:52.341336 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
    udp 34
      45: 17:33:52.341474 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
    udp 34
      46: 17:33:52.501576 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      47: 17:33:52.501652 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      48: 17:33:53.254183 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 174
      49: 17:33:53.254320 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 204
      50: 17:33:54.134361 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      51: 17:33:54.755118 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 174
      52: 17:33:54.823535 802.1Q vlan#20 P0 10.120.2.198.1261 > 161.69.12.13.443: R
    250934743:250934743(0) ack 2427374744 win 0
      53: 17:33:54.823901 802.1Q vlan#20 P0 10.120.2.198.1262 > 161.69.12.13.443: R
    3313764765:3313764765(0) ack 1397588942 win 0
      54: 17:33:54.824618 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
    2860571026:2860571026(0) win 65535
      55: 17:33:56.257448 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 174
      56: 17:33:57.759833 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 174
      57: 17:33:57.779729 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
    2860571026:2860571026(0) win 65535
      58: 17:33:59.245394 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      59: 17:33:59.262178 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 186
      60: 17:34:00.263780 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 186
      61: 17:34:01.265382 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 186
      62: 17:34:02.266908 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 186
      63: 17:34:03.268540 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      64: 17:34:03.789189 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
    2860571026:2860571026(0) win 65535
      65: 17:34:04.019591 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      66: 17:34:04.745933 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
    request
      67: 17:34:04.770757 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      68: 17:34:05.521991 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      69: 17:34:06.273209 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      70: 17:34:07.024367 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      71: 17:34:07.775518 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      72: 17:34:08.526706 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 68
      73: 17:34:09.277939 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 174
      74: 17:34:09.278061 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 174
      75: 17:34:09.278702 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138:  ud
    p 204
      76: 17:34:15.810489 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
    udp 31
      77: 17:34:16.809726 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
    udp 31
      78: 17:34:17.811222 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
    udp 31
      79: 17:34:19.814349 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
    udp 31
      80: 17:34:19.814380 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
    udp 31
      81: 17:34:23.820682 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
    udp 31
      82: 17:34:23.820788 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
    udp 31
      83: 17:34:30.822924 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 50
      84: 17:34:31.572892 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 50
      85: 17:34:32.324079 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137:  ud
    p 50
      86: 17:34:33.083079 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
    udp 44
      87: 17:34:34.077007 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
    udp 44
      88: 17:34:35.078639 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
    udp 44
      89: 17:34:37.081584 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
    udp 44
      90: 17:34:37.081706 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
    udp 44
      91: 17:34:41.087809 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
    udp 44
      92: 17:34:41.087840 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
    udp 44
    92 packets shown

  • Requisition and Order Details (Shipment, Receipt, Invoice and Payment Detai

    Hi ,
    Business want Requisition and Order Details i.e Shipment, Receipt, Invoice and Payment Details to be displayed in same screen, users want to avoid clicking on "Details" button povided on in the requisition line item on iProcurment Self Service screen to veiw deails.
    This is to basically avoid too many mouse clicks.
    If someone had implemented similar solution please provide steps to implement.
    Regards

    We had a similiar requirement to help requisition approvers and we created a new custom page with the required info. It can help to seperate those items that only appear once per requisition compared to those that need to be displayed in a table for each req line.
    The page is accessed by personalisation to add a new link (via adding an image item to the seeded page)

  • Does ASA 5520 and 5510 support IDS?

    Hi experts,
    If so how to enable it?
    Thanks a lot in advance.
    Regards,

    You can purchase an AIP-SSM module for an ASA 5510 or 5520 to enable IDS/IPS functionality on the platform. 
    http://www.cisco.com/en/US/customer/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

