Need help - Cisco ASA with FirePOWER

hi
currently we are using asa 5510 without firepower feature. our aim is to publish web servers and microsoft lync with reverse proxy method. control internet traffic , apply particular extensions file not to download , bandwidth management etc.
Is it possible when we add firepower on asa 5510 ..... please guide me.... thanks

Thanks for your detailed reply brother. actually we have deployed lync server 2013 with reverse proxy so it is must. see the comparison . i should go with Sophos UTM Firewall what you advice me...
Feature
Cisco Firepower
Fortinet
Sophos Utm
Firewall
✓
✓
✓
IPS
✓
✓
✓
Antivirus Gateway
✓
✓
AntiMalware*
✓
✓
Antispam
✓
✓
HTTP Proxy
✓
✓
Reverse Proxy
Partially
✓
✓
Web Filtering
✓
✓
✓
Email Protection
✓
✓
Wireless Controller
✓
Bandwidth Control
Expected in Next Year
Limited
✓
Application Visibility and control
✓
✓
✓
Data Loss Prevention
✓
✓
Advance Threat Prevention
✓
✓
✓
On BOX reporting
Limited
✓
External Reporting
✓
✓
✓
Web Reputation defence
✓
✓
✓
Failover
✓
✓
✓

Similar Messages

[HA]ASA with FirePOWER Services with [HA]FireSIGHT Management Center

Hi,
My Customer orders the following SKUs in one to make these ASA with FirePOWER Services as H/A.
Line
Number
Item Name
Description
Service
Duration
Lead
Time
Included
Item
Quantity
ListPrice
Extended
ListPrice
Discount
Selling
Price
1.0
ASA5515-FPWR-K9
ASA 5515-X with FirePOWER Services 6GE AC 3DES/AES SSD
N/A
14 days
No
2
2.0
L-ASA5515-TAMC=
Cisco ASA5515 FirePOWER IPS AMP and URL Licenses
N/A
0 days
No
2
2.0.1
L-ASA5515-TAMC-1Y
Cisco ASA5515 FirePOWER IPS AMP and URL 1YR Subs
12 month(s)
N/A
No
2
Assuming from my experiences, 2 PAKs are supposed to be issued.
PAK_A : 1 PAK for ASA5515-CTRL-LIC (Entitlement Qty:2)
PAK_B: 1 PAK for L-ASA5555-TAMC= (Entitlement Qts:2)
Also these FireSIGHTs which monitors these ASAs are H/A.
The SKUs of FireSIGHTs are following:
-FS1500-K9
-FS1500-BASE-K9
In this case, I assume that these steps are necessary for generating licenses for ASA with FirePOWER Servies;
Go to license page ( www.cisco.com/go/license) and input PAK_A. Then following the steps and on “Add Device”section, should I input the following 3 devices license keys ?
-Another ASA5515-FPWR-K9
-FS1500-K9
-FS1500-BASE-K9
And then 2 licenses which are one is for FS1500-K9 and the other is for FS1500-BASE-k9 are to be generated.
*I have to do that same operation for PAK_B.
Q1: Is this right? Do I understand the steps correctly ?
Q2 :If the answer for Q1 is Yes, does it mean that any license is not required for ASA with FirePOWER services ?

Hi,
For the PIDs "ASA5515-CTRL-LIC" and "L-ASA5555-TAMC=" you will be provided with PAKs.
If you are trying to setup HA please check on the forum link for HA setup, https://supportforums.cisco.com/discussion/12320876/how-can-i-make-my-license-high-availabilityor-ha-license
Steps to register the PAK,
1) Login to License portal ( www.cisco.com/go/license) with CCO ID
2) Enter the PAK to register, click NEXT
3) Enter the license key of the FireSight device (like FS1500) and if you want to add more devices for HA click on ADD device
4) enter the license key of the second FireSIGHT for HA, click NEXT
5) Agree to the terms and SUBMIT
6) email with the licenses will be sent

PortChannel in Cisco ASA with subinterface vlan

Dear Cisco Expert,
I have problem with portchannel in cisco ASA with subinterface, My asa create port channel two link with switch :
my asa configuration (PO3 == int gi0/1 & int gi0/0 ASA) :
interface Port-channel3
no nameif
no security-level
no ip address
interface Port-channel3.20
vlan 20
nameif XXXX
security-level 50
ip address 172.27.3.1 255.255.255.224
my switch configuration (PO3 == int gi0/19 & int gi0/20 switch) :
interface Port-channel3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,30,40,50
switchport mode trunk
end
I also tried create int vlan 20 in switch,
interface Vlan20
ip address 172.27.3.2 255.255.255.224
end
but it doesn't work
the etherchannel status is still in waiting :
show etherchannel sum :
3 Po3(SD) LACP Gi0/19(w) Gi0/20(w)
Do you have any clue ?
Thank u guys, ...
Btw, if i create ASA port chanel withoout subinterface it's work.
Best Regards
Rizal Ferdiyan

