Back on the cisco ASA 5500 series and PIX 500 series

Hello

I fund a site www http://www.searchsecurity.de/themenkanaele/plattformsicherheit/schwachstellenmanagement/allgemein/articles/106752/ (only in German). I have read that it is possible to make a denial of service on cisco PIX 500 series and series 5500 ASA, when the TTL value is enabled.

How can I check that? or solve the problem?

I thank you,

Mary

What version of the code you run the Pix or ASA. Refer to the "Products affected" section for more information on versions and the products concerned. This should point you in the right direction.

Also, listed in the URL is bypasses and fixed Versions that you may want to check.

Kind regards

Arul

Tags: Cisco Security

Similar Questions

  • Cisco ASA 5500 Series 4-Port GE SSM

    Currently, we have 2 asa 5510 firewall and need to add the

    Cisco ASA 5500 Series 4 - Port GE SSM extension module. Can it be added when the device is turned on and running or the firewall must be turned off to install the plug-in?

    Hello

    You could try to ask this question of the team of firewall, as this page from the community for the physical security and video surveillance.  The team of firewall is located here:

    https://supportforums.Cisco.com/community/NetPro/security/firewall

  • Cisco ASA 5500 Series end of life

    Hello

    I noticed that all 5500 series (5510,5520,5540,5550,5580) ASAs are all end-of-life announced in March 2013. However, I don't see ASA 5505 on the list. Can anyone confirm that 5505 EOL has not announced?

    http://www.Cisco.com/c/en/us/support/security/ASA-5505-Adaptive-Security...

    Thanks in advance

    The 5505 is not yet announced EOS/EOL, but the announcement can * t be extreme as 5506-X will be available soon (well, I hope... ;-)).

  • Cisco ASA 5500 CSC-SSM-20 Series

    How many subscribers maximum, sessions, licenses are allowed using Cisco ASA 5500 Series CSC-SSM-20 on ASA5540 module

    Use the following command 'See - activation key' to get maximum subscribers, sessions, details County licenses.

  • Step how to configure ASA 5500 Series Security Services Module-10 (model: ASA-SSM-10)

    Dear support,

    I need to configure Security Services Module-10 (model: ASA-SSM-10) on my ASA 5510 firewall. Could you provide configuration step and how to connect to the module?

    Here is the information on the module

    ciscoasa (config) # sh Details of module 1
    The details of the Service module, please wait...
    ASA 5500 Series Security Services Module-10
    Model: ASA-SSM-10
    Hardware version: 1.0
    Serial number: JAF1115066U
    Firmware version: 1.0 (11) 2
    Software version: 1.0000 E1
    MAC address range: 001a.e268.5aa9 to 001a.e268.5aa9
    App name: IPS
    App status. : to the top
    App status. / / Desc:
    App version: 1.0000 E1
    Data of aircraft status: Up
    Status: to the top
    Mgmt IP addr: 133.1.9.144
    Web to MGMT ports: 443
    Mgmt TLS enabled: true

    your help is very appreciate.

    Thank you

    Best regards

    Hi Sothengse,

    Please find the samlpe on AIP SSM module configurations. You can go through this to begin with.

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

    https://www.YouTube.com/watch?v=FgYU5ZXwk4g

    Concerning

    Knockaert

  • Problem with the Cisco ASA vpn redundancy?

    Hi all

    I have a series ASA 5500 firewall and need to set a different peer ip for the connection of site2sitevpn. In fact, my goal is, ASA tent first pair ip of the site2site tunnel, when ASA may not reach this ip, try to reach another ip I set before. I can configure this scenerio on Cisco router with this command;


    
    crypto map tohub 1 ipsec-isakmp 
     set peer 10.1.1.1 default 
     set peer 10.2.2.2

    but I wonder what can I do about ASA?

    Thank you.

    Best regards.

    Shane,

    You can configure multiple IP addresses, under the same entry of homologous set on ASA, but it works the same on IOS with preferred peer, it passes between defined peer.

    Marcin

  • What support DH Cisco ASA 14 group and more

    What support DH Cisco ASA 14 group and more.

    Model and IOS

    Hi John,.

    You must have ASA executes code 9.1 and above for DH group 14 and this only work for ikev2 only.

    Kind regards

    Aditya

    Please evaluate the useful messages and mark the correct answers.