  • ASA 5520 Not Failing over

        Hi All
    Im preparing a lab and I have 2 ASA 5520's. I have configured them for failover so the Primarys config will replicate over to the Secondary. They are connected via a 3560 switch. the switch ports are configured as access ports on vlan 1. Spanning-tree portfast is enabled
    Firewall (Primary)
    Cisco Adaptive Security Appliance Software Version 9.1(1)
    Device Manager Version 7.1(2)
    Compiled on Wed 28-Nov-12 10:38 by builders
    System image file is "disk0:/asa911-k8.bin"
    Config file at boot was "startup-config"
    DEO-FW-01 up 5 hours 1 min
    failover cluster up 5 hours 1 min
    Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz,
    Internal ATA Compact Flash, 256MB
    BIOS Flash M50FW080 @ 0xfff00000, 1024KB
    Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
                                 Boot microcode        : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                                 IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08
                                 Number of accelerators: 1
    0: Ext: GigabitEthernet0/0  : address is 001e.f762.bc44, irq 9
    1: Ext: GigabitEthernet0/1  : address is 001e.f762.bc45, irq 9
    2: Ext: GigabitEthernet0/2  : address is 001e.f762.bc46, irq 9
    3: Ext: GigabitEthernet0/3  : address is 001e.f762.bc47, irq 9
    4: Ext: Management0/0       : address is 001e.f762.bc43, irq 11
    5: Int: Not used            : irq 11
    6: Int: Not used            : irq 5
    Licensed features for this platform:
    Maximum Physical Interfaces       : Unlimited      perpetual
    Maximum VLANs                     : 150            perpetual
    Inside Hosts                      : Unlimited      perpetual
    Failover                          : Active/Active  perpetual
    Encryption-DES                    : Enabled        perpetual
    Encryption-3DES-AES               : Enabled        perpetual
    Security Contexts                 : 2              perpetual
    GTP/GPRS                          : Disabled       perpetual
    AnyConnect Premium Peers          : 2              perpetual
    AnyConnect Essentials             : Disabled       perpetual
    Other VPN Peers                   : 750            perpetual
    Total VPN Peers                   : 750            perpetual
    Shared License                    : Disabled       perpetual
    AnyConnect for Mobile             : Disabled       perpetual
    AnyConnect for Cisco VPN Phone    : Disabled       perpetual
    Advanced Endpoint Assessment      : Disabled       perpetual
    UC Phone Proxy Sessions           : 2              perpetual
    Total UC Proxy Sessions           : 2              perpetual
    Botnet Traffic Filter             : Disabled       perpetual
    Intercompany Media Engine         : Disabled       perpetual
    Cluster                           : Disabled       perpetual
    This platform has an ASA 5520 VPN Plus license.
    Here is the failover config
    failover
    failover lan unit primary
    failover lan interface SFO GigabitEthernet0/3
    failover replication http
    failover link SFO GigabitEthernet0/3
    failover interface ip SFO 10.10.16.25 255.255.255.248 standby 10.10.16.26
    Here is the Show failover output
    Failover On
    Failover unit Primary
    Failover LAN Interface: SFO GigabitEthernet0/3 (Failed - No Switchover)
    Unit Poll frequency 1 seconds, holdtime 15 seconds
    Interface Poll frequency 5 seconds, holdtime 25 seconds
    Interface Policy 1
    Monitored Interfaces 3 of 160 maximum
    failover replication http
    Version: Ours 9.1(1), Mate Unknown
    Last Failover at: 12:53:27 UTC Mar 14 2013
            This host: Primary - Active
                    Active time: 18059 (sec)
                    slot 0: ASA5520 hw/sw rev (2.0/9.1(1)) status (Up Sys)
                      Interface inside (10.10.16.1): No Link (Waiting)
                      Interface corporate_network_traffic (10.10.16.21): Unknown (Waiting)
                      Interface outside (193.158.46.130): Unknown (Waiting)
                    slot 1: empty
            Other host: Secondary - Not Detected
                    Active time: 0 (sec)
                      Interface inside (10.10.16.2): Unknown (Waiting)