You ASA cofniguration should look like this. You havnt posted the full config so no comment on that
interface GigabitEthernet0/0
channel-group 10 mode active
speed 1000
duplex full
no nameif
no security-level
no ip address
interface GigabitEthernet0/1
channel-group 10 mode active
speed 1000
duplex full
no nameif
no security-level
no ip address
interface Port-channel3
speed 1000
duplex full
no nameif
no security-level
no ip address
interface Port-channel3.20
vlan 20
nameif XXXX
security-level 50
ip address 172.27.3.1 255.255.255.224
Thanks
Ajay

Error Routing protocol - EIGRP between Cisco ASA with Switch 4506

Dear Cisco Team,
I have problem when I configed EIGRP between cisco ASA 5510 with core switch 4506. This is below error
*Nov 4 05:08:09.898: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
*Nov 4 05:09:29.409: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
*Nov 4 05:09:29.499: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
*Nov 4 05:10:35.609: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.18 (GigabitEthernet2/42) is down: holding time expired
*Nov 4 05:10:49.009: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
*Nov 4 05:10:53.230: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
quang huy2004: *Nov 4 05:08:09.898: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
*Nov 4 05:09:29.409: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
*Nov 4 05:09:29.499: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
*Nov 4 05:10:35.609: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.18 (GigabitEthernet2/42) is down: holding time expired
*Nov 4 05:10:49.009: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
*Nov 4 05:10:53.230: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
the tech Spec
ASA, IOS : 8.0.2
4506, License IP Base; OS: Unisal 15 M.2
I checked between ASA with Router ok; but between ASA with 4506 error
Can you help me ?

Hello,
This logs means that the hold time expired so the hello packets are not being received, usually means multicast packets are missed-224.0.0.10)
I would recommend you to try another cable because this ussualy is a phisical or congestion issue.
Can you try that and let us know the result, also if that does not help can you send us the following outputs:
-Show ip EIGPR neighbors
-Debug EIGRP packet hello
Regards,
Julio

Need help to start with some file and text manipulation

Hello script mavens,
I need help with starting a script that does the following:
-within a base folder it takes an inventory (list?) of all the files (which happen to be image files).
-creates a new folder inside the base folder and calls it imagesX where X increases by one every time the script is run
-moves all the files into the images folder
-within the base folder it creates a new text file and calls it imagesX.js
-writes a "//-" into imagesX.js
-then writes the list of filenames into the imagesX.js twice, separated by an empty line, and adds a semicolon to the end of each filename and saves imagesX.js
-from a folder a level above the base folder it copies a file called index.html into the base folder and renames in indexX.html
-in indexX.html it replaces a string "replaceThis" with "imagesX.js"
The task is more complex but this would help me tremendously do the rest.
If I am asking for too much on this forum please let me know

This should get you started.
The description of how you want to write the data isn't clear, but the rest should work (untested):
property imageNum : 0 -- last used ImageNumber
-- within a base folder it takes an inventory (list?) of all the files (which happen to be image files).
-- get the folder:
set baseFolder to (choose folder)
-- now get the files within it:
tell application "Finder"
set fileList to every file of folder baseFolder as alias list
end tell
--creates a new folder inside the base folder and calls it imagesX where X increases by one every time the script is run
tell application "Finder"
set imageNum to imageNum + 1
set newImageFolder to make new folder at baseFolder with properties {name:"images" & imageNum}
-- moves all the files into the images folder
move every file of folder baseFolder to newImageFolder
--within the base folder it creates a new text file and calls it imagesX.js
set textFile to (open for access file (baseFolder as text) & "images" & imageNum & ".js" with write permission)
--writes a "//-" into imagesX.js
write "//-" to textFile
-- then writes the list of filenames into the imagesX.js twice, separated by an empty line, and adds a semicolon to the end of each filename and saves imagesX.js
-- need more info here
-- a blank line between each instance of the file name? or all file names, blank line, all file names again?
-- an example, please
close access textFile
--from a folder a level above the base folder it copies a file called index.html into the base folder
--and renames in indexX.html
--in indexX.html it replaces a string "replaceThis" with "imagesX.js"
-- the easiest way of doing this is to read the file and write a new copy with the changes - that's easier than changing it in situ:
set indexHTML to (read file "index.html" of folder (container of baseFolder))
set {oldTIDs, my text item delimiters} to {my text item delimiters, "replaceThis"}
set indexHTML to text items of indexHTML
set my text item delimiters to "imagesX.js"
set indexHTML to indexHTML as text
set my text item delimiters to oldTIDs
set indexFile to (open for access file ("index" & imageNum & ".html") with write permission)
write indexHTML to indexFile
close access indexFile
end tell

