I have an ASA 5516x w/FirePOWER running ASA version 9.5.(2).10 and with 6.0.1 SFR module. When we begin running backups over a VPN tunnel that is connected to an outside interface on this ASA we begin having high latency from our internal network on the inside interface to both the DMZ (devices behind the DMZ interface on the ASA) and out to the internet. Traceroutes that are performed during these back ups show the latency from our internal subnet to the DMZ subnet jump from a norm of around 1 - 2ms to hundreds of milliseconds.
Currently, i have Cisco ASA 5512-x as edge device having external link to a single ISP, connected to cisco 2960 switch internally and behind the switch are production servers. There is a three site to site VPN link from the servers's nated public IP to other third party system.
I have a Cisco ASA 5510 in single mode that is used for IPsec VPN site-to-site tunnels.
I would like to migrate the VPN tunnels onto a 5525X running in multiple context mode (i.e., create a new context and move the configuration onto it).
Does anyone have any suggestions on the best way to do this migration? I see that there is no ability in ASDM to backup the configuration on the 5510 and simply restore it into the context.
Thanks for any pointers!
I am having a very strange issue. Initially I thought this was a simple fix...5 hours later i am still in the same predicament. I am simply trying to use an ASA 5505 as a router. Why not use a router you ask, unfortunately I do not have that option. The ASA is running 9.2(4) code. We have another ASA on the remote end (5512 running the same code) and it works as expected routing traffic from the outside interface to the inside and vice versa. I have created ACL's allowing any any still to no avail. Attached is a drawing of the connectivity and the config file from the ASA in question
i have change the inside interface from default address 192.168.1.1 255.255.255.0 to address 10.13.0.100 255.255.0.0.
And change "http 10.13.0.0 255.255.0.0 inside".
Now i can see over browser "https://10.13.0.100/admin" site to download ASDM Launcher.
Downloaded and installed, but i can't connect to device 10.13.0.100 now.
Without errors, only message "Contacting the device. Please wait.."
I have wrong config ?
What happens when there is a TCP half closed connection ?
How long the connection remains alive before it gets closed ?
Is there a specific setting in ASA to manage half closed TCP sessions ?
These are the questions asked to me during network security interview.
Do we have support for QoS marking/scheduling/policing and multiple context in FP9300 FTD image?
Anything in roadmap?
I have gone through the connection flag alphabets from Cisco website but I could not correlate them with real time connection logs. Someone please share some documents which has the clear info.
Thanks in advance,,
I am going to replace the fan and would like to know if the ASA 5880 supports oir, Thanks.
L2tp tunnel has been configured between routers on Site A & B to bridge them over seamlessly.
I have been task to just encrypt traffic between two ASA firewall, with l2tp tunnel on routers behind them.
What is the best method to do such encryption on the ASA firewall.
I have advise them to just do encryption on the router itself on top of l2tp, but it is their company policy to do it at firewall level.
i have site to site vpn and remote access vpn on ASA firewall before on other tasks.