@Dennis Mink wrote: I would route using 3 sets of static routes on your ASA:   1-summary of all your internal subnets (point to your core) 2-summarize RFC 1918 and point to extranet 3-default route, pointing back inward (to whatever ISP RTR you have)   That's my problem though...there are some RIPE ranges being used as though they are RFC1918 so if I don't work out what they are and route to the extranet, I will lose access to those services. ... View more

@Marvin Rhoads wrote:   You can turn up your syslog sensitivity to log every tcp connection and udp flow and gather all that up; but that approach would quickly become unwieldy.   Ok, so I've taken a change of approach and now investigating using a searchable syslog server to track the flows but have run into a different problem.  Hypothetically, let's say I have a web server behind an ASA with IP address 192.168.1.1 and I allow access from anywhere to the web server.  I know some but not all of the IP addresses accessing the server (eg clients in 10.1.1.0/24).   Question: If I put a specific access rule in permitting 10.1.1.0/24 to 192.168.1.1 with logging disabled followed by a less specific rule of any to 192.168.1.1 with logging enabled, would/should this approach work?  As I identify clients accessing my web server, I can add them to the first ACE to prevent logging.   I'm only interested in message 302014 (teardowns) so I can see whether they are FINs, resets or SYN timeouts etc, so the config looks like this:   access-list outside_access_in extended permit tcp object-group KNOWN_SOURCES host 192.168.1.1 eq http log disable access-list outside_access_in extended permit any host 192.168.1.1 eq http  logging enable logging list Syslog_events message 302014 logging trap Syslog_events logging host management a.b.c.d   If so, then something is not right because I'm still seeing events logged against the ACE's with logging disabled.  Have I missed something?   Thanks, Stuart   ... View more

@Steven Williams wrote: I do not understand the question nor what info you are looking for and why? Can you expand more on the scenario please? As I put above.  My ASA has a default route to an extranet (the service provider doesn't offer any dynamic addressing) that uses a mixture of both RFC1918 and RIPE addresses.  I have a requirement to put a default route elsewhere on my network.  Therefore, I want to remove the change the default route on the ASA that currently points outwards to point inwards.  I can't do this without breaking the service because I don't know what RIPE addresses are used on the extranet.   So my question is, is there any way I can query the ASA to find what foreign addresses it's routed packets to that have matched the default route? ... View more

Hi Reza   So, when you convert stand-alone switches to VSS, it will overwrite all your old config because all the port numbering will change. For example, if currently port 2/1 from each switch is connected to an access device, when you convert to VSS port 2/1 from switch 1 will become 1/2/1 and port 2 from switch 2 will become 2/2/1 and so, you need to be ready to re-configure the ports to operate correctly again. The port renumbering was understood, but does the config on the service modules get wiped? ie, in the case of WiSM modules, do I simply need to amend my port-channel interfaces to the two WLC modules on the cards in each chassis?   Regards, Stuart ... View more

Hi JB, Just modified your SQL as follows, which has given some output that I need to digest: run sql select enduser.userid, extensionmobilitydynamic.logintime as logintime,extensionmobilitydynamic.loginduration, device.name from extensionmobilitydynamic inner join device on extensionmobilitydynamic.fkdevice = device.pkid inner join enduser on extensionmobilitydynamic.fkenduser_lastlogin = enduser.pkid Regards, Stuart ... View more

I get nothing, just the column headings :( ... View more

Unfortunately, I'm hitting  CSCub16032 for reporting hence why I thought an SQL statement might be a quick win :-S I had already found that other link, but if I amend the SQL statement to be like the below, I get multiple logins for the same user (including NULLs) and the info doesn't seem right. run sql select eu.userid, emd.logintime, emd.loginduration, emd.datetimestamp from extensionmobilitydynamic emd inner join enduser eu on emd.fkenduser_lastlogin=eu.pkid Thanks, Stuart ... View more