                      Interface corporate_network_traffic (10.10.16.22): Unknown (Waiting)
                      Interface outside (193.158.46.131): Unknown (Waiting)
    Stateful Failover Logical Update Statistics
            Link : SFO GigabitEthernet0/3 (Failed)
    Here is the output for the secondary firewall
    Cisco Adaptive Security Appliance Software Version 9.1(1)
    Device Manager Version 6.2(5)
    Compiled on Wed 28-Nov-12 10:38 by builders
    System image file is "disk0:/asa911-k8.bin"
    Config file at boot was "startup-config"
    ciscoasa up 1 hour 1 min
    failover cluster up 1 hour 1 min
    Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz,
    Internal ATA Compact Flash, 256MB
    BIOS Flash M50FW080 @ 0xfff00000, 1024KB
    Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
                                 Boot microcode        : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                                 IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.08
                                 Number of accelerators: 1
    0: Ext: GigabitEthernet0/0  : address is 0023.0477.12e4, irq 9
    1: Ext: GigabitEthernet0/1  : address is 0023.0477.12e5, irq 9
    2: Ext: GigabitEthernet0/2  : address is 0023.0477.12e6, irq 9
    3: Ext: GigabitEthernet0/3  : address is 0023.0477.12e7, irq 9
    4: Ext: Management0/0       : address is 0023.0477.12e3, irq 11
    5: Int: Not used            : irq 11
    6: Int: Not used            : irq 5
    Licensed features for this platform:
    Maximum Physical Interfaces       : Unlimited      perpetual
    Maximum VLANs                     : 150            perpetual
    Inside Hosts                      : Unlimited      perpetual
    Failover                          : Active/Active  perpetual
    Encryption-DES                    : Enabled        perpetual
    Encryption-3DES-AES               : Enabled        perpetual
    Security Contexts                 : 2              perpetual
    GTP/GPRS                          : Disabled       perpetual
    AnyConnect Premium Peers          : 2              perpetual
    AnyConnect Essentials             : Disabled       perpetual
    Other VPN Peers                   : 750            perpetual
    Total VPN Peers                   : 750            perpetual
    Shared License                    : Disabled       perpetual
    AnyConnect for Mobile             : Disabled       perpetual
    AnyConnect for Cisco VPN Phone    : Disabled       perpetual
    Advanced Endpoint Assessment      : Disabled       perpetual
    UC Phone Proxy Sessions           : 2              perpetual
    Total UC Proxy Sessions           : 2              perpetual
    Botnet Traffic Filter             : Disabled       perpetual
    Intercompany Media Engine         : Disabled       perpetual
    Cluster                           : Disabled       perpetual
    This platform has an ASA 5520 VPN Plus license.
    Here is the failover config
    failover
    failover lan unit secondary
    failover lan interface SFO GigabitEthernet0/3
    failover replication http
    failover link SFO GigabitEthernet0/3
    failover interface ip SFO 10.10.16.26 255.255.255.248 standby 10.10.16.25
    Here is the Show failover output
    failover
    failover lan unit secondary
    failover lan interface SFO GigabitEthernet0/3
    failover replication http
    failover link SFO GigabitEthernet0/3
    failover interface ip SFO 10.10.16.26 255.255.255.248 standby 10.10.16.25
    Failover On
    Failover unit Secondary
    Failover LAN Interface: SFO GigabitEthernet0/3 (up)
    Unit Poll frequency 1 seconds, holdtime 15 seconds
    Interface Poll frequency 5 seconds, holdtime 25 seconds
    Interface Policy 1
    Monitored Interfaces 0 of 160 maximum
    failover replication http
    Version: Ours 9.1(1), Mate Unknown
    Last Failover at: 12:58:31 UTC Mar 14 2013
    This host: Secondary - Active
    Active time: 3630 (sec)
    slot 0: ASA5520 hw/sw rev (2.0/9.1(1)) status (Up Sys)
    slot 1: empty
    Other host: Primary - Not Detected
    Active time: 0 (sec)
    Stateful Failover Logical Update Statistics
    Link : SFO GigabitEthernet0/3 (up)
    interface g0/3 on both are up via the No shutdown command. However I get the following error No Active mate detected
    please could someone help.
    Many thanks

