Options
ASA via sleep deprivation
LearnAsIGo
Member Posts: 20 ■□□□□□□□□□
The other day, for the first time, I was happily configuring away at 'asa1.'
Today, I can't even configure 'nameif' on 'asa1' but I can configure everything on 'asa2'
What happened? I know I'll get a reply that will make me slap my forehead and feel sheepish afterwards.
Maybe this is attributed to trying to get back on the rack after a sleepless night and I'm just too groggy to think. Probably so.
I can't even begin to remember what I did after wr erase/reload....it probably snagged me at those default prompts. I just don't know or I haven't learned - YET.
What follows are configs from 'asa1,' followed by 'asa2.'
As always, much thanks in advance...
asa1# sh run
: Saved
:
ASA Version 7.2(1) <system>
!
hostname asa1
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0/0
shutdown
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Management0/0
shutdown
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
ftp mode passive
pager lines 24
no failover
no asdm history enable
arp timeout 14400
console timeout 0
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
asa2# sh run
: Saved
:
ASA Version 7.2(1)
!
hostname asa2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
shutdown
nameif outside
security-level 0
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
no failover
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:c41d20a5906b6f771d5e583c4b56d9ee
: end
Today, I can't even configure 'nameif' on 'asa1' but I can configure everything on 'asa2'
What happened? I know I'll get a reply that will make me slap my forehead and feel sheepish afterwards.
Maybe this is attributed to trying to get back on the rack after a sleepless night and I'm just too groggy to think. Probably so.
I can't even begin to remember what I did after wr erase/reload....it probably snagged me at those default prompts. I just don't know or I haven't learned - YET.
What follows are configs from 'asa1,' followed by 'asa2.'
As always, much thanks in advance...
asa1# sh run
: Saved
:
ASA Version 7.2(1) <system>
!
hostname asa1
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
!
interface Ethernet0/0
shutdown
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Management0/0
shutdown
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
ftp mode passive
pager lines 24
no failover
no asdm history enable
arp timeout 14400
console timeout 0
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
asa2# sh run
: Saved
:
ASA Version 7.2(1)
!
hostname asa2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
shutdown
nameif outside
security-level 0
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
no failover
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:c41d20a5906b6f771d5e583c4b56d9ee
: end
Comments
-
Optionstheevilmuffin
Member Posts: 11 ■□□□□□□□□□
could asa 1 be a failover unit?
can you do a "show version" please? -
Options
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
ASA1 appears to be in multiple context mode, if you need to modify the admin context you must use the 'changeto context <contextname>' command, if you want to change it back to single context use the 'mode single' global config mode command.The only easy day was yesterday! -
OptionsLearnAsIGo
Member Posts: 20 ■□□□□□□□□□
theevilmuffin:
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 7.2(1)
Device Manager Version 5.2(1)
Compiled on Wed 31-May-06 14:45 by root
System image file is "disk0:/asa721-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 8 hours 20 mins
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 64MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is 0013.c482.462c, irq 9
1: Ext: Ethernet0/1 : address is 0013.c482.462d, irq 9
2: Ext: Ethernet0/2 : address is 0013.c482.462e, irq 9
3: Ext: Ethernet0/3 : address is 0013.c482.462f, irq 9
4: Ext: Management0/0 : address is 0013.c482.4630, irq 11
5: Int: Not licensed : irq 11
6: Int: Not licensed : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 5
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX0951K0C9
Running Activation Key: 0xc101c049 0xe0beeab6 0x10a2f430 0x8038ecbc 0x8b04cca0
Configuration register is 0x1
dtlokee:
It worked great, thanks a bunch. I was going crazy over this but now everything seems back to normal.
In a way, this was a good thing to happen to me. Who learns from stuff that never gives ya problems?
thanks again!