Cisco ASR 1 k bug Bash
https://Tools.Cisco.com/bugsearch/bug/CSCur02734
http://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/Cisco-SA-20140926-bash
The ASR 1 k running 15.4 (1) based on this bug No. S shows that it is vulnerable to bash bug. Is there more information on this and is there a solution?
Depending on the version of the software is affected by this bug?
Software Cisco IOS, IOS - XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.3 (1) S1, VERSION of the SOFTWARE (fc1)
Tags: Cisco Tools
Similar Questions
-
Cisco asr 1001 compatible fiber modules
Hello
We recently purchased a cisco asr 1001 router and I have a number of interface units. I want to fill these with fiber modules.
Can you tell me what fiber modules are compatible Please? SFP regular ok to use or is there a special series of asr of FPS to use?
Thank you very much
Paul
Paul,
You reason that GLC - T & GLC - SX - MM is not supported with the ASR1000 platform.
The following link confirms that:
More FPS are supported with ASR1000 platform:
SFP-GE-T
SFP-GE-S
SFP-GE-L
SFP-GE-Z
CWDM SFP
DWDM SFPGLC-BX-D
GLC-BX-UI handled a similar case yesterday where GLC - T wouldn t aith ASR1k & I confirmed that it would be