    Hello James,
    You have configured  the IPs on the interfaces incorrectly.
    Let me point it out
    failover
    failover lan unit primary
    failover lan interface SFO GigabitEthernet0/3
    failover replication http
    failover link SFO GigabitEthernet0/3
    failover interface ip SFO 10.10.16.25 255.255.255.248 standby 10.10.16.26
    You are telling the Primary device use IP address 10.10.16.25 and the secondary firewall will be 10.10.26.26
    Now let's see the configuration on the Secondary Unit?
    failover
    failover lan unit secondary
    failover lan interface SFO GigabitEthernet0/3
    failover replication http
    failover link SFO GigabitEthernet0/3
    failover interface ip SFO 10.10.16.26 255.255.255.248 standby 10.10.16.25
    On the secondary you are saying the primary IP will be 10.10.16.26 and the secondary will be 10.10.16.25
    You have it backwards and based on the output I would say you configured it on all of the interfaces like that
    So please change it and make it the same on all of the interfaces so both devices know the same thing ( which IP they should use when they are primary and secondary, this HAVE to match )
    Hope that I could help
    Julio Carvajal

  • Communication problem between ASA 5510 and Cisco 3750, L2 Decode drops

    Having problem with communication between ASA 5510 an Cisco Catalyst 3750.
    Here is the Cisco switch port facing the ASA 5510 configuration:
    interface FastEthernet2/0/6
    description Trunk to ASA 5510
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 50
    switchport trunk allowed vlan 131,500
    switchport mode trunk
    switchport nonegotiate
    And here is the ASA 5510 port configuration:
    interface Ethernet0/3
    speed 100
    no nameif
    no security-level
    no ip address
    interface Ethernet0/3.500
    vlan 500
    nameif outside
    security-level 0
    ip address X.X.X.69 255.255.255.0
    There is a default route on ASA to X.X.X.1.
    When I try to ping from ASA X.X.X.1 i get:
    Sending 5, 100-byte ICMP Echos to 31.24.36.1, timeout is 2 seconds:
    Also in the output of show interface eth 0/3 on the ASA i can see that the L2 Decode drop counter increases.
    I have also changed the ports on the Switch and ASA but the same error stays.
    Any thoughts?

    I don't see anything wrong with your trunk configuration; I have a similar one working between an ASA 5520 and a Catalyst 3750G.
    Maybe you should adjust the "speed 100"?  In my experience, partial autoconfiguration results in duplex mis-matches, which results in dropped packets.
    I'd try removing the "speed 100" and letting the ASA port autonegotiate with the switch.  Alternatively, have both sides set
       speed 100
       duplex full
    and see if things improve.
    -- Jim Leinweber, WI State Lab of Hygiene

  • Cisco ASA 5520 Site-to-site VPN TUNNELS disconnection problem

    Hi,
    i recently purchased a Cisco ASA 5520 and running firmware v. 8.4(2) and ASDM v. 6.4(5)106.
    I have installed 50 Site-to-Site VPN tunnels, and they work fine.
    but randomly the VPN Tunnels keep disconnecting and few seconds after it connects it self automaticly....
    it happens when there is no TRAFIC on, i suspect.
    in ASDM in Group Policies under DfltGrpPolicy (system default) i have "idle timeout" to "UNLMITED" but still they keep disconnecting and connecting again... i have also verified that all VPN TUNNELS are using this Group Policie. and all VPN tunnels have "Idle Timeout: 0"
    this is very annoying as in my case i have customers having a RDP (remote dekstop client) open 24/7 and suddenly it gets disconnected due to no traffic ?
    in ASDM under Monitoring -> VPN .. i can see all VPN tunnels recently disconnected in "Login Time Duration"... some 30minutes, 52minutes, 40minutes and some 12 minutes ago.. and so on... they dont DISCONNECT at SAME time.. all randomly..
    i dont WANT the VPN TUNNELS to disconnect, i want them to RUN until we manually disconnect them.
    Any idea?
    Thanks,
    Daniel

    What is the lifetime value configured for in your crypto policies?
    For example:
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400

