Hi,I can see in my logs many of the following enties: %ASA-6-201010: Embryonic connection limit exceeded -2/1024 (for various sources and destinations)I can't find out any information on the minus value (-2) can someone tell me how I can have a negat...
Hello,As I monitored the CS-MARS incidents, I noticed that the System Rule: Modify Network Config constantly firing but we haven't done any changes in the device. The reporting device is ASA firewall which sends syslog messages to CS-MARS. Below...
Hi,I am planning for deploying NAC appliance in OOBVG mode. For the access layer, L2 switches are selected (2960). If I change the L2 access switches with L3 (3560 or 3750) would this add more manageability to the access layer by NAC?Regards,Mladen
Hi,I have a need to schedule a reload of some ASA firewalls on a regular basis. What I would like to do is create a reccuring schedule on each ASA to say reload at 23:59 every Friday.I'm aware of the RELOAD command but this appears to be a 'one time ...
Hi,We are using CSA V5.1.0.69. And now we want to upgrade this to the latest (V5.2).Is there any option like auto upgrade from MC? or Do we need to upgrade this manually.
I'm trying to find out if it's possible to created an encrypted tunnel using two ASA's but using transparent mode, rather than routed mode. My understanding is that transparent mode works at layer 2, so IPSec might not be avaiable (since it's at lay...
Have dual identical 5520s to provide active/failover for lab environment. To secure environment behind firewalls, I've read that I will need to do L3 routing on ASA and remove L3 vlan routing from dual redundant C6509s.If i'm doing failover / redund...
Hi everyone;Some how I lost my rsa keys, not sure how but when I do a sh ca mypublic rsa nothing shows. Question is how do I regenerate the keys so that I can SSH into the router again? I thought I can do a ca generate rsa key but that doesn't work...
I recently upgraded a customer from a PIX 525 (running 7.0 code) to a pair of ASA 5550s in active/standby mode. The ASA runs 8.02. The customer uses a software identity service called Trusted Network Technologies 'Identity', which communicates with a...
running Pix OS 7.0x Guys what am I missing here? I have an permit ip any any from my inside to my outside interface. Yet rhapsody will not get past the DRM stage of install. I don't have any of the sites it wants to access blocked by domain or IP in ...
Hi, I have few servers in the dmz zone, all my users are in the inside zone.we have typically found that after some inaction all the connections are getting time out and we have to restart the services.On my pix 515e running 7.22, i have the followin...
I'm getting this log on my FWSM. Does anybody know why? <166>Feb 21 2008 10:55:58: %FWSM-6-110001: No route to 192.168.101.1 from 192.168.8.10I have the following config:FWSM Version 3.2(4) <context>!firewall transparenthostname ADMIN!interface Vlan1...
Pix 515eI have a VPN setup with another site. One of my servers is part of the VPN. However, now that server needs to get to another non-vpn server thru port 80. I can't figure out how to allow it. It seems like it is "locked" into this tunnel and o...
