Manage ASA multicontext with PRSM

Hello,
i need to manage an active/standby ASA CX configuration with PRSM Multidevice mode. Is it possible?
I read on documentation:
If the ASA is in multiple-context mode, you can still manage a CX module
But it seam to be possible only with single mode PRSM.
Anyone can confirm it?

The base ASA is managed using an inside interface. In my case it is a subinterface that's on the same subnet as PRSM - so there's no question of routing back from the ASA since it a connected subnet.
So I have the ASA subinterface I'm using for management on the same VLAN as the physical interface that's connected to the CX (hardware module in this case since it's a 5585-X). The PRSM VM is also on that subnet.
You could do it other ways as long as all the routing works out.

Similar Messages

Can't Send or Receive Email from Exchange behind ASA 5510 with CSC SSM

We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM. We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. Here is a copy of my config: Any Help would be appreciated.
show config
: Saved
: Written by enable_15 at 07:17:44.760 CST Wed Jan 18 2012
ASA Version 8.4(3)
names
interface Ethernet0/0
nameif outside
security-level 0
ip address 216.XXX.XXX.XXX 255.XXX.XXX.XXX
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
<--- More --->
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
object network obj-192.168.5.0
subnet 192.168.5.0 255.255.255.0
object network obj-192.168.0.0
subnet 192.168.0.0 255.255.255.0
<--- More --->
object network obj-192.168.9.2
host 192.168.9.2
object network obj-192.168.1.65
host 192.168.1.65
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network obj-192.168.6.0
subnet 192.168.6.0 255.255.255.0
object network obj-192.168.8.0
subnet 192.168.8.0 255.255.255.0
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq www
port-object eq pop3
port-object eq smtp
object-group network Red-Condor
description Email Filtering
network-object host 66.234.112.69
network-object host 66.234.112.89
object-group service NetLink tcp
<--- More --->
port-object eq 36001
object-group network AECSouth
network-object 192.168.11.0 255.255.255.0
object-group service Email_Filter tcp-udp
port-object eq 389
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_TCP_0 tcp
group-object Email_Filter
port-object eq pop3
port-object eq smtp
object-group network Exchange-Server
description Exchange Server
network-object host 192.168.1.65
access-list global_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
access-list outside_access extended permit tcp any object obj-192.168.9.2
access-list outside_access extended permit icmp any any
access-list outside_access extended permit tcp any object-group Exchange-Server eq https
access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq smtp
access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq pop3
access-list outside_access extended permit object-group TCPUDP object-group Red-Condor object-group Exchange-Server object-group Email_Filter
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit icmp any any
<--- More --->
pager lines 24
logging enable
logging console debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnpool 192.168.5.1-192.168.5.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
object network obj-192.168.9.2
nat (inside,outside) static 216.XXX.XXX.XXX no-proxy-arp
object network obj-192.168.1.65
nat (inside,outside) static 216.XXX.XXX.XXX no-proxy-arp
object network obj-192.168.1.0
nat (inside,outside) dynamic interface
object network obj-192.168.2.0
nat (inside,outside) dynamic interface
object network obj-192.168.3.0
<--- More --->
nat (inside,outside) dynamic interface
object network obj-192.168.6.0
nat (inside,outside) dynamic interface
object network obj-192.168.8.0
nat (inside,outside) dynamic interface
access-group outside_access in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 216.XXX.XXX.XXX 1
route inside 192.168.0.0 255.255.0.0 192.168.0.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server isaconn protocol radius
aaa-server isaconn (inside) host 192.168.1.9
timeout 5
key XXXXXXX
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
<--- More --->
http server enable
http 192.168.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set AEC esp-des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca server
shutdown
<--- More --->
smtp from-address [email protected]
crypto ca certificate chain _SmartCallHome_ServerCA
certificate
quit
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.0.0 255.255.0.0 inside
telnet timeout 5
ssh 192.168.0.0 255.255.0.0 inside
ssh timeout 5
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 208.66.175.36 source outside prefer
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
<--- More --->
class-map global-class
match access-list global_mpc
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
<--- More --->
inspect netbios
inspect tftp
inspect ip-options
class global-class
csc fail-close
service-policy global_policy global
prompt hostname context
call-home reporting anonymous

Hello Scott,
So Exchange server ip is obj-192.168.1.65 natted to 216.x.x.x
object network obj-192.168.1.65
"nat (inside,outside) static 216.XXX.XXX.XXX no-proxy-arp"
The ACL says
access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq smtp
access-list outside_access extended permit tcp object-group Red-Condor object-group Exchange-Server eq pop3
From witch ip addresses are you trying to send traffic to the exchange server?
Please do a packet-tracer and give us the output
packet-tracer input outside tcp x.x.x.x( Outside host ip) 1025 216.x.x.x.x 25
Regards,
Julio
Rate helpful posts!!!