  • ASA 5520 intervlan routing at low speed

    I have ASA 5520 and SSM-10 module. During copy between vlans, connected to gigabit port of asa the speed is up to 6,5 Mbyte/sec. Network cards and trunked switch are gigabit. I've temporarily disabled SSM but it didn't help. Here is my config. Also I found out, that putting SSM into bypass mode solves the problem. But I don't send any traffic to IPS...
    ASA Version 8.4(2)
    hostname ***
    domain-name ***
    enable password *** encrypted
    passwd *** encrypted
    multicast-routing
    names
    dns-guard
    interface GigabitEthernet0/0
    nameif DMZ
    security-level 50
    ip address 10.2.5.1 255.255.255.0
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    no ip address
    interface GigabitEthernet0/1.100
    vlan 100
    nameif Devices
    security-level 100
    ip address 10.2.0.1 255.255.255.0
    interface GigabitEthernet0/1.101
    vlan 101
    nameif Common
    security-level 100
    ip address 10.2.1.1 255.255.255.0
    interface GigabitEthernet0/1.102
    vlan 102
    nameif Design
    security-level 100
    ip address 10.2.2.1 255.255.255.0
    interface GigabitEthernet0/1.103
    vlan 103
    nameif Ruhlamat
    security-level 90
    ip address 10.2.3.1 255.255.255.0
    interface GigabitEthernet0/2
    no nameif
    security-level 100
    no ip address
    interface GigabitEthernet0/2.10
    vlan 10
    nameif HOLOGR
    security-level 40
    ip address 10.1.2.4 255.255.0.0
    interface GigabitEthernet0/3
    nameif outside
    security-level 0
    ip address ***
    interface Management0/0
    nameif management
    security-level 100
    ip address 172.16.1.1 255.255.255.0
    management-only
    boot system disk0:/asa842-k8.bin
    no ftp mode passive
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    dns server-group DefaultDNS
    domain-name ***
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network WWW
    host 10.2.1.6
    object network MAIL
    host 10.2.5.5
    object network TEST
    host 10.2.1.85
    object-group network DM_INLINE_NETWORK_1
    network-object host 10.1.0.88
    network-object host 10.1.6.1
    network-object host 10.1.6.5
    network-object host 10.1.0.57
    network-object 10.2.0.0 255.255.255.0
    network-object host 10.1.6.4
    network-object host 10.1.1.57
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq 2080
    port-object eq pop3
    port-object eq smtp
    object-group network DM_INLINE_NETWORK_6
    network-object host 10.1.4.42
    network-object host 10.1.4.234
    network-object host 10.1.4.175
    network-object host 10.1.4.217
    object-group protocol DM_INLINE_PROTOCOL_5
    protocol-object udp
    protocol-object tcp
    object-group network DM_INLINE_NETWORK_3
    network-object host 10.2.1.4
    network-object host 10.2.1.5
    network-object host 10.2.1.6
    network-object host 10.2.1.14
    network-object host 10.2.1.91
    object-group network DM_INLINE_NETWORK_4
    network-object host 10.2.1.4
    network-object host 10.2.1.5
    network-object host 10.2.1.6
    object-group service DM_INLINE_TCP_2 tcp
    port-object eq pop3
    port-object eq smtp
    object-group network DM_INLINE_NETWORK_5
    network-object host 10.2.1.14
    network-object host 10.2.1.39
    network-object host 10.2.1.4
    network-object host 10.2.1.5
    network-object host 10.2.1.6
    network-object host 10.2.1.85
    network-object host 10.2.1.31
    network-object host 10.2.1.32
    network-object host 10.2.1.40
    network-object host 10.2.1.55
    network-object host 10.2.1.35
    network-object host 10.2.1.3
    network-object host 10.2.1.2
    object-group service DM_INLINE_TCP_3 tcp
    port-object eq pop3
    port-object eq smtp
    object-group network DM_INLINE_NETWORK_7
    network-object host 10.2.1.4
    network-object host 10.2.1.5
    object-group network DM_INLINE_NETWORK_9
    network-object host 10.2.1.4
    network-object host 10.2.1.3
    object-group network DM_INLINE_NETWORK_2
    network-object host 10.1.1.101
    network-object host 10.1.6.1
    network-object host 10.1.6.4
    network-object host 10.1.6.5
    network-object host 10.1.0.57
    network-object host 10.1.1.57
    object-group network DM_INLINE_NETWORK_10
    network-object host 10.2.1.4
    network-object host 10.2.1.5
    network-object host 10.2.1.3
    network-object host 10.2.1.2
    object-group service DM_INLINE_TCP_4 tcp
    port-object eq pop3
    port-object eq smtp
    object-group network DM_INLINE_NETWORK_12
    network-object host 10.2.0.11
    network-object host 10.2.0.14
    object-group service DM_INLINE_TCP_5 tcp
    port-object eq pop3
    port-object eq smtp
    object-group network DM_INLINE_NETWORK_13
    network-object host 10.2.1.4
    network-object host 10.2.1.5
    object-group network DM_INLINE_NETWORK_14
    network-object host 8.8.4.4
    network-object host 8.8.8.8
    network-object host 10.1.1.1
    object-group network DM_INLINE_NETWORK_15
    network-object host 10.2.1.39
    network-object host 10.2.1.57
    object-group network DM_INLINE_NETWORK_16
    network-object host 10.2.1.14
    network-object host 10.2.1.6
    access-list outside_access_in extended permit tcp any 10.2.5.0 255.255.255.0 eq smtp
    access-list outside_access_in extended permit tcp host *** host 10.2.1.85 eq ***
    access-list outside_access_in extended permit tcp host *** host 10.2.1.6 eq ***
    access-list Common_access_in extended permit icmp any any