  • Only the needs of the Cisco Aironet 1550 series a WLC?

    Hello

    Nice day.  I would like to ask if the Cisco Aironet 1550 series requires a controller to run.  Note that the references SKU in this fomat AIR-CAP1552E-A-K9-AIR-CAP1552EU-A-K9.  I noticed that on the autonomous access point there they keyword 'SAP' on its SKU while the controller based has "CAP".  If the

    Cisco Aironet 1550 Series needs a controller which controller should it be associated? (e.g. AIR-CT2500)

    Thank you

    It can work stand-alone image:

    http://www.Cisco.com/en/us/partner/docs/wireless/access_point/iOS/release/notes/15.2_2_JB.html#wp355908

    1550 relies on:

    2500, 7500, 5508, WISM2,... .etc

    check the release notes of the code controller that you have and you should be able to identify what is supported and what is not supported.

    ----------------------------------------------------------------------------------------------

    Please ensure good answers to rate

  • Configuration of the Cisco ACS 5.3 AnyConnect VPN and management of a Cisco ASA 5500.

    We have configured a Cisco ASA 5505 as a VPN endpoint for one of our user groups.  It works, but it works too well.

    We have a group called XXX we need to have access to the Cisco AnyConnect Client.  We have selected this group of our Active Directory and added to our ACS configuration.  We've also added a group called YYY that will manage the ASA. However, this group has no need to access the VPN.

    We added XXX movies for the elements of the policy of access to the network-> authorization profiles.  We also have a profile of YYY.

    She continues to knock on our default Service rule that says allow all.

    We have also created a default network access rule. for this.

    I am at a loss.  I'm sure I missed a checkbox or something.

    Any help would be really appreciated.

    Dwane

    We use Protocol Management GANYMEDE ASA and Ray for VPN access?

    For administration, you must change the device by default admin access strategy and create a permission policy. Even by the way, you can change the network access by default for vpn access and create a respective policy for that too.

    On the SAA, you must configure Ganymede and Ray both as a server group.

    For the administration, you can set Ganymede as an external authentication under orders aaa Server

    AAA-server protocol Ganymede GANYMEDE +.

    Console HTTP authentication AAA GANYMEDE

    Console Telnet AAA authentication RADIUS LOCAL

    authentication AAA ssh console LOCAL GANYMEDE

    Console to enable AAA authentication RADIUS LOCAL

    For VPN, you must set the authentication radius under the tunnel-group.

    I hope this helps.

    Kind regards

    Jousset

    The rate of useful messages-

  • Problem with the Cisco ASA 5525 X SFR and Firesight high school

    Hi team,

    We have two ASA 5525 X installed on them and Firesight in a Linux VM whose two SFRs are registered with SFR failover mode. We use the SAA secondary off the hook if the primary fails to turn on the secondary manually switch the wan cable. I turn on the ASA secondary every weekend to take the configuration of the primary for the ASA and the SFR and close by button walk / stop.

    Last week I turn on high school ASA and the Firesight couldn't see the secondary SFR and show the message below:

    Module device heartbeat: device > don't send heartbeats.

    (I should mention I can Pinger the IP ADDRESS)

    I tried to study the problem without success.

    I also deleted the sensor just Firesight devices management in case something is stuck, and I'm trying to re added without success.

    I'm new in firepower so... any ideas?

    Thank you

    Finally, this problem has been resolved by the redefinition of firepower:

    see detailed here procedure to perform this redefinition;

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...

    Before that, it appeared that firepower was not very healthy:

    After a success "" configure Manager add xxxxx"command.

    the command of managers show show nothing;

    He should have shown this result:

    > Display managers
    Host: 193.193.2.75
    Registration key: AZERTY
    Inscription: pending
    State of the PRC:

    on the other hand, in expert mode, the following command shows several processes (and not in the normal state):

    sudo pmtool status | grep-i down

    Last point,

    After the recreation and reconfigure all this fire power, installed in the ASA secondary standby, was considered to be OK under Firesight health Monitor,.

    but after 10mins, it appeared in critical condition with the following message:

    "Interface"DataPlaneInterface0"receives not all packages.

    This is normal and due to the fact that Eve ASA receives no flow and the same goes for firepower inside this ASA;

    by performing a failover from the primary to the secondary ASA, this critical message disappeared for firepower inside the ASA Sec and appeared for firepower inside the ASA elementary school

  • Version of the Cisco ASA images.