NEED HELP IN MATRIX WITH GROUP REPORT

Dear All,
I need small help in MATRIX WITH GROUP REPORT In Report Builder Test Report
In my report, having periods as rows and location as columns as shown below,
1) LOC-A
JAN-10 FEB-10
ITEM-GROUP -1 1 2
ITEM-GROUP-2 3 4
ITEM-GROUP 3 5 6
2) LOC- B
MAR-10 APR-10
ITEM-GROUP -1 7 8
ITEM-GROUP-2 9 10
ITEM-GROUP-3 11 12
But comming to my requirement, the periods should be in fix in matrix as shown below
1) JAN-10 FEB-10 MAR-10 APR-10
LOC-A
ITEM-GROUP -1 1 2
ITEM-GROUP-2 3 4
ITEM-GROUP 3 5 6
LOC- B
ITEM-GROUP -1 0 0 7 8
ITEM-GROUP-2 0 0 9 10
ITEM-GROUP-3 0 0 11 12
I am unable to get this kind of output format
Please kindly waiting for reply from our team....
Regards
krishna.P

For the periods, create a seperate dummy query and then use it as column group in the multi query matrix.

Need help Pagination Suppourt with DataGrid

Hi ,
When i do a search Operation , the data from Database is huge and i think if i display all of them at a Time it will be a performance and response Time issue .
So the question i am asking is that , can any body please give me a basic idea as how to implement Pagination with DataGrid Results ??
Need help with Datgrid and Pagination suppourt .
Thnaks in advnace .

Hi Kiran,
Try referring to the below link...
http://www.flexicious.com/
Thanks,
Bhasker Chari.S

Cisco ASA with IMAP4S proxy

Hi,
we want to access our mail server (Lotus Domino) with an iPhone through a Cisco ASA configured as a IMAP-SSL proxy.
I have no problem accessing the server with Apple Mail, but not with the iPhone!
After the successful SSL handshake and AAA authetification the SSL connection is terminated with "client channel close"
Any ideas?

hello Vinish
recommending you to place this question to Security -> Firewalling forum instead of Small Business Security. Cisco ASA devices are not part of Small Business portfolio and ASA knowledgeable users are probably not checking this Small Business. That's reason why nobody responded yet probably.

Replaced hard drive in compaq presario cq62, need help recovering it with out disks

Recently replaced the hard drive in my notebook due to failure of original. Need help recovering it without disks

If you are wanting to install the original copy of Windows it came with, you will need a set of recovery disks.
Otherwise, you can purchase a copy of Windows to install and download the appropriate drivers from http://goo.gl/hOm3. Just make sure the copy of Windows that is installed is at least the same family of Windows to ensure that drivers are available.
What is the exact model of the notebook and product number?
NOTE: Do not provide the serial number.
↙-----------How do I give Kudos?| How do I mark a post as Solved? ----------------↓

Need help from somebody with the "MSI KT6 Delta-FIS2R" motherboard

Hi everybody!
I really need some help from somebody with the MSI KT6 Delta-FIS2R motherboard (the one with onboard LAN, Audio, RAID, S-ATA and IEEE1394 firewire). You see. I've got this board myself but it's been destroyd. Some values for the onboard devices in my board has been overwritten so that windows no longer recognizes the onboard LAN and Audio controller anymore. I really need some help from somebody with this board.
I need to see what the values for the onboard devices should be. I hope someone can help me by sending me a repport from the Everest home edition: http://www.lavalys.com/products/overview.php?pid=1&lang=en
If anyone could do me this favour, I would be VERRY thankfull

Quote from: HYSTERIAH on 12-November-05, 06:24:20
I really need some help from somebody with the MSI KT6 Delta-FIS2R motherboard
HYSTERIAH,
With 76 Replies and 277 Views on your original thread, it looks to me like people have been trying to help you.
So there is no confusion, I am locking this thread so all your help and advice you receive will be in the same place, so people do not need to jump between threads to keep track of what has already been suggested for this mobo of yours.
Richard

Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: end

Hello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer

Need Help - Cisco Unity

DEAR
i am experiecing problem on cisco unity. i have a doubt but not sure. I was configuring call management - Auto Attendant. I didn't make any big changed i just created one handler thats it and deleted later.
After that i am not getting voice mail even if i check from cisco iphone its not asking pin code and message operator not available at this moment.
i checked users are created. what coulf be the issue.