ASA Multicontext and Transparent standby IP address

Hi,
i have ASA multicontext and transparent in Active/Standby mode, failover is OK, i dont have managment ip address the firewall is managed by ip address assigned on inside context.
config.:
inside context (admin context)
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2.
i can access active firewall on 10.1.1.1, but i cannot access the standby or ping it !!! what should i do to allow access (ssh) on the standby device ?
thankss

Hi jcarvaja,
please check below config., i can ssh to the active device, i dont have managment interface connected i manage the firewall from inside interface
FW# sh run
: Saved
ASA Version 8.2(2)
firewall transparent
hostname FW
interface outside
nameif OUTSIDE
security-level 0
interface inside
nameif INSIDE
security-level 100
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2
monitor-interface OUTSIDE
monitor-interface INSIDE
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
access-group bpdu in interface OUTSIDE
access-group outside in interface OUTSIDE
access-group bpdu in interface INSIDE
http server enable
http 172.16.10.21 255.255.255.255 OUTSIDE
no snmp-server location
no snmp-server contact
ssh 172.16.0.0 255.255.0.0 OUTSIDE
ssh timeout 5

ASA 5505 with Backup ISP

I am working with a client that currently has an ASA 5505 with two ISPs for failover using a tracked interface. I would like to configure logging so that the ASA will email us when the Primary ISP goes down and fails over to the backup. Here is what I have so far...
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 12
interface Ethernet0/2
speed 100
duplex full
interface Ethernet0/3
switchport access vlan 22
speed 100
duplex full
interface Ethernet0/4
switchport access vlan 22
interface Ethernet0/5
switchport access vlan 22
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 50.76.252.33 255.255.255.248
interface Vlan12
nameif backup
security-level 0
ip address 168.93.174.130 255.255.255.248
interface Vlan22
nameif Phones
security-level 100
ip address 192.168.3.1 255.255.255.0
logging enable
logging buffered warnings
logging asdm warnings
logging from-address [email protected]
logging recipient-address [email protected] level errors
route outside 0.0.0.0 0.0.0.0 DG-Commcast 128 track 1
route backup 0.0.0.0 0.0.0.0 DG-FirstCom 255
sla monitor 123
type echo protocol ipIcmpEcho 73.120.130.1 interface outside
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
Let me know if you need any more info from the config; it's quite long and not sure what all is needed...
The primary interface is Outside and the backup is obviously Backup
Thanks!
Tony

Hi Tony,
As long as the event covered under 'errors' list - inaddition to the above config, you need to add..
loging mail errors
smtp-server
Check the below link for more information on ASA message logging..
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml
hth
MS

Is Mobile 2007 Stock Management Service Compatibile with R/3 4.7

Can any one tell me if I can implement Mobile Service - Service Parts management - Van stock with R/3 47 back-end
Installation guide says ERP 6.0 as a landscape requirements..
I have few questions
Can Ii implement CRM Mobile 2007 Service Module including the Vanstock with a R/3 47 Back-end
If I can what is the plug-in I use to integrate the Mobile database to CDB and to R/3
Any help will be rewarded.
Thanks
Raj

Hi Raj,
For using Vanstock scenrios on the mobile service application, SAP ECC 6.0 and SAP Netweaver Mobile 7.1 are the minimum requirements.
It cannot be implemented for any release lower than these because these functionalities/APIs are available from the mentioned releases.
Best Regards,
Pravin..

Internet Download Manager cannot integration with firefox4 itis Look in the menus it works but it does not actually work ?

internet Download Manager cannot integration with firefox4 its Look in the menus it works but it does not actually work

IDM may need to be updated to work with Firefox 4.0. You could contact them and make them aware of the problems you are having with their program.

Order management flow path with tcode in pp module

hi sap guru's,
i need the order management flow path with tcode in pp module.
regards,
muralidhar.t