    Hi all.

    Anyone can check my perception on the differences between these images?

    asa933-7-lfbff-k8. SPA

    asa924-5-smp - K8.bin

    asa924-5 - k8.bin

    I guess that lfbff is for the X 5506 and 5508-X with firepower onboard services.

    What are the supposed to a user of the image of SMP (Symmetric MultiProcessing)? The ASA 5506-X and 5508-X would be able to run the SMP image?

    Witch platforms use the image without any abbreviation?

    Any clarification would be greatly appreciated.

    Concerning

    Hello

    Yes you are right.

    asa933-7-lfbff-k8. SPA - this would be used on active firepower ASA for example 5506-X etc.

    asa924-5-smp - K8.bin - this is used for devices using Multi hearts.

    Anything with "smp" in the file name is only compatible with the X-5500 series. The "smp" means symmetric multiprocessor and requires a multicore processor.

    asa924-5 - k8.bin - it is used for legacy of the ASA using single cores.

    Kind regards

    Aditya

  • A possible bug related to the Cisco ASA "show access-list"?

    We had a strange problem in our configuration of ASA.

    In the "show running-config:

    Inside_access_in access-list CM000067 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:http_access

    Inside_access_in access-list CM000458 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:https_access

    Note to inside_access_in to access test 11111111111111111111111111 EXP:1/16/2014 OWN list: IT_Security BZU:Network_Security

    access-list extended inside_access_in permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 Journal

    access-list inside_access_in note CM000260 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - dgm

    access-list inside_access_in note CM006598 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ns

    access-list inside_access_in note CM000220 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ssn

    access-list inside_access_in note CM000223 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:tcp / 445

    inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq www log

    inside_access_in allowed extended access list tcp 172.31.254.0 255.255.255.0 any https eq connect

    inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log

    inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 connect any eq netbios-ns

    inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log

    inside_access_in list extended access permitted tcp 172.31.254.0 connect any EQ 445 255.255.255.0

    Inside_access_in access-list CM000280 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:domain

    inside_access_in list extended access permitted tcp object 172.31.254.2 any newspaper domain eq

    inside_access_in list extended access permitted udp object 172.31.254.2 any newspaper domain eq

    Inside_access_in access-list CM000220 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:catch_all

    inside_access_in list extended access permitted ip object 172.31.254.2 any newspaper

    Inside_access_in access-list CM0000086 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:SSH_internal

    inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 interface inside the eq ssh log

    Inside_access_in access-list CM0000011 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

    inside_access_in list extended access allow object TCPPortRange 172.31.254.0 255.255.255.0 host log 192.168.20.91

    Inside_access_in access-list CM0000012 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:FTP

    access-list extended inside_access_in permitted tcp object inside_range 1024 45000 192.168.20.91 host range eq ftp log

    Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

    inside_access_in access list extended ip 192.168.20.0 255.255.255.0 allow no matter what paper

    Inside_access_in access-list CM0000014 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:DropIP

    inside_access_in list extended access permitted ip object windowsusageVM any newspaper

    inside_access_in list of allowed ip extended access any object testCSM

    inside_access_in access list extended ip 172.31.254.0 255.255.255.0 allow no matter what paper

    Inside_access_in access-list CM0000065 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:IP

    inside_access_in list extended access permit ip host 172.31.254.2 any log

    Inside_access_in access-list CM0000658 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security

    inside_access_in list extended access permit tcp host 192.168.20.95 any log eq www

    In the "show access-list":

    access-list inside_access_in line 1 comment CM000067 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:http_access

    access-list inside_access_in line 2 Note CM000458 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:https_access

    Line note 3 access-list inside_access_in test 11111111111111111111111111 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security

