Software Version ASA 5512-x

Similar Messages

• P2P blocking on ASA 5525 with Software Version 8.6(1)2

  Hello,
  We have Cisco ASA 5525 with Software Version 8.6(1)2. We have permitted all the traffic from inside to outside.
  Now we want to block P2P sharing Bit torrent to internet sites. Please help me with the configuration.
  We have DMZ setup & also inline IPS module.
  Thanks in advance.
  Regards,
  Sandeshc Chavan.

  Hi Chavan , 
  You can try to block this by port. 
  The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). 
  The config is
  Access-list BLOCK-P2P-TRAFFIC deny tcp any any range  6881 6889 log 
  And applies to the desire interface with the "Access-group command"
  For example:
  Access-group  BLOCK-P2P-TRAFFIC outbound interface DMZ
  However Blocking Bittorrent is challenging, and can't really be done effectively with port blocks. The standard ports are 6881-6889 TCP, but the protocol can be run on any port, and the peer-to-peer nature of the protocol means that discovering peers that use unblocked ports is simple.
  Also you can execute  from the cmd on windows  the command  netstat -a and check the port Bit torrent is using .
  Hope this helps.

• ASA 5512-X version 9.1 multiple contextes supported?

  Hi All,
  could soumeone please let me know if on the ASA 5512-X virtual contexts are supported with version 9.1 ?
  I found different information on the Cisco web,  the ASA datasheet says it is supported but in the configuration guide I found exactly the opposite information.
  Cisco ASA Series General Operations CLI Configuration Guide 9.1 and 8.6
  http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/ha_contexts.html#wp1188797
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030
  Cisco ASA 5500 and ASA 5500-X Series Next- Generation Firewalls for Small Offices and Branch Locations Data Sheet (Updated)
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701253.html
  thanks in advance
  Best Regards
  Frank

  Hi,
  you find the information in the ASA Configuration Guide section "Licensing Requirements for Multiple Context Mode"
  http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/ha_contexts.html#wp1188797
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030
  Licensing Requirements for Multiple Context Mode
  ASA 5512-X      No support.
  Best Regards
  Frank

• ASA 5512-X an out of date ASDM-IDM?

  The cisco ASA 5512-X we have recently purchased comes with an out of date ASDM-IDM. It comes with version 6.6(1) which is not compatible with the asa version 9.1 is this normal?

  I haven't opened a new one in the past couple of months but ASDM 6.6(1) is compatible with ASA software 8.6(1). That was the version most units were shipping with for a while as it was the initial release that introduced support for the 5500- X series.
  If the box shipped new with 9.1 ASA software then the ASDM should be at least 7.1(1) - and the recommended version is 7.2(1). Reference.
  It's easy enough to upgrade ASDM - just copy the file over and change the "asdm image" command to point to it.
  (By the way, you'd get better visibility of a question like this in the Security - Firewalling forum.)

• ASA 5512-X DHCP Backup ISP

  I installed a new ASA 5512-X over the weekend for a client.  Their backup ISP connection is DHCP based.  I need to use the 'dhcp client route track' command on the interface, but it is not available.  However according the all the documentation I am looking at and even the ASDM says it should be available. 
  This is the version of ASA and ASDM they are running:
  Cisco Adaptive Security Appliance Software Version 8.6(1)1
  Device Manager Version 6.6(1)
  I did upgrade to the latest ASA software, so has this command been removed?  If I do a '?' in the interface, there isn't a 'dchp' option. 
  Any help would be appreciated.  I really don't want to tell them they need to get a static IP address to resolve this issue.
  TIA,
  Dan

  Looks like you are hitting bugID: CSCtq78280
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtq78280
  Pls open a TAC case to get the fixed on version 8.6.1(x).