    access-list Common_access_in extended permit ip host 10.2.1.76 host ***
    access-list Common_access_in extended permit ip host 10.2.1.6 any log disable inactive
    access-list Common_access_in extended permit tcp host 10.2.1.6 host *** eq ***
    access-list Common_access_in extended permit ip object-group DM_INLINE_NETWORK_1 6 host 10.2.5.5
    access-list Common_access_in extended permit ip object-group DM_INLINE_NETWORK_3 10.2.2.0 255.255.255.0
    access-list Common_access_in extended permit udp object-group DM_INLINE_NETWORK_7 any eq ntp log disable
    access-list Common_access_in extended permit object-group DM_INLINE_PROTOCOL_5 object-group DM_INLINE_NETWORK_13 object-group DM_INLINE_NETWORK_14 eq domain
    access-list Common_access_in extended permit ip object-group DM_INLINE_NETWORK_5 host 10.2.3.3
    access-list Common_access_in extended permit tcp object-group DM_INLINE_NETWORK_15 host 10.1.1.1 object-group DM_INLINE_TCP_3
    access-list Common_access_in extended permit ip 10.2.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
    access-list Common_access_in extended permit tcp 10.2.1.0 255.255.255.0 host 10.2.5.5 object-group DM_INLINE_TCP_1
    access-list Design_access_in extended permit tcp 10.2.2.0 255.255.255.0 host 10.2.5.5 object-group DM_INLINE_TCP_2
    access-list Design_access_in extended permit ip 10.2.2.0 255.255.255.0 object-group DM_INLINE_NETWORK_4 log disable
    access-list HOLOGR_access_in extended permit icmp any any log disable
    access-list HOLOGR_access_in extended permit tcp host 10.1.1.1 host 10.2.5.5 object-group DM_INLINE_TCP_4
    access-list HOLOGR_access_in extended permit ip object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_9
    access-list HOLOGR_access_in extended permit ip object-group DM_INLINE_NETWORK_2 10.2.1.0 255.255.255.0
    access-list HOLOGR_access_in extended permit ip host 10.1.4.214 object-group DM_INLINE_NETWORK_12
    access-list Ruhlamat_access_in extended permit ip host 10.2.3.3 object-group DM_INLINE_NETWORK_10
    access-list Ruhlamat_access_in extended permit tcp host 10.2.3.3 host 10.2.5.5 object-group DM_INLINE_TCP_5
    access-list test extended permit tcp any host 10.2.5.1 eq telnet
    access-list test extended permit tcp any host 10.2.5.1 eq https
    access-list test extended permit tcp host 10.2.5.1 any eq https
    access-list test extended permit tcp host 10.2.5.1 any eq telnet
    pager lines 24
    logging enable
    logging timestamp
    logging buffer-size 8192
    logging buffered critical
    logging trap warnings
    logging asdm informational
    logging from-address ***
    logging recipient-address *** level critical
    logging host Common 10.2.1.2
    logging flash-bufferwrap
    logging flash-maximum-allocation 8192
    logging permit-hostdown
    no logging message 106014
    no logging message 313005
    no logging message 313001
    no logging message 106023
    no logging message 305006
    no logging message 733101
    no logging message 733100
    no logging message 304001
    logging message 313001 level critical
    logging message 106023 level errors
    mtu DMZ 1500
    mtu inside 1500
    mtu Devices 1500
    mtu Common 1500
    mtu Design 1500
    mtu Ruhlamat 1500
    mtu HOLOGR 1500
    mtu outside 1500
    mtu management 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any DMZ
    icmp permit any Common
    icmp permit any HOLOGR
    icmp permit any outside
    asdm image disk0:/asdm-645-206.bin
    asdm history enable
    arp timeout 14400
    object network WWW
    nat (Common,outside) static interface service tcp *** ***
    object network MAIL
    nat (DMZ,outside) static interface service tcp smtp smtp
    nat (DMZ,outside) after-auto source dynamic any interface
    nat (Common,outside) after-auto source dynamic any interface
    nat (Devices,outside) after-auto source dynamic any interface
    access-group Common_access_in in interface Common
    access-group Design_access_in in interface Design
    access-group Ruhlamat_access_in in interface Ruhlamat
    access-group HOLOGR_access_in in interface HOLOGR
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 *** 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    no user-identity enable
    user-identity default-domain LOCAL
    http server enable
    http 10.2.1.6 255.255.255.255 Common
    snmp-server host Common 10.2.1.6 community *****
    no snmp-server location
    no snmp-server contact
    snmp-server community *****
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sysopt noproxyarp DMZ
    sysopt noproxyarp inside
    sysopt noproxyarp Devices
    sysopt noproxyarp Common
    sysopt noproxyarp Design
    sysopt noproxyarp Ruhlamat
    sysopt noproxyarp HOLOGR
    sysopt noproxyarp outside
    sysopt noproxyarp management
    service resetoutside
    telnet 10.2.1.0 255.255.255.0 Common
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access Common
    dhcprelay setroute Common
    threat-detection basic-threat
    threat-detection scanning-threat
    no threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 10.2.1.4 source Common prefer
    webvpn
    smtp-server 10.2.5.5
    prompt hostname context
    call-home reporting anonymous
    call-home
    profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DD
    CEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:ad02ecbd84a727e4a26699915feca3a5
    : end

