20 Most Recent Cisco ASA 5520 Firewall Questions & Answers

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/pppoe.html

You can not do content filtering with ASA firewalls with IOS. You will need to buy a content filtering solution, or sign up for a inexpensive content filtering with OpenDNS.org. This is a good content filtering basic system with white and black listing capability.

Good luck!

What version of software are you running? I have noticed issue with ssh on version 8.2(3) and below.

You can try to remove all ssh access and then add it back. Also you can try zeroizing and regenerating the crypto key.

show ipsec stats
this command was introduced in code 7.0
it will show the active tunnels, the previous tunnels and several other stats of inbound and outbound packets.....
for example:- IPsec Global Statistics ----------------------- Active tunnels: 2 Previous tunnels: 9 Inbound Bytes: 4933013 Decompressed bytes: 4933013 Packets: 80348 Dropped packets: 0 Replay failures: 0 Authentications: 80348 Authentication failures: 0 Decryptions: 80348 Decryption failures: 0 Decapsulated fragments needing reassembly: 0 Outbound Bytes: 4441740 Uncompressed bytes: 4441740 Packets: 74029 Dropped packets: 0 Authentications: 74029 Authentication failures: 0 Encryptions: 74029 Encryption failures: 0 Fragmentation successes: 3 Pre-fragmentation successes:2 Post-fragmentation successes: 1 Fragmentation failures: 2 Pre-fragmentation failures:1 Post-fragmentation failures: 1 Fragments created: 10 PMTUs sent: 1 PMTUs recvd: 2 Protocol failures: 0 Missing SA failures: 0 System capacity failures: 0

Hi Hemalsj,

Did you enable multicast-routing?

Hope this helps:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807631d2.shtml


Regards,

ex_ocsic-cat

hi,
when u login in ASDM you can find on right side services and u create one whre u add which all ports u want to and apply that in ur rules

mode exec user Router)
ping ip
show ip route
show version
traceroute ip

mode exec priveligiado
show arp
show interface
show protcols
show ip protocols
show startup-config
erase startup-config
reload

I'll assume you are using unix linux or BSD you can iptables IP to 1.1.1.1 or route IP to 127.0.0.3

This will disable all access

You may refer to the steps in the link below:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/trouble.html#wp1049302

I hope this helps!

I had this same issue on my ASA 5520.

1. Copy the config and IOS image to a tftp server.
2. Format flash (disk0)
3. set rommon server, ip addy, and file settings.
4. tftpdnld
5. Once the system has booted to the image copy the asa image file, asdm image file, and config to flash
6. configure asdm image default location and reload

possible solution;
1-turn off and turn back on
2-open the cover and check the power supply and LED

If you are going for factory reset use the following commands

asa>enable
asa#write erase
asa#reload

Dont save the configuration when it prompts for it.

if you want to restore the configuration from the backup

1. You need to have a TFTP server
2. Locate the config file on your TFTP server
3. TFTP server should be reachable from ASA

then

asa#copy tftp flash

give the tftp server ip address
give the configuration file name (as exactly on the TFTP server)

reload