• ASA 5512 - monitor power supply status via snmp oid

  Device – ASA 5512 running 9.1(1).
  Show version:
  ASA-1# sh ver
  Cisco Adaptive Security Appliance Software Version 9.1(1)
  Device Manager Version 6.6(1)
  Compiled on Wed 28-Nov-12 11:15 PST by builders
  System image file is "disk0:/asa911-smp-k8.bin"
  Config file at boot was "startup-config"
  ASA-1 up 8 hours 38 mins
  Hardware:   ASA5512-K7, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
              ASA: 2048 MB RAM, 1 CPU (1 core)
  Internal ATA Compact Flash, 4096MB
  BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
  Issue: looking for a snmp OID to poll power supply status (Inbuilt Power Supply -  no redundant power supply in this scenario). Possibly what we see in show environment.
  CSE analysis:
  I tried using the OIDs belonging to CISCO-ENTITY-FRU-CONTROL-MIB , like cefcFRUPowerOperStatus and cefcFRUPowerAdminStatus but it didn’t return anything.
  NOTE: I have done all the snmp walks from the Linux server. Do I doubt it’s something to do from the snmp manager side.
  Couple of observations. The  CISCO-ENTITY-FRU-CONTROL-MIB talks about the field replaceable power supplies, so I doubt if it’s going to return the value for inbuilt power supply.
  Second, I noticed that there are snmp traps supported for power supply and threshold setting. See configuration below. Is it that only traps works for power supply and environment related details?
  Snmpwalk on cefcFRUPowerStatusEntry returns nothing:
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117.1.1.2.1
  SNMPv2-SMI::enterprises.9.9.117.1.1.2.1 = No Such Object available on this agent at this OID
  Snmpwalk on cefcFRUPowerOperStatus returns nothing:
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117.1.1.2.1.2
  SNMPv2-SMI::enterprises.9.9.117.1.1.2.1.2 = No Such Instance currently exists at this OID
  Snmpwalk on cefcFRUPowerAdminStatus returns nothing:
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117.1.1.2.1.1
  SNMPv2-SMI::enterprises.9.9.117.1.1.2.1.1 = No Such Instance currently exists at this OID
  [root@tonbenso-eagle bin]#
  login as: root
  I tried polling the ciscoEntityFRUControlMIB to see what all values it return. It just returned enterprises.9.9.117.1.3.1.0 = INTEGER: 2. Meaning cefcMIBEnableStatusNotification is FALSE (value 2). Meaning cefcModuleStatusChange, cefcPowerStatusChange, cefcFRUInserted, cefcFRURemoved, cefcUnrecognizedFRU and cefcFanTrayStatusChange are prevented from being sent.
  Snmpwalk on ciscoEntityFRUControlMIB
  [1]+  Stopped                 ./snmpwalk -v2c -c public 172.16.169.29
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117
  SNMPv2-SMI::enterprises.9.9.117.1.3.1.0 = INTEGER: 2
  Object
  cefcMIBEnableStatusNotification
  OID
  1.3.6.1.4.1.9.9.117.1.3.1
  Type
  TruthValue
  Permission
  read-write
  Status
  current
  MIB
  CISCO-ENTITY-FRU-CONTROL-MIB ;   -   View Supporting Images
  Description
  "This variable indicates whether the system
  produces the following notifications:
  cefcModuleStatusChange, cefcPowerStatusChange,
  cefcFRUInserted, cefcFRURemoved,
  cefcUnrecognizedFRU and cefcFanTrayStatusChange.
  A false value will prevent these notifications
  from being generated."
  Found couple of bugs:
  CSCty32558 – but then this is for 5585 and I see it is fixed in 8.4
  CSCul90037 – New state
  Show snmp-server oidlist:
  http://www-tac.cisco.com/Teams/ks/c3/getLargeFile.php?srId=632222409&fileName=20141030-013905_ASA-show-snmp-server-oidlist.txt
  Show tech:
  Sh run | in snmp:
  ASA-1# sh run | in snmp
  snmp-server host asa 172.18.123.228 community *****
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps entity power-supply-presence power-supply-temperature  -----à I was talking about this trap above
  any help will be appreciated.

