cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1013
Views
10
Helpful
25
Replies
Highlighted
Beginner

Cisco 5510 Startup-Config copy

I copied a Cisco 5510 startup-config to an identical Cisco 5510.

After copying through tftp, I executed a reload. 

Everything looks good. Line by line  compare results are the same.

The problem is I can no longer use ASDM or ssh to interface with Cisco 5510.

Telnet works fine.

I am fairly new to Cisco firewalls.

Please advise.

6 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Hello,

Please provide the following:

Show run ssh

sh run asdm

sh flash  ( and look for the asdm image)

sh run ssh

Make sure you have created the RSA key, if not

crypto key generate rsa

Regards,

Remember to rate all of the posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Hello,

Provide me the following:

show run ssl

show run http

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Hello,

No output from show run ssl .

Just in case add the following command:

ssl encryption 3des-sha1 aes128-sha1 aes256-sha1

Then try to connect,

If this does not work please share the show run asdm

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Hello Duong,

Clear configure ASDM

asdm image:disk0:/asdm-621.bin


What java version are you running in your computer?

capture test interface inside match tcp any host inside_interface_ip eq 443

Then try to connect and send me

show cap test

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Hello Duong,

Well there are going to be some other things that you will need to check like the NAT statements ( Ip addresses on both sides might be different) SNMP communities, Syslog servers,etc.

Just stuff like that,

Regards,

Remember to rate all of the helpful posts ( If you do not know how to rate a post just let me know, I will help  u on that one as well )

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Hello

So only do the following: Lets say new ip is 4.4.4.4

clear configure tunnel-group 2.2.2.2

tunnel-group  4.4.4.4 type ipsec-l2l

tunnel-group 4.4.4.4 ipsec-attributes

pre-shared key x.x.x.x

no crypto map outside_map 20 set peer 2.2.2.2

crypto map outside_map 20 set peer 4.4.4.4

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

25 REPLIES 25
Highlighted

Hello,

Please provide the following:

Show run ssh

sh run asdm

sh flash  ( and look for the asdm image)

sh run ssh

Make sure you have created the RSA key, if not

crypto key generate rsa

Regards,

Remember to rate all of the posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

I see now that sh flash is different and that crypto ket generate fixed my ssh issue.  Thank you!

Device 1

ASA5510-HQ# sh run ssh

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 55

Device 2

ASA5510-HQ# sh run ssh

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 55

Device1

ASA5510-HQ# sh run asdm

asdm image disk0:/asdm-621.bin

asdm location 12.221.201.117 255.255.255.255 outside

asdm group ftp-svr inside

asdm group PubSshSvr_real inside

asdm group PubWebSvr_real inside

asdm group ftp-svr_ref outside reference ftp-svr

asdm group PubWebSvr_real1 inside

asdm group PubWebSvr outside reference PubWebSvr_real1

asdm group PubSshSvr_real1 inside

asdm group PubSshSvr outside reference PubSshSvr_real1

asdm group BlockedOutsideIP outside

no asdm history enable

Device2

ASA5510-HQ# sh run asdm

asdm image disk0:/asdm-621.bin

asdm location 12.221.201.117 255.255.255.255 outside

asdm group ftp-svr inside

asdm group PubSshSvr_real inside

asdm group PubWebSvr_real inside

asdm group ftp-svr_ref outside reference ftp-svr

asdm group PubWebSvr_real1 inside

asdm group PubWebSvr outside reference PubWebSvr_real1

asdm group PubSshSvr_real1 inside

asdm group PubSshSvr outside reference PubSshSvr_real1

asdm group BlockedOutsideIP outside

no asdm history enable

Device1

ASA5510-HQ# sh flash

--#--  --length--  -----date/time------  path

   88  5511168     Dec 31 2002 16:06:56  asa707-k8.bin

   10  8192        May 13 2008 12:34:04  crypto_archive

   89  6161700     May 13 2008 12:36:58  asdm-507.bin

   91  11348300    Jun 07 2010 22:10:42  asdm-621.bin

   92  16275456    Jun 07 2010 22:19:50  asa821-k8.bin

    3  8192        Jun 07 2010 22:25:04  log

   13  8192        Jun 07 2010 22:28:32  coredumpinfo

   14  43          Oct 26 2012 14:54:14  coredumpinfo/coredump.cfg

   93  16410       Feb 18 2011 12:18:12  startup-config

   11  8192        Feb 26 2011 09:39:02  snmp

   12  4           Oct 12 2012 18:16:59  snmp/single_vf

   94  12335       Apr 15 2011 18:17:40  startup-config-2011-04-15-01

255426560 bytes total (215523328 bytes free)

