Securely backing up config for ASA

Similar Messages

• Netflow Config for ASA

  Is netflow supported on the ASA? I have been look on teh net with no luck can soemone point the way or tell me if this not possible?
  TIA!!

  Rick - thanks for your response. It would be nice to see NBAR or Netflow type stats on the ASA, when the ASA is performing VPN functions.
  Would syslog or something else give me those type of stats?
  Thanks,
  Steve

• HT5312 i try everything to get back my answer for my security questions...but it is not working

  i try to get back my answer for my security questions but it is not working

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
  (97524)

• Define Logical Port and Back-End Destinations for ESOA use of this config

  Hi,
     Please let me know what is the use of this config I am not able to get a documentation.
  Define Logical Port and Back-End Destinations for ESOA

  Hi Autobots,
  Even I am looking for the same information. Did u get some headstart into the matter?
  Pl provide me with the inputs too.
  Cheers
  Nikhil

• How to securely back-up my library in iTunes for windows 7

  how to securely back-up my library in iTunes for windows 7

  Hey JFONT,
  Thanks for the question. The following article may assist you in achieving your end goal:
  iTunes: Back up your iTunes library by copying to an external hard drive
  http://support.apple.com/kb/HT1751
  Thanks,
  Matt M.

• TS3297 Does anyone know how to reset your security questions?? I loaded an itunes gift card on new ipod but when trying to make a purchase, itunes is asking us the incorrect security questions?!(for 1st time purchase)

  Does anyone know how to reset your security questions?? I loaded an itunes gift card on new ipod but when trying to make a purchase, itunes is asking us the incorrect security questions?! (for 1st time purchase)  I know the questions are not what I chose because I wrote the questions & answers down when setting up the ipod. Any ideas??!!!

  Reset Security Questions
  Frequently asked questions about Apple ID
  Manage My Apple ID
  Or you can email iTunes Support at iTunes Store Support.
  If all else fails:
    1. Go to: Apple Express Lane;
    2. Under Product Categories choose iTunes;
    3. Then choose iTunes Store;
    4. Then choose Account Management;
    5. Now choose iTunes Store Security and answer the bullet questions, then click
        Continue;
    6. Sign in with your Apple ID and press Continue;
    7. Under Contact Options fill out the information and advise iTunes that you would
        like your security/challenge questions reset;
    8. Click Send/Continue.
  You should get a response within 24 hours by email.
  In the event you are unsuccessful then contact AppleCare - Contacting Apple for support and service.
  Another user had success doing the following:
  I got some help from an apple assistant on the phone. It is kind of round about way to get in.
  Here is what he said to do and it is working for me...
    a. on the device that is asking you for the security questions go to "settings", > "store" >
        tap the Apple ID and choose view"Apple ID" and sign in.
    b. Tap on payment information and add a credit/debit card of your preference then select
        "done", in the upper right corner
    c. sign out and back into iTunes on the device by going to "settings"> "store" > tap the
        Apple ID and choose "sign-out" > Tap "sign -in" > "use existing Apple ID" and you
        should be asked to verify your security code for the credit /debit card and NOT the
        security questions.
    d. At this time you can remove the card by going back in to edit the payment info and
        selecting "none" as the card type then saving the changes by selecting "done". You
        should now be able to use your iTunes store credit without answering the security
        questions.
  It's working for me ...I just have to put in my 3 digit security pin from the credit card I am using.
  Good Luck friends!

• Security Back up problem

  I would like to know if i could use the security back up from my old Blackberry curve to restore all the info i had on that one on my new one. can not perform the switch funtion çause i don't have the old one just it's back up file.
  thanks

  You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (114957)

• Cisco ISE configs for switch

  I suppose Cisco ISE sends a URL redirect to the switch and the switch presents it to the client in case of guest Access getting a URL redirect with User Acceptance Page (Wired Guests and not wireless).
  My question here is, Do we need to configure http and https server on the switches (both supplicant and authenticator)?
  I am sure it will need but just wanted a confirmation..
  I have checked the configuration for supplicant and Authenticator switches for ISE and it has no where mentioned that part of the config.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html (a problem of URL redirection and possible cause is mentioned) ------- makes me sure that the config is needed.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_010000.html
  (config of supplicant and authenticator switch)---- nowhere mentioned of the http/https config for both switches.

  Yes, its needed.  The http/s server within the swtich is used to grab the http user traffic and redirect the traffic to the CWA portal, or a device registration portal, or even to the Mobile Device Management (MDM) onboarding portal.  .
  ip http server
  ip http secure-server
  The info below I grabbed from Cisco ISE for BYOD and secure unified access book.
  "Many organization want to ensure that this redirection process using the switch's internal HTTP server is decoupled from the management of the switch itself, in order to limit the chances of an end user interacting with the management intervace and control plane of a switch.  this may be accomplished by running the following two commands from global configuration mode:
  ip http active-session-modules none
  ip http secure-active-session-modules none"

• Apple store worked great, now it keeps telling me that I need to verify payment info and my security code is invalid for my card... The card is current? What's going on?

  Apple store worked great, now it keeps telling me that I need to verify payment info and my security code is invalid for my card... The card is current? What's going on?

  Did you enter the last three digits on the back of the card for Visa or Master or the 4 digit # on the front of Amex?

• Creating syslog report on a separate server for ASA 5555-x

  hello all,
  how do we create syslog report for ASA to dump in a separate physical server?
  thanks

  Hello,
  You mean send syslog messages to an external dabatase
  If thats the case it should be
  logging enable
  logging server name_if IP_address
  logging trap 7
  For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
  Any question contact me at [email protected]
  Cheers,
  Julio Carvajal Segura

• Alternative to set  "java.security.auth.login.config" ?