Hi Murlidhar,
Step 1: Material Master
Logistics > Production > Master Data > Material Master > Material > Create General > Immediately MM01
Step 2: BOM creation
Logistics > Production > Master Data > Bills of Material > Bills of Material > Material BOM > Create CS01
Step 3: Work Center creation
Logistics > Production > Master Data > Work Center > ( New Screen ) Work Center > Create CR01
Step 4: Route creation
Logistics > Production > Master Data > Routings > Routings > Routing > Create CA01
Step 5: PIR Generation
Logistics> Production>production planning>demand management>PIR>Create MD61
Step 6: MRP Run
Logistics>Materials Management>Material planning>MRP>MRP>Total Planning>Online MD01
or
Logistics > Production > MRP > MRP > Sng-Item, Multi-Level MD02
Step 7: Evaluation through MRP list and Stock requirement list
Logistics>Materials Management>Materials Planning>MRP>Evaluations>MRP List>Individual Display MD05
Logistics>Materials Management>Materials Planning>MRP>Evaluations>Stock Requirements List MD04
Step 8: Conversion of Planned order to Production order
Logistics > Production > Production control > Order > Create > With a planned order CO40
or
Logistics >Production > Production control >Order > Create >With material CO01(For creating production order Without planned order)
Step 9: Order management
Logistics >Production > Production control >Order > Change >With material CO02
Step10: Confirmations
Logistics >Production >Production control >Confirmation >Enter >For order CO15
or
Logistics >Production >Production control >Confirmation >Enter >For Operation >For time ticket CO11N
Step11: Goods issue
1. Logistics >Production >Production Control >Environment >Goods Movement >Goods Issue
2. Logistics >Materials Management >Inventory Management >Goods Movement >Goods Issue MB1A--261Movement type
Step12: Goods receipt
Logistics > Production > Production Order > Environment > Material Movement > Post Mat to Stock
or
Logistics > Materials Management > Inventory Management > Goods Movement > Good Receipt > For Order MB31
Step13: Techo Or Close Order.
This can be done from Prduction. Order Header menu.
Regards,
R.Brahmankar

How to manage a connection with powershell using visual studio with C#

Hi
I want to manage a connection with powershell for a web app using visual studio with c#. and also run command with pipeline
Plz give a some suggestions..

Hi Raj_Kumar_Saini,
To make things clear, could you please clarify these thing?
1. Do you mean you want to execute some PowerShell scripts from C# language? These blogposts may give you some ideas:
Executing PowerShell scripts from C#
Powershell Automation and Remoting (a c# love story)
Execute PowerShell from a ASP.NET Web Application
2. Is your question related to Visual Studio Integration? Do you want to build a Visual Studio Extension?
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Tivoli Access Manager 6.0 with Sun Java System Directory 6.3

Hi,
We have been using Tivoli Access Manager 6.0 with Sun Java System Directory 6.3 .
Using IBM TAM Java API we can administer the user creation but the API provide support only to create user with required attribute as user name, password, description, setAccoutntvalid etc.
But Sun Java System Directory 6.3 contains the many attributes as just to name a few...
First Name (givenname), User ID (uid),Password (userPassword), Confirm Password
E-mail (mail), Telephone Number (telephoneNumber), Country (c),Fax Number (facsimileTelephoneNumber), Locality (l), Organization (o), Organizational Unit (ou), accessHint, accountHint, departmentNumber, description, destinationIndicator, displayName, employeeNumber ETC...
Now My Issue is if we need to add the values for other attributes as "accessHint" , "employeeNumber" etc, then how can we acheive using IBM TAM Java API or is there any other way.
Thanks for your kind help...

Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
# cd /var/opt/SUNWdsee/dsins1/config/schema
# grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
Edited by: etst123 on Mar 3, 2009 1:28 PM

Acct determination for Materials management small differences with keys

Dear all,
While posting a document in MIRO, it throws error as 'Acct determination for Materials management small differences with keys not defined in ch/acts'.
Please advise a solution to rectify this error.
Regards,
Vijay

Hi,
It seems due to small differences between debit and credit side you are not able to post the document price differences). Check all the data to create an entry first and Check the data format. Can you check in OBYC is there a way to have a transaction DIF (Materials management small differences) post to different GL accounts based on valaution class (plant)?

Is there a way to get the Mendeley references manager to work with pages?

Is there a way to get the Mendeley references manager to work with pages? If not, what is the best reference manager to use with Pages? I hate "Endnote" and, while I like "Papers", it does not have much support for shared libraries (with collaborators--their Livfe option only permits 50 shared papers and does not work well) or synching a single library across multiple Macs (i.e. home+work). I need a good reference manager that supports 1) synching across multiple Macs, 2)working with collaborators and 3) has no problem importing different reference styles. I don't want to use Word or Endnote unless I absolutely must--Pages is much better for everything else I do. This is for use in preparing scientific manuscripts and grant applications. Thanks.