    4 extended access-list inside_access_in line allowed tcp host 1.1.1.1 host 192.168.20.86 eq newsletter interval 300 (hitcnt = 0) 81 0x0a 3bacc1

    line access list 5 Note CM000260 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - dgm

    line access list 6 Note CM006598 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ns

    line access list 7 Note CM000220 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ssn

    line access list 8 Note CM000223 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:tcp / 445

    allowed to Access-list inside_access_in line 9 extended tcp 172.31.254.0 255.255.255.0 any interval information eq www journal 300 (hitcnt = 0) 0 x 06 85254 has

    allowed to Access-list inside_access_in 10 line extended tcp 172.31.254.0 255.255.255.0 any https eq log of information interval 300 (hitcnt = 0) 0 x7e7ca5a7

    allowed for line access list 11 extended udp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-dgm eq log of information interval 300 (hitcn t = 0) 0x02a111af

    allowed to Access-list inside_access_in line 12 extended udp 172.31.254.0 255.255.255.0 any netbios-ns eq log of information interval 300 (hitcnt = 0) 0 x 19244261

    allowed for line access list 13 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-ssn eq log of information interval 300 (hitcn t = 0) 0x0dbff051

    allowed to Access-list inside_access_in line 14 extended tcp 172.31.254.0 255.255.255.0 no matter what eq 445 300 (hitcnt = 0) registration information interval 0 x 7 b798b0e

    access-list inside_access_in 15 Note CM000280 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:domain

    allowed to Access-list inside_access_in line 16 extended tcp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b

    allowed to Access-list inside_access_in line 16 extended host tcp 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b

    allowed to Access-list inside_access_in line 17 extended udp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf

    allowed to Access-list inside_access_in line 17 extended udp host 172.31.254.2 all interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf

    access-list inside_access_in 18 Note CM000220 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:catch_all

    allowed to Access-list inside_access_in line 19 scope ip object 172.31.254.2 no matter what information recording interval 300 (hitcnt = 0) 0xd063707c

    allowed to Access-list inside_access_in line 19 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xd063707c

    access-list inside_access_in line 20 note CM0000086 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:SSH_internal

    permit for line access list extended 21 tcp 172.31.254.0 inside_access_in 255.255.255.0 interface inside the eq ssh information recording interval 300 (hitcnt = 0) 0x4951b794

    access-list inside_access_in line 22 NOTE CM0000011 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:PortRange

    permit for access list 23 inside_access_in line scope object TCPPortRange 172.31.254.0 255.255.255.0 192.168.20.91 host registration information interval 300 (hitcnt = 0) 0x441e6d68

    allowed for line access list 23 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 192.168.20.91 host range ftp smtp log information interval 300 (hitcnt = 0) 0x441e6d68

    access-list inside_access_in line 24 Note CM0000012 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:FTP

    25 extended access-list inside_access_in line allowed tcp object inside_range Beach 1024 45000 host 192.168.20.91 eq ftp interval 300 0xe848acd5 newsletter

    allowed for access list 25 extended range tcp 12.89.235.2 inside_access_in line 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp interval 300 (hitcnt = 0) newsletter 0xe848acd5

    permit for access list 26 inside_access_in line scope ip 192.168.20.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xb6c1be37

    access-list inside_access_in line 27 Note CM0000014 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:DropIP

    allowed to Access-list inside_access_in line 28 scope ip object windowsusageVM no matter what information recording interval 300 (hitcnt = 0) 0 x 22170368

    allowed to Access-list inside_access_in line 28 scope ip host 172.31.254.250 any which information recording interval 300 (hitcnt = 0) 0 x 22170368

    allowed to Access-list inside_access_in line 29 scope ip testCSM any object (hitcnt = 0) 0xa3fcb334

    allowed to Access-list inside_access_in line 29 scope ip any host 255.255.255.255 (hitcnt = 0) 0xa3fcb334

    permit for access list 30 inside_access_in line scope ip 172.31.254.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xe361b6ed

    access-list inside_access_in line 31 Note CM0000065 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:IP

    allowed to Access-list inside_access_in line 32 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xed7670e1

    access-list inside_access_in line 33 note CM0000658 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security

    allowed to Access-list inside_access_in line 34 extended host tcp 192.168.20.95 any interval information eq www 300 newspapers (hitcnt = 0) 0x8d07d70b

    There is a comment in the running configuration: (line 26)

    Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

    This comment is missing in 'display the access-list '. In the access list, for all lines after this comment, the line number is more correct. This poses problems when trying to use the line number to insert a new rule.

    Everyone knows about this problem before? Is this a known issue? I am happy to provide more information if necessary.

    Thanks in advance.

    See the version:

    Cisco Adaptive Security Appliance Software Version 4,0000 1

    Version 7.1 Device Manager (3)

    Updated Friday, June 14, 12 and 11:20 by manufacturers

    System image file is "disk0: / asa844-1 - k8.bin.