Device2

ASA5510-HQ# sh flash

--#--  --length--  -----date/time------  path

  100  16275456    Jul 30 2012 04:44:14  asa821-k8.bin

   10  8192        Sep 08 2008 02:13:08  crypto_archive

  101  16280544    Jul 22 2012 22:54:06  asdm-645.bin

    3  8192        Jul 22 2012 23:08:46  log

   13  8192        Jul 22 2012 23:09:02  coredumpinfo

   14  43          Oct 26 2012 06:21:58  coredumpinfo/coredump.cfg

  103  8192        Dec 31 1979 16:00:00  FSCK0000.REC

  104  24576       Dec 31 1979 16:00:00  FSCK0001.REC

  105  8192        Dec 31 1979 16:00:00  FSCK0002.REC

  106  32768       Dec 31 1979 16:00:00  FSCK0003.REC

  107  8192        Dec 31 1979 16:00:00  FSCK0004.REC

  108  8192        Dec 31 1979 16:00:00  FSCK0005.REC

  109  24576       Dec 31 1979 16:00:00  FSCK0006.REC

  110  8192        Dec 31 1979 16:00:00  FSCK0007.REC

  111  32768       Dec 31 1979 16:00:00  FSCK0008.REC

  112  8192        Dec 31 1979 16:00:00  FSCK0009.REC

   11  8192        Aug 07 2012 04:49:12  snmp

   12  4           Oct 26 2012 06:09:17  snmp/single_vf

255426560 bytes total (222150656 bytes free)

Highlighted

Hello,

My pleasure,

Please mark the question as answered

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Highlighted

Do you know why asdm no longer works?

Highlighted

Hello,

Provide me the following:

show run ssl

show run http

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

sh run ssl  ==> no return

sh run http ==>

http server enabled

http:0.0.0.0 0.0.0.0 inside

http: 0.0.0.0 0.0.0.0  management

I changed IP to zeros.

Highlighted

Hello,

No output from show run ssl .

Just in case add the following command:

ssl encryption 3des-sha1 aes128-sha1 aes256-sha1

Then try to connect,

If this does not work please share the show run asdm

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

ASA5510-HQ# sh run asdm

asdm image disk0:/asdm-621.bin

asdm location 12.221.201.117 255.255.255.255 outside

asdm group ftp-svr inside

asdm group PubSshSvr_real inside

asdm group PubWebSvr_real inside

asdm group ftp-svr_ref outside reference ftp-svr

asdm group PubWebSvr_real1 inside

asdm group PubWebSvr outside reference PubWebSvr_real1

asdm group PubSshSvr_real1 inside

asdm group PubSshSvr outside reference PubSshSvr_real1

asdm group BlockedOutsideIP outside

no asdm history enable

Highlighted

Hello Duong,

Clear configure ASDM

asdm image:disk0:/asdm-621.bin


What java version are you running in your computer?

capture test interface inside match tcp any host inside_interface_ip eq 443

Then try to connect and send me

show cap test

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

clear configure asdm worked.

You are so awesome, thanks for everything!

Highlighted

Can I expect many other configurations will not stay the same or stop working?

This was a direct copy of startup-config of another 5510 firewall.

Is there anything else I should consider?

We are moving and the idea was to get an identical firewall to copy things over.

To limit downtime.

Highlighted

Hello Duong,

Well there are going to be some other things that you will need to check like the NAT statements ( Ip addresses on both sides might be different) SNMP communities, Syslog servers,etc.

Just stuff like that,

Regards,

Remember to rate all of the helpful posts ( If you do not know how to rate a post just let me know, I will help  u on that one as well )

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted

Yes please show me how to rate a post.

Highlighted

Hello Duong,

Sure, my pleasure to help.

Just go to one of the community users post and on the bottom you will see a 5 stars range (1 being bad 5 being good) so you can mark as many as you want

Now if you have any other question on problem regarding this ASA change just let me know

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Content for Community-Ad