  Hi
  I've got an ASA with redundant power supplies. An ASA5585. So I have the need to monitor them. :-) So how can we do it?
  Also I've made a SNMP-Walk through the ASA v8.4(2)8 and it doesn't show up any ENV-MIB values. The
  1.3.6.1.4.1.9.9.13 tree is not available. Are you shure it's available on the ASA?
  Funny is also that the command "show snmp-server oidlist" from the 8.4 configuration guide is not available on the real CLI. I think the documentation guys were faster than the coders. ;-)
  Kind regards
  Roberto

• Asa-5512-x no connectivity to internet

  I am going from a pix-515e to asa-5512-x.   I used the wizard for the initial setup.  I then set the interfaces the same, objects, nat rules, routes, ACLs the same as in the 515e (except for the outside interface ACL where you use the inside address now, rather than the outside...and you have a global deny rule for all interfaces) . 
  I take the cables from the inside / outside interface from the 515e, plug them into the 5512x and nada...
  Computers on the inside can't get out.   I see egress failures on the ASDM monitor from the inside to outside.  I don't see any traffic coming in on the outside interface to the inside as I do on the ASDM of the 515e.  
  ASA Version 9.1(5)  
  hostname ASA-5512-X
  domain-name mydomain.com
  interface GigabitEthernet0/0
   nameif outside
   security-level 0
   ip address 98.xxx.xxx.xxx 255.255.255.224  
  interface GigabitEthernet0/2
   nameif inside
   security-level 100
   ip address 10.0.1.242 255.255.252.0  
  interface Management0/0
   management-only
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0  
  boot system disk0:/asa915-smp-k8.bin
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns domain-lookup inside
  dns server-group DefaultDNS
   name-server 10.0.3.42
   domain-name mydomain.com
  same-security-traffic permit intra-interface
  access-list inside_access_in extended permit ip any any  
  access-list outside_access_in extended permit tcp any object webserver-inside object-group web-ports  
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-716.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static webserver-inside webserver-outside unidirectional
  nat (inside,outside) after-auto source dynamic any interface
  access-group outside_access_in in interface outside
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 98.xxx.xxx.xxx 2  
  route inside 172.20.0.0 255.255.0.0 10.0.0.1 1  
  route inside 172.21.0.0 255.255.0.0 10.0.0.1 1  
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 10.0.0.0 255.255.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  telnet 10.0.0.0 255.255.0.0 inside
  telnet 192.168.1.0 255.255.255.0 management
  telnet timeout 5
  console timeout 0
  management-access inside
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map  
    inspect ftp  
    inspect h323 h225  
    inspect h323 ras  
    inspect rsh  
    inspect rtsp  
    inspect esmtp  
    inspect sqlnet  
    inspect skinny   
    inspect sunrpc  
    inspect xdmcp  
    inspect sip   
    inspect netbios  
    inspect tftp  
    inspect ip-options  
  service-policy global_policy global
  prompt hostname context  
  call-home reporting anonymous

  At a quick glance the config looks pretty clean (please do use ssh and not telnet though)
  Since you replaced one box with another, have you checked that your upstream (Outside) device is reachable from the ASA itself? (i.e can you ping your default gateway at 98.xxx.xxx.xxx 2 )
  I've sometimes seen cases where we had to ask the ISP to clear their ARP cache when changing out firewalls.

• ASA 5512-X no int vlan command!?

  I don't have much experience yet with ASAs but I thought the int vlan command should be available? It's an ASA 5512-X with IOS 8.6(1)2, should I upgrade to the newest 9 version? Also, there are rj45 interfaces and SFP interfaces which are numbered Gi0/0 -5 and Gi1/0 - 5, how do I tell what numbers correspond to what interfaces?  Thanks

  "int vlan" is specific to the 5505 which has an integrated switch. The 5510 and higher use a subinterface and vlan command within the subinterface config mode. See the configuration guide section here:
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1082576
  Rear panel ports are numbersed as described in the hardware installation guide here:
  http://www.cisco.com/en/US/docs/security/asa/hw/maintenance/5500xguide/asa_overview.html#wp1069960
  I don't have one in front of me but seem to recall they also have printed designations on the physical unit if you look closely.