Dear Mr. Mahmood;
I really appreciate your concern and solution to the point and well understanding about the issue, Thanks alot.
One more issue, recently i have configured IM & Presence 9.x. cisco jabber voice is working on android and iphone within coporate network. Like Lync Server, you don't need for any vpn because configuration on doman level. Can we do like that if not is there any VPN software which i can install on phone. we have ASA 5500 series firewall with VPN - group tunnel password. I install cisco anyconnect but there is no option for Group Tunnel Password.
Is there any best way for conectivity using jabber without coporate network please suggest me...

Love the X2 except for 3 main issues which I need help or clarification with

Hi Everyone, I have pretty much copied and pasted my post from the Motorola forums (with a few minor edits) over here as I do need a little bit of help or insight on my issue.
I have scoured through the Droid X section trying to find solutions to my problems and I haven't been able to get a solid answer anywhere (here or on other Android/X2 forums).
I have an X2. I really like this phone. It is solid and has crystal clear sound quality. However, ever since I have had it I have seen intermittent issues pop up and I would like to get some feedback on them or get things put into perspective that it is a known glitch in the interface between the Android OS and the hardware. I bought the phone at Best Buy and every time I bring it in (either back to Best Buy or a Verizon store), as the issue is intermittent, they won't replace the phone. The people at Best Buy have told me to "do a battery pull every morning" which completely offends me as I never had to do anything so drastic with my original Droid until it finally decided to reboot on me every 2 hours (this is when I upgraded to the X2). I had to pick it up from Best Buy as I needed a functional phone immediately and no Verizon store in the area had the X2 in stock.
The first (and most important issue)... Every once in a while, even though I have full signal, when somebody calls me, my phone will not ring or vibrate. It will ring the full six times on their end but does not show up on my phone as ever receiving or missing the call. After the six rings on their end, it goes to voicemail and after they leave the message, only the voicemail indicator shows up. Over the past month this has happened multiple times (once or twice a week). Those who don't leave messages have had to hunt me down because they thought I had left my phone elsewhere as it never rang or notified me of an incoming call.
The next two issues are still important to me but they are more of an inconvenience than anything else.
Sometimes (yes, this is intermittent too but it happens daily), when I wake my phone from sleep, all of the antennas seem to be off and it takes a good second or two to show back up in the status bar (3G, Bluetooth, etc). My question is, have all of the non-CDMA antennas "gone to sleep"? The signal bar for the actual cell service are still there, just not the other services (3G/1X) or wireless settings (Bluetooth/WiFi) for a couple seconds.
Lastly (and this may be a direct link to the previous question), when I use the "Google Talk" application, the messages I send go through very quickly, but sometimes I do not get replies for a long time after they are sent (30 minutes to and hour later). If I wake the phone, sometimes a previously sent message will come through, and when I check the chat log in Gmail itself, the message was sent from quite a while back (15 minutes to an hour).
I know I am brand new to your community, and I am sorry to have to burden you all with a post like this as my initial post. However, I have always liked and used Motorola phones with Verizon/GTE (all the way back to the MicroTAC series of the early 90s) without issues or incidents for the most part. As my original Droid was starting to act up I decided to jump on the X2 as it was just released. I understood that it was not going to initially come with Gingerbread and I said I would be patient for the update to come and hopefully it would bring a new level to the phone itself as well as solve some (if not all) of the issues. However, now that it is past my return date, and there is no update as of yet, I do require assistance.
Thanks in advance for any assistance or insight,
Tuan

Thanks for the replies everyone.
The responses I received over at the Moto forums said the same thing about the battery saver mode. However, I have had the same issue with the radios shutting off during the day while it is in "Nighttime savings mode" so I'm just thinking it's an oddball glitch with the phone's power management settings and clock. I have recently changed the battery mode to "Performance Mode" from Nighttime Savings" as I have the phone plugged into the charger at night anyways. I'm hoping that will take care of both my radio and gtalk issues.
@Wildman: I have heard the same thing about the GB update from a Verizon rep very recently myself. I am still going to hope for an update sometime in the near future, but I do recall the first update for my Original Droid was months down the line from the release day.
@Droiddude: Are you just cycling the power? Or are you actually doing physical battery pulls? If cycling the power works for you it would lessen the burden of pulling that Incipio case (Verizon Double Cover) off my phone every time to do battery pulls. It's a great case but wow it's a tight/snug fit.
@vereyezuhn: I understand that there are possible dead areas in which my main issue may occur. I even have a prepaid phone for the times I am in a Verizon dead zone. However, when my issue occurs, I will be in the same spot for a while. I will receive all my calls, miss one in the manner I have spoken, then receive the following calls normally (SMS/MMS does not seem to be affected either as I seem to receive all of those). This is why I have this specific issue. I have recently cleared the phone's cache partition as well as update the PRL using *228 option 2. We will see over time if this eliminates the issue or at least makes it much more rare.

