Brand new ASA5510 acting very strange...
in [Cisco]
|
Prev: sip security
Next: WTR54gs Dropping Connection
From: essenz on 24 Jun 2010 16:36 This one has me stumped. I have a brand new ASA5510 Security Plus. It boots up, I can go in via console, but alot of commands that are supposed to work dont. For example, no vlan commands exist. If I try to create a vlan (conf t, interface vlan 100) it says unrecognized command. I tried to restore factory default by running the command (conf factory-default) - same thing, command unrecognized. I've tried different OS versions (7.3, 8.2, 8.3), different ASDM versions, still nothing, here is my sh ver and sh run: ciscoasa# sh ver Cisco Adaptive Security Appliance Software Version 8.3(1) Device Manager Version 6.1(5) Compiled on Thu 04-Mar-10 16:56 by builders System image file is "disk0:/asa831-k8.bin" Config file at boot was "startup-config" ciscoasa up 14 mins 26 secs Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 256MB Slot 1: ATA Compact Flash, 64MB BIOS Flash M50FW016 @ 0xfff00000, 2048KB Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode: CNLite-MC-SSLm- PLUS-2.03 IPSec microcode : CNlite-MC-IPSECm- MAIN-2.06 0: Ext: Ethernet0/0 : address is 5475.d0f0.4e30, irq 9 1: Ext: Ethernet0/1 : address is 5475.d0f0.4e31, irq 9 2: Ext: Ethernet0/2 : address is 5475.d0f0.4e32, irq 9 3: Ext: Ethernet0/3 : address is 5475.d0f0.4e33, irq 9 4: Ext: Management0/0 : address is 5475.d0f0.4e34, irq 11 5: Int: Not used : irq 11 6: Int: Not used : irq 5 Licensed features for this platform: Maximum Physical Interfaces : Unlimited perpetual Maximum VLANs : 100 perpetual Inside Hosts : Unlimited perpetual Failover : Active/Active perpetual VPN-DES : Enabled perpetual VPN-3DES-AES : Enabled perpetual Security Contexts : 2 perpetual GTP/GPRS : Disabled perpetual SSL VPN Peers : 2 perpetual Total VPN Peers : 250 perpetual Shared License : Disabled perpetual AnyConnect for Mobile : Disabled perpetual AnyConnect for Cisco VPN Phone : Disabled perpetual AnyConnect Essentials : Disabled perpetual Advanced Endpoint Assessment : Disabled perpetual UC Phone Proxy Sessions : 2 perpetual Total UC Proxy Sessions : 2 perpetual Botnet Traffic Filter : Disabled perpetual Intercompany Media Engine : Disabled perpetual This platform has an ASA 5510 Security Plus license. Serial Number: *****hidden****** Running Permanent Activation Key: *****hidden****** Configuration register is 0x1 Configuration has not been modified since last system restart. ciscoasa# sh run : Saved : ASA Version 8.3(1) ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Ethernet0/0 nameif inside security-level 100 ip address 10.40.14.111 255.0.0.0 ! interface Ethernet0/1 shutdown no nameif no security-level no ip address ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! boot system disk0:/asa831-k8.bin ftp mode passive pager lines 24 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-615.bin no asdm history enable arp timeout 14400 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip- disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect ip-options ! service-policy global_policy global prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome(a)cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily
From: Morph on 25 Jun 2010 07:56 In the message <cb96590e-b7ea-44f4-8db3-e73fd129ea74(a)t10g2000yqg.googlegroups.com> essenz wrote: | This one has me stumped. | | I have a brand new ASA5510 Security Plus. It boots up, I can go in via | console, but alot of commands that are supposed to work dont. | | For example, no vlan commands exist. If I try to create a vlan (conf | t, interface vlan 100) it says unrecognized command. | | I tried to restore factory default by running the command (conf | factory-default) - same thing, command unrecognized. I've tried | different OS versions (7.3, 8.2, 8.3), different ASDM versions, still | nothing, here is my sh ver and sh run: | | interface Ethernet0/0 | nameif inside | security-level 100 | ip address 10.40.14.111 255.0.0.0 | ! | interface Ethernet0/1 | shutdown | no nameif | no security-level | no ip address | ! You need to create subinterfaces for the VLAN's that you need. Let's say you have VLAN 2,3 and 4 configured on a switch. Connect that switch using a trunk to a port on the ASA (lets say interface Ethernet0/1). Then create subinterfaces on the interface Ethernet0/1 interface Ethernet0/1.2 vlan 2 nameif vlan2 security-level 100 ip address x.x.x.x y.y.y.y interface Ethernet0/1.3 vlan 3 nameif vlan3 security-level 100 ip address x.x.z.z z.z.z.z interface Ethernet0/1.4 vlan 4 nameif vlan4 security-level 100 ip address q.s.d.v y.y.y.y Leave the config of Ethernet0/1 as it is (only configure the subinterfaces) and do the no shutdown to activate it | interface Ethernet0/1 no shutdown | no nameif | no security-level | no ip address
|
Pages: 1 Prev: sip security Next: WTR54gs Dropping Connection |