• Configure the syslog of ASA 5512-X for display on Cisco Prime Infrastructure 2.1

  Hi, I'm working on implementing the Cisco Prime Infrastructure 2.1 and want to display the syslog about ASA5512-X with Software Version 9.2.
  What would be the procedure for configuring?
  Thanks in advance.

  Hi,
  Enable "logging host x.x.x.x "  command to enable logging
  check the below link:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/monitor_syslog.html#68764
  FYI: Prime Infrastructure support only SEV 0,1,2 syslogs as of now.
  Operate > alarm and events > syslogs
  Thanks-
  Afroz
  ****Ratings Encourages Contributors *****

• 2 Cisco 2504 controllers but different software versions

  Hello,
  I am configuring two 2504 controllers, which I ordered together, however they run different software versions and I don't have a contract/ login to download wlan controller software from the Cisco website.
  The one with the newest version runs 7.2.103.0 while the other one runs 7.0.220.0
  I want to run them together in the same subnet and use them for redundancy (10 AP's will connect)
  Is there a way I can download the software from the controller, just like I am able to do with an ASA firewall? Then I can upload it to the controller with the older software version.
  Thank you and regards,
  Ralph Willemsen
  Arnhem, Netherlands

  Hello Ralph,
  No, you can not download the code from the WLC. You can contact your reseller and request the firmware.
  If you have a contact with Cisco sales team you can tell them and they can open a TAC case for your behalf to publish you the code.
  If your device is under warranty you can send your serial number to [email protected] along with your CCO ID. They will publish you the image if the device is under warranty. (or if it is under valid contract but you don't have the contract number).
  HTH
  Amjad

• Configuring "Guest Wi-Fi" VLAN on ASA 5512

  I'm attempting to setup a new vlan on my Cisco ASA 5512 running version 8.6(1)2.  This vlan will provide access for wireless "guest" AP's in my network.  I have the guest vlan setup through to my switches, I'm able to dedicate a switch port to VLAN 40 and aquire an IP address in the 10.40.10.0/24 network.  Below is excerpt of what I think is the relevent config information.  I'm trying to route guest traffic out my "outside" interface.
  Obvious to me I'm missing another command in here.  Any help would be greatling appreciated. If more the running-config is needed please advise.  Thanks in advance!
  interface GigabitEthernet0/1.40
  description Guest Wireless Network
  vlan 40
  nameif guestwireless
  security-level 50
  ip address 10.40.10.5 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 X.X.X.X 1  (public IP at X.X.X.X)
  access-list guestwireless_access_in extended permit ip 10.40.10.0 255.255.255.0 interface outside
  mtu guestwireless 1500
  access-group guestwireless_access_in in interface guestwireless
  dhcpd address 10.40.10.50-10.40.10.250 guestwireless
  dhcpd dns 8.8.8.8 interface guestwireless
  dhcpd enable guestwireless