H Roth wrote:
Is there a way to get the Mendeley references manager to work with pages?
If you have not done so already, make sure you also ask the people who make it:
http://support.mendeley.com/

JEE WebSphere Management Pack: Issue with 8.5.5 Discovery

Is WebSphere Application Server 8.5.5 supported as a discoverable JEE Application Server within System Center Operations Manager 2012 R2? We have tried just about everything at this point....
Currently Running JEE IBM WebSphere 8 Application Server MP version 7.3.2135.0
Agent Running as Proxy
RunAs account created and bound to server
BeanSpy deployed and functioning via query.
Universal Discovery used with no success. (NewJ2EEAppServer.ps1 does not except version 8 of WebSphere).
Any help would be appreciated

Hi Deem13,
Please look at these posts:
http://blogs.technet.com/b/random_happy_dev_thoughts/archive/2012/05/21/manually-discovering-jee-application-servers-with-scom-2012.aspx
http://social.technet.microsoft.com/Forums/systemcenter/en-US/d15bc060-a071-4063-bf5d-c4ec9f0d8cbb/jee-websphere-management-pack-issue-with-discovery?forum=operationsmanagermgmtpacks
http://blogs.inframon.com/post/2012/04/27/WebSphere-monitoring-with-the-JEE-Application-Performance-Monitoring-management-packs.aspx
Natalya

Applications Management and Change Management Packs Certified with EM 10gR5

Applications Management and Change Management Packs Certified with Enterprise Manager Grid Control Release 5
For more details about the new features, documentation, and patches for the latest Application Management Pack and Application Change Management Pack releases, see:
[Applications Change Management Pack 3.0 and Applications Management Pack 3.0 Now Available|http://forums.oracle.com/forums/thread.jspa?threadID=935145&tstart=0]
Oracle E-Business Suite Prerequisites
11.5.10 with ATG_PF.H RUP5 and higher
Release 12.0.4 and higher
Release 12.1
Certified Platforms
Linux x86
Linux x86-64
Sun Solaris SPARC
HP-UX Itanium
HP-UX PA-RISC
IBM AIX Based Systems
Certification on Windows platforms is in progress.

It takes me a lof of time to comprehend the sentence you write. Cause I am a Chinese. My poor English.
I have to say "you are genius". I used to use the indesign CS2. There is no GREP function in CS2. When I get the new script, I do not know how to use it. Just when I saw the
'grep {findWhat:" +"} {changeTo:" "} {includeFootnotes:true, includeMasterPages:true, includeHiddenLayers:true, wholeWord:false} Find all double spaces and replace with single spaces.'
Being confused.
Thanks so much. It seems I have to relearn the advanced Indesign.

Workflow Manager 1.0 with SharePoint 2013

Hi Guys,
I understand as per below link that minimum three servers are required to provide high availability for Workflow Manager 1.0 in SharePoint 2013.
http://blogs.msdn.com/b/sanjaynarang/archive/2013/04/06/sizing-and-capacity-planning-for-sharepoint-2013-resources.aspx
Could anyone please point me Microsoft resources or let me know what needs to be installed on the three servers and Hardware pre-requisites?
Thanks in advance.
Cheers, Badal

Hi Badal,
According to your description, my understanding is that you want to configure the high availability for Workflow Manager 1.0 with SharePoint 2013.
Per my knowledge, the three servers just have the same Hardware pre-requisites:
http://technet.microsoft.com/en-us/library/jj193466.aspx
You can use Network Load Balancing (NLB), Application Request Routing (ARR) or slightly less trivial with another load balancing solution to implement the high availability for Workflow Manager.
http://www.harbar.net/articles/wfm1.aspx
http://technet.microsoft.com/en-us/library/72646b45-646f-4dfb-ab52-e42f187655e7
Best regards.
Thanks
Victoria Xia
TechNet Community Support

P2P blocking on ASA 5525 with Software Version 8.6(1)2

Hello,
We have Cisco ASA 5525 with Software Version 8.6(1)2. We have permitted all the traffic from inside to outside.
Now we want to block P2P sharing Bit torrent to internet sites. Please help me with the configuration.
We have DMZ setup & also inline IPS module.
Thanks in advance.
Regards,
Sandeshc Chavan.

Hi Chavan ,
You can try to block this by port.
The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port).
The config is
Access-list BLOCK-P2P-TRAFFIC deny tcp any any range 6881 6889 log
And applies to the desire interface with the "Access-group command"
For example:
Access-group BLOCK-P2P-TRAFFIC outbound interface DMZ
However Blocking Bittorrent is challenging, and can't really be done effectively with port blocks. The standard ports are 6881-6889 TCP, but the protocol can be run on any port, and the peer-to-peer nature of the protocol means that discovering peers that use unblocked ports is simple.
Also you can execute from the cmd on windows the command netstat -a and check the port Bit torrent is using .
Hope this helps.

Manage ASA multicontext with PRSM

Similar Messages

Maybe you are looking for