    Hi Philip,
    I don't see any features configured that would affect the throughput of the data transfer. Do you see any CRC errors or overruns increasing on the interfaces during the transfer? If not, I would suggest setting up captures on the ingress and egress interfaces of the ASA so you can understand exactly why the connection is slowing down and see if the ASA is inducing the delay:
    https://supportforums.cisco.com/docs/DOC-1222
    -Mike

  • How to read Ibase and component details and save to a file in presentation

    Hi Experts,
    I am developing a report to download Ibase and Component details along with warranty and component details to presentation server.
    So it is appreciated and rewarded If you provide any Standard FMS and any code done b4 by you to download the ibase and component details.
    Thanks,
    Raja

    Hi Nithish,
    Nice to see you again.
    If you want to read the settypes information you can use following FM'S .
    1. CRM_IBASE_COMP_GET_DETAIL - Read product_guid from this FM
    2 . COM_FRGTYPE_READ_SINGLE - Read frgtype_guid by passing your settype_id as input.
    3. COM_PR_SET_REL_READ_SINGLE_PR - Pass product guid from 1 and frgtype_guid from 2 to this FM and get fragment_guid.
    4 . ZOM_XXXX_READ_MULTI - Pass the above guid to this FM and read all set type attributes.
    Hope this helps.
    Regards,
    Nithish
    2) How to get settype_id.inorder to pass to the FM COM_FRGTYPE_READ_SINGLE..
    Note : And also can you help in updating the warrantu and Qualification relationship.
    I mean how to pass the data to FM
    CALL FUNCTION 'COM_PROD_MATERIAL_MAINTAIN_API'
        EXPORTING
          it_product     = i_product
          it_set         = i_set
         it_interlinkages  = i_interlinkages(How to pass the data to this internal table)
    Thanks in advance,
    Raja

  • Buffer gets and logical reads

    Hello !
    Does the counter of event buffer gets include the logical reads ?
    Does the mertic buffer gets include the event of reading from undo buffer ?
    Thanks and regards,
    Pavel
    Edited by: Pavel on Jun 27, 2012 3:08 AM
    Edited by: Pavel on Jun 27, 2012 3:35 AM
    Edited by: Pavel on Jun 27, 2012 4:13 AM

    Hi,
    buffer gets = number of times a block was requested from buffer cache. A buffer get always request in a logical read. Depending on whether or not a copy of the block is available in the buffer cache, a logical read may or may not involve a physical read. So "buffer gets" and "logical reads" are basically synonyms and are often used interchangeably.
    Oracle doesn't have a special "undo buffer". Undo blocks are stored in rollback segments in UNDO tablespace, and are managed in the same way data blocks are (they're even protected by redo). If a consistent get requires reading from UNDO tablespace, then statistics counters will show that, i.e. there will be one more consistent get in your autotrace.
    For more information and some examples, see a thread at askTom:
    http://asktom.oracle.com/pls/apex/f?p=100:11:0::::P11_QUESTION_ID:549546900346542976
    Best regards,
    Nikolay