  Stripped out some config pertaining to crypto and credentials
  --------------Config Below-----------------------------------
  : Saved
  ASA Version 8.6(1)2
  hostname ASA
  domain-name company.local
  names
  interface GigabitEthernet0/0
  description ISP Interface
  nameif outside
  security-level 100
  ip address ##.##.###.### 255.255.255.248
  interface GigabitEthernet0/1
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/1.40
  description Guest Wireless Network
  vlan 40
  nameif guestwireless
  security-level 50
  ip address 10.40.10.5 255.255.255.0
  interface GigabitEthernet0/2
  nameif inside-tempnet
  security-level 0
  ip address 172.29.0.252 255.255.255.0
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  shutdown
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa861-2-smp-k8.bin
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns server-group DefaultDNS
  domain-name company.local
  same-security-traffic permit inter-interface
  object network NETWORK_OBJ_10.100.10.0_24
  subnet 10.100.10.0 255.255.255.0
  access-list outside_access_in extended permit ip object NETWORK_OBJ_10.100.10.0_24 any
  access-list inside-tempnet_access_in extended permit ip 172.29.0.0 255.255.255.0 object NETWORK_OBJ_10.100.10.0_24
  access-list Split_Tunnel_List standard permit 172.29.0.0 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu guestwireless 1500
  mtu inside-tempnet 1500
  mtu management 1500
  ip local pool ClientVPN-DHCP-Pool 10.100.10.50-10.100.10.250 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-66114.bin
  asdm history enable
  arp timeout 14400
  nat (inside-tempnet,outside) source static any any destination static NETWORK_OBJ_10.100.10.0_24 NETWORK_OBJ_10.100.10.0_24 no-proxy-arp route-lookup
  nat (guestwireless,outside) after-auto source dynamic any interface
  access-group outside_access_in in interface outside
  access-group inside-tempnet_access_in in interface inside-tempnet
  route outside 0.0.0.0 0.0.0.0 ##.##.###.### 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  http server enable
  http 0.0.0.0 0.0.0.0 inside-tempnet
  http 172.29.0.0 255.255.255.0 inside-tempnet
  http redirect inside-tempnet 80
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  dhcpd address 10.40.10.50-10.40.10.250 guestwireless
  dhcpd dns 8.8.8.8 interface guestwireless
  dhcpd enable guestwireless
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl encryption aes256-sha1 aes128-sha1 3des-sha1
  ssl trust-point ASDM_TrustPoint0 outside
  ssl trust-point ASDM_TrustPoint0 inside-tempnet
  webvpn
  enable outside
  anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
  anyconnect profiles VPNConnect disk0:/vpnconnect.xml
  anyconnect enable
  tunnel-group-list enable
  group-policy "GroupPolicy_VPN Connect" internal
  group-policy "GroupPolicy_VPN Connect" attributes
  wins-server none
  dns-server value #.#.#.#
  vpn-tunnel-protocol ssl-client
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Split_Tunnel_List
  default-domain value company.local
  webvpn
    anyconnect profiles value VPNConnect type user
  tunnel-group "VPN Connect" type remote-access
  tunnel-group "VPN Connect" general-attributes
  address-pool ClientVPN-DHCP-Pool
  authentication-server-group compnay.LOCAL LOCAL
  default-group-policy "GroupPolicy_VPN Connect"
  tunnel-group "VPN Connect" webvpn-attributes
  group-alias "VPN Connect" enable
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  : end

• How to Configure Cisco ASA 5512 for multiple public IP interfaces

  Hi
  I have a new ASA 5512 that I would like to configure for multiple public IP support.  My problem may be basic but I am an occasional router admin and don't touch this stuff enough to retain everything I have learned.
  Here is my concept.    We have a very basic network setup using three different ISPs that are currently running with cheap routers for internet access.  We use these networks to open up access for Sales to demo different products that use a lot of bandwidth (why we have three)
  I wanted to use the 5512 to consolidate the ISPs so we are using one router to manage the connections.  I have installed an add on license that allows multiple outside interfaces along with a number of other features.
  Outside Networks (I've changed the IPs for security purposes)
  Outside1 E 0/0 : 74.55.55.210  255.255.255.240 gateway 74.55.55.222
  Outside2 E 0/2: 50.241.134.220 255.255.248 gateway 50.241.134.222
  Inside1 : E 0/1 192.168.255.1 255.255.248.0
  Inside2 : E 0/3 172.16.255.1 255.255.248.0
  My goal is to have Inside 1 route all internet traffic using Outside1 and Inside 2 to use Outside2.    The problem is I can't seem to do this. I can get inside 1 to use outside 1 but Inside2 uses Outside 1 as well.
  I tried adding static routes on Outside2 to have all 172.16.248.0/21 traffic use gateway 50.241.134.222 but that doesn't seem to work.   
  I can post my config up as needed.  I am not well versed in Cisco CLI, I've been using the ASDM 7.1 app.  My ASA 5512 is at 9.1.   
  Thanks in advance for the suggestions/help