    The configuration file to the startup was "startup-config '.

    fmciscoasa up to 1 hour 56 minutes

    Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor

    Internal ATA Compact Flash, 128 MB

    BIOS Flash M50FW016 @ 0xfff00000, 2048KB

    Hardware encryption device: Cisco ASA-5505 Accelerator Board (revision 0 x 0)

    Start firmware: CN1000-MC-BOOT - 2.00

    SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03

    Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.06

    Number of Accelerators: 1

    Could be linked to the following bug:

    CSCtq12090: ACL note line is missing when the object range is set to ACL

    The 8.4 fixed (6), so update to a newer version and observe again.

    --
    Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
    http://www.Kiva.org/invitedBy/karsteni

  • disable the cisco ASA connection using only activate password via asdm

    Hi all

    How to disable the connection to my cisco asa 5520 using only activate password via asdm? I like to asdm connection using the user name and password. TIA!

    The command:

     aaa authentication http console LOCAL

    .. .will be force users accessing to ASDM (which uses transport http (s)) to be authenticated on the LOCAL database.

    You can also specify another list of defined authentication method, such as RADIUS, RADIUS or AD. (Although t wew love to leave a LOCAL method on the spot, in which case your external authentication server is not available.)

  • the Cisco asa vpn processing error payload: payload ID: 1

    Hello

    I set up vpn L2TP by using ASDM and now I am not able to connect my Cisco ASA 5505.

    It is showing the error message

    3 July 7, 2011 18:57:38 IP = *. *. *. *, payload processing error: ID payload: 1

    Please suggest me how to solve this problem (by using ASDM)

    Thank you

    Hi Nikhil,

    Your config seems incomplete, command 'IPSec l2tp ipsec vpn-tunnel-Protocol' is missing, what is needed to connect L2tp try to reconfigure your firewall using the link:-

    http://www.Cisco.com/en/us/customer/docs/security/ASA/asa80/configuration/guide/l2tp_ips.html

    Hope this helps,

    Parminder Sian

  • AAA to circumvent the password to enable on the Cisco ASA

    Hi all. I'm having a problem where I get authenticated by the AAA server, but after authentication, that I am placed in user mode. AAA admin (I have no access to the AAA server) told me that he had all the users configured with priv level 15, which will lead them directly in the mode privilege on routers.

    My question is how can I configure my Cisco ASA to get around using a password to enable. See below the configuration of my

    AAA-server protocol Ganymede MYGROUP +.
    Max - a failed attempts 4
    AAA-server host 2.2.2.2 MYGROUP (inside)
    timeout 3
    key *.
    Console Telnet AAA authentication LOCAL MYGROUP
    Console to enable AAA authentication LOCAL MYGROUP
    privilege MYGROUP 15 AAA accounting command

    Looks like you want to directly access the exec privileges mode. This feature is not supported by the ASA. This is only possible on IOS devices.

    Rgds, jousset

    Note the useful questions.

Maybe you are looking for

  • Why are clips showing not related but matter here?

    Hello Audio excerpts are appearing as non-related, with the red bar across the bottom. But the audio is still there, audible. Why is what happens and is it possible to fix this? Also, projects show that "icon" that clips is not linked, but when I try

  • Tecra A5 supports the applications of GIS and mathematics/statistics?

    one last thing, Tecra A5 can support GIS applications and mathematics/statistics?

  • County of gated cDAQ-9188 edges with NOR-9402

    Hello! This discussion is a branch of it. Shortly, I want to count the random impulses of a meter of photons, which emits pulses that when her door is activated (and this should be done in a manner expected by HW), only when the door is active. I sep

  • Problem connecting SQL toolkit Win7

    I use CVI 2013 and tto toolkit (2.2) of SQL to connect to a mySQL database.  I can connect to properly using my development computer, but not with the target.  Both computers are running 64-bit Windows 7 Professional (SP1).  I used to start the 64-bi

  • Make an ISO of a system running (Windows XP Pro SP3)

    I have a few HW record that has ONLY the drivers to run on XP - I DO have a Windows XP machine! I just upgraded to a machine more powerful and you have installed Windows XP Pro SP1, then Updated til SP3, then upgrade to SP3 and then I installed all m