I've configured the management interface of a 5.x 4235 sensor to be 100Mbit/full. It is still HALF duplex according to dmesg output and I am still seeing collisions in proc/net/cisco/ge0_1.info. Does anybody know if setting this via the CLI actually works (you can't set the management interface settings via GUI..only the sensing interface)?
I found what seems to be a pretty elegant way to do this with 5.x, although whether Cisco supports this is doubtful. I have a ticket open on why the actual "conf t" way does not work, but in the interim here is what I am doing:
The /etc/init.d/ids_functions script sources the file /etc/options.conf. You can enter your options here.
I added the following lines to /etc/options.conf for each type of sensor (YMMV with regards to interface configuration on your sensors):
I certainly hope this is my last post regarding this issue, especially given the probable lack of interest by the group. I don't have (and probably won't) the time to figure out why, but in order to force full duplex in 5.0(4) you must do the above AND configure the interface as such using "conf t". Doing either one alone won't get the job done. (The exception seems to be the newer appliances, /etc/options.conf was working fine for those).
I didn't have our netadmin group verify, but our standard is 100/Full...no autoneg. Since I was seeing late collisions on the interface, I assumed it was configured as such. The collisions have gone away since changing to 100/Full but you're right, I should verify with our netadmin group.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...