  I have been away for a while and am just getting caught up on some posts. so my apology for a delayed response.
  I find the response very puzzling. It begins by proclaiming that to achieve the objective we must use Policy Based Routing. But then in the suggested configuration there is no PBR. What it gives us is two OSPF processes using one process for each of the public address ranges and with some strange distribute list which uses a route map. I am not clear what exactly it is that this should accomplish and do not see how it contributes to having one group of users use one specific ISP and the other group of users use the other ISP>
  To the original poster
  It seems to me that you have chosen the wrong device to implement the edge function of your network. The ASA is a good firewall and it does some routing things. But fundamentally it is not a router. And to achieve what you want were a group of users will use a specified ISP and the other group of users will use the other ISP you really need a router. You want to control outbound traffic based on the source of the traffic, and that is a classic situation where PBR is the ideal solution. But the ASA does not do PBR.
  HTH
  Rick

• I have the iPhone 5 and have with 6.0.1 software version.  Although I had them when I moved from iPhone 4 to the 5, the latest update has most of my songs on the phone listed in grey (over 95% of them) and I can't play them.  They are still listed though.

  I have the iPhone 5 and have with 6.0.1 software version.  Although I had them when I moved from iPhone 4 to the 5 (could play them), the latest update has most of my songs on the phone listed in grey (over 95% of them) and I can't play them.  They are still listed in the iTunes library.  When I look in the Summary for the iPhone, it shows Audio as only .16 GB - I have over 5 GB of songs, so what gives?
  P.S. When I look at my Playlists most of the songs are greyed out.  However, at the bottom of the list there is a cloud icon with a downward facing arrow.  When I click on it each song starts to "load" and after a few minutes I have the songs back on in the list.  I have to do this to all my playlists (I had over 100) in order to get access to all my songs.  Then I did a sync and it happened again!
  I use iCloud for documents and some other things (calendar, contact, etc.) but am not aware that I have anything music-wise in the cloud.  Any thougnts?

  You may have to try deleting all the music from your phone (by going to Settings>General>Usage>Music, swipping All Music and tapping Delete), then sync it all back on with iTunes in order to fix this.

• Error trying to update iPhone to software version 1.0.2

  I have just recently purchased an iPhone. I have no problem syncing it with iTunes. The only problem I have is every time I try to update the software version of my iPhone, it downloads the entire thing then an error message pops up as shown:
  *"There was a problem downloading the iPhone software for the iPhone "name". An unknown error occured (-48).*
  *Make sure your network settings are correct and your network connection is active, or try again later."*
  I have received this error several times and no matter what I do, I can't get it to work. The phone is not hacked, I just purchased it 2 days ago. Its BRAND NEW. I even tried erasing all setting and info, and a restore. Still, nothing.
  What am I doing wrong here? Is there something I need to do in the network settings of my iPhone? Or my cpu? I don't understand the error as I am connected to the internet.
  Please, someone help me!
  Thank you.

  Thank you for your help. I did try to do a full restore, but had to pause the download. When I came back and resumed it, the download just kept going past the 92MB file. It went all the way up to 200MB of 92MB...I have no idea what is going on with that. So I just stopped it and deleted it.
  But it takes almost an hour to download it from my connection and I didn't want to try it again. Maybe I will have to.
  Any other suggestions?

• I have just received an iphone 4 from a friend and it is in software version 4.3.2 still and will not update to latest version. It updates for about 3o minutes and then an error reading that my interent connection timed out? Any suggestions?

  I have an Iphone 4 from a friend. It was never updated with him and now I am trying update to latest software version. It is currently in 4.3.2 and it updates till the last few seconds and then a message, with no error number, states that the internet connection had time out during update. I am using my PC and have tried unsuccessfully for a week. I have tried to restore setting on phone first before plugging in to PC and updating software through Itunes? I took it to my mobile phone outlet and they couldn't help? Is there another way?

  Read through this:
  http://support.apple.com/kb/ht1808