  • Older version of openssl in cisco asa 5520

    Hi,
    Recently my security has scanned all the network devices for vulnerabilities and found that cisco asa 5520 , which we use for RAS VPN has older version of openssl. Have  to  check that and fix this problem? FYI, recently we have installed a SSL cert for webmail users.
    Thanks,
    Sridhar

    Sridhar,
    W update OpenSSL libraries on our side quite often, especially if new vulnarabilities are found.
    You can check recently published vulnarabilities in www.cisco.com/go/psirt (not only specific to ASA)
    In general ASA 8.4 is what you should go for to have "latest and greatest" revisions of openssl and ASA code itself.
    Marcin

  • Landscape Management and logical components

    Hi
    Can anyone please help me to fix the issue related to sap solution manager Landscape Management and logical components.
    Actually here we have “Some software component versions are not covered by product instances” but it should be “All software components are covered by product instance”. Is it makes any problem while we do maintenance optimizer
    Document attached for reference...
    Thanks in advance
    Regards
    Kranthi.

    Hi Kranthi,
    As mentioned by Daniel, after executing the Landscape verification, it will show all the missing product version and product instance. so just add it, it will add and show in LMDB.
    In below screen of LMDB show all the product version and product instance add and automatically captured. not able to add the product version manually due to refresh job. all the related product details shown in Landscape verification.
    After addition will able to find all the product in the LMDB and generate the MOPZ directly from LMDB with respective product version.
    Rg,
    Karthik

  • AWR's buffer cache reads and logical reads

    In AWR report under "Segments by Logical Reads" section, there is a total logical reads, I assume it is in unit of block. Under "IOStat by Function summary" section, it has buffer cache reads in unit of bytes. Shouldn't the number of logical reads x 8k (if the block size is 8k) = the number of buffer cache reads?
    They are not equal, not even close, does anybody know why? Thanks

    Hi,
    buffer gets = number of times a block was requested from buffer cache. A buffer get always request in a logical read. Depending on whether or not a copy of the block is available in the buffer cache, a logical read may or may not involve a physical read. So "buffer gets" and "logical reads" are basically synonyms and are often used interchangeably.
    Oracle doesn't have a special "undo buffer". Undo blocks are stored in rollback segments in UNDO tablespace, and are managed in the same way data blocks are (they're even protected by redo). If a consistent get requires reading from UNDO tablespace, then statistics counters will show that, i.e. there will be one more consistent get in your autotrace.
    For more information and some examples, see a thread at askTom:
    http://asktom.oracle.com/pls/apex/f?p=100:11:0::::P11_QUESTION_ID:549546900346542976
    Best regards,
    Nikolay

Maybe you are looking for

  • Can I merge two Apple IDs?  How do I get back to my original ID?

    I have been using iTunes for years.  I have my Apple ID for iTunes.  When I purchased an iPhone, the setup person didn't ask me if I had an existing Apple ID.  He created a new one.  I want to use my original iTunes for all of my devices.  What do I

  • Flex and Java on Desktop

    Hi We are having this requirement , we want to develop a application using flex for adobe AIR runtime which will communicate with java in the desktop, we are not having any servers here, so flex application want to communicate with java classes with

  • Using Bex Query with cell definition with WEBI

    Hi, Currently I am using a Bex query as a datasource for a webi, normally this works ok but I am having trouble with one particular query. This query has cell definitions defined in the query. When i import the query into WEBI I get an MDX error. Any

  • URL generation in POWL in SRM (Vendor empanlement Request)

    Dear Experts, We have hosted our SRM Setup on Internet for Vendors. All links are working fine but the display link in POWL screen is opening up with "Internalserver url" Please let me know if we need to do some setting in POWL to make it call extern

  • Look & Feel problem one iview differs

    Hi there, I have got a problem displaying one iview, one of the iviews in our portal uses a different background color. This color is not mentioned in the theme used within the portal. I checked the sap.useWebDynproStyleSheet parameter in the visual