  In all examples of using JASS, it uses the following way.
  System.setProperty("java.security.auth.login.config", fileName)
  Is there a way I can specify the policies in code, not in a file? That way I don't have to worry about file permissions.
  p.s. Thanks for Seema-1 who anwsered my last question.
  Message was edited by:
  maqiang9111

  Has anyone done the same thing for the java.security.krb5.conf setting? I tried setting it using the same form of URL that I use for java.security.auth.login.config, and I get this error when the kerberos code attempts to use it:
  Could not load configuration file jar:file:\C:\dev\workspace\myapp\client-data.jar!\krb5.ini (The filename, directory name, or volume label syntax is incorrect)
  The corresponding login context conf file in the same jar loads fine.

• Best Log Setting for ASA & MARS

  Hi,
  I'm going back and trying to clean up our MARS install a little bit now that I have some time. I need to update MARS to the latest version, but right now I'm just trying to wade through some of the undefined logs coming from our ASA. Is there any guideline as what is the best log settings to use comming from the ASA for MARS? Right now it looks like everything is setup to be forwarded. Anyone have any suggestions for what they have their log settings at to capture the best amount of information, but not have to wade through everything else?
  Thanks

  Which syslogs are these specifically? We don't get any undefined events from our FWSM(s)? We get a plenty from the Netscreen (but AFAIR this is documented on CCO) that the support is not 'complete' as of yet.
  The recommended level for ASA/PIX as per the Cisco Guide and 'many' discussion on Cisco MARS User Group is 'debugging'. Under normal operation not a lot of level 7 messages are generated.
  Regards
  Farrukh

• New Type of Firewall Config (for me)

  OK - this is a different type of config for me so I am reaching out for  some advise / help.  I manage many cisco asa 5520's and I am in the  process of converting one asa from a block of 30 outside addresses of to  a 50 Meg Cox cable modem with a block of 30 cidr addresses.
  Normally  I would just reference an outside address and bingo, things would work  right.  In this case I found out so far that I could only get internet  access through this cable modem by setting up the outside interface of  the asa with dhcp - then it grabbed a public wan address, added a route  to the asa 5520 and then I had internet access out through the cable  modem.
  My question / problem / nuance to me is when I reference /  assign  one of our cidr addresses to a device (like a server) and that  is natted from the dmz to the outside address I don't get access to the  device.
  I'm thinking I have to do something special to set up  these cidr addresses but having never done this before I am reaching out  for some advise.
  my outside dhcp assigned wan address is 70.168.x.1xx with a gateway of 70.168.x.1
  The cidr block I have been assigned from the cable company is
  184.185.x.x/27
  The  cable company also has suggested a default gateway address withing the  cidr block and a first useable and last useable address.
  I must say that I usually look to over complicate things by thinking things are more difficult than they really are.
  Can  anyone get me pointed in the right direction so I know how to assign  these cidr addresses and have then accessable from the outside???
  Thanks in advance
  Paul

  Hi,
  So from what I understand you should have your own public IP address range of /27 usable through your current connection. Yet it only works with setting the ASA outside to use DHCP and doesnt work when you staticly assign an IP address from the /27 address range and set the default route.
  If the above is the case I'm kinda wondering why you are even getting IP address with DHCP from the ISP if you are supposed to have your own public address block.
  You sure the ISP has its side configured correctly?
  - Jouni

• Command authorization for ASA

  Hi all
     I have configured ASA firewall for command authorization with ACS.For users with privilege level 15 it is working fine.But when i login with users with privilege level 0, first when i enter the username and password ,it enters into enable mode.But after that when i put the enable password ,it is not working.password is not working.I configured to use the same PAP password option in the ACS enable section for the user.Also is it possible in ASA is it possible when user enters username and password,he could directly log into the exec mode rather than enable mode and assign privilege for the user as configured in the ACS user configuration.
  Thanks in advance
  Anvar

  Hi Dan
    I have alredy configured enable password using tacacs+.Please find my aaa config on ASA
  aaa authentication telnet console TACACS-SERVER LOCAL
  aaa authentication http console TACACS-SERVER LOCAL
  aaa authentication ssh console TACACS-SERVER LOCAL
  aaa authentication enable console TACACS-SERVER LOCAL
  aaa authentication serial console LOCAL
  aaa authorization command TACACS-SERVER LOCAL
  aaa accounting telnet console TACACS-SERVER
  aaa accounting command TACACS-SERVER
  aaa accounting ssh console TACACS-SERVER
  regards
  anvar

• I need help configuring a connection with asdm 5.2 for asa

  Hi All
  I am very much a novice with asdm 5.2 for asa and I urgently need to configure a connection but don’t know how to. I have 2 domains at work and someone is trying to connect their sql client from their pc in one domain to the sql server in the other domain (DMZ).
  When he tries to connect he gets the error
  Cant connect to MySql Server at "IP Address" (10060)
  He is trying to connect on port 3306. Could anyone please give me any tips on how i can resolve this quickly? I know i am
  trying a shortcut on this one but I recently started a new job and thrown in the deep end here and need to learn this asdm 5.2 for asa product from scratch with nothing more than the manual that come with the cd . My Cisco knowledge is from 2001 when i did half of a ccna course.
  Any help would be greatly appreciated

  Hi,
  I'm not a security specialist but here is how I had it set up at home:
  Essentially a NAT and a rule forwarding the port are needed. In this particular case I had an Oracle server running and a person requested remote access. So, for example, the source address was his external IP and the destination was the Oracle's external IP. For the NAT the source was the internal IP of the Oracle server and the interface was Outside.
  Hope this points you in the right direction.