Need help big time with pop-up window!

This is probably an easy answer, I'm not a programmer or a back end guy whatsoever, I'm a graphic designer trying to make his way through a project for a client.
I'm working up a Flash template, and I need to make a simple pop up window that will view a more detailed version of an image. The template has a pop up window system where you add your photo to a certain frame of a movie clip. The problem is, the pop ups have scroll bars built in, and for the life of me I couldn't figure out how to get rid of them, so I duplicated one of the movie clips that looked like it housed the framework of the pop up and deleted the scroll bar (I didn't delete any of the scroll bar code because I had no idea what I was doing). It actually kind of worked, but the pop up window is a bit too wide and doesn't look right.
You can view my hack job here...
http://truetilldeathhq.com/main8_v7/main8_v7.html
Stay on the "Print" page and click the first "01" button and an ad for Ford will come up. Click the "Detailed View" button in the description to see the pop up window.
My question is, there MUST be an easier way to make a pop up window than the workaround I'm using with the template. What I'm trying to do is have a pop up for each sample of the work (all images would be the same size) for the first four buttons, and then for the "Online Banners" page, have the pop up open up to the dimensions of the particular banner ad and play the swf. The pop ups shouldn't have scroll bars, only a title and the button to close the window.
To view the template files, you can download them at:
http://truetilldeathhq.com/main8_v7/main8_v7.fla
The "descripton" movie clips have the descriptions and the "Detailed View" links in the frames, and the movie clips I not so gracefully butchered to get the pop up to work were TM_page_content_scroll (where you're supposed to put an image in a certain frame and then put the # of that frame in the Actionscript of the "Detailed View" button), and the TM_main_cont_page2 and TM_pop_up_main3, which were the ones I duplicated.
If ANYONE can offer even the slightest bit of help, I gratefully appreciate it. I've been working on this thing for like 15 hours a day and I can't even think straight at this point, thanks!

I admit to not having read everything you wrote... there's just too much of it. But...
Hashtable (and HashMap, which you should really be using unless you have some external constraint requiring the use of Hashtable) map each key to a single value object.
That is, you can map from the key string "4996" to one single other object. And then you can also map from a different key to a different object.
In you put() method, you add a mapping from "4996" to "good", and then you replace that mapping with one from "4996" to "home". There is only ever one value associated with a given key.
To map multiple values to a single key, you need the value object to be a collection of some kind (or an array). So, you could map your string "4996" to a List, and that list could contain the strings "good", "home", etc.

Need help displaying images with List component for Flash CS4 (ActionScript 3.0)

Hi folks:
I am an inexperienced user of Flash CS4 Pro (v10.0.2). I am attempting to use the List component with ActionScript 3.0 to make a different image display when a user clicks each item in a list.
I did find a tutorial that showed me how to make different text display using a dynamic text box and the following ActionScript:
MyList.addEventListener(Event.CHANGE, ShowSelectedItem);
function ShowSelectedItem(event:Event):void {
ListText.text=MyList.selectedItem.data;
...where My List is the instance of the List component and ListText is the dynamix text box. In this case, the user clicks an item in the list, defined by the label value in the dataProvider parameter of the List component, and text displays as defined in the data value in the dataProvider parameter.
However, as I mentioned to start, what I really want to do is make images display instead of text. Can anyone provide me the steps to do this?
I appreciate your help (in advance)!!
Cindy

Hi...thanks for responding! I was planning on using images from the Library, but if there is a better way to do it, I'm open. So far, I just have text in the data property. This is part of my problem. I don't know what I need to put in the data value for an image to display. Do I just put the image file name and Flash will know to pull it from the Library? Do I need to place the images on the stage on different frames? I apologize for the "stupid user" questions, but as you can tell, I'm a newbie.
Appreciate your patience and any help you can offer!
Cindy

Need help - Cisco ASA with FirePOWER

Similar Messages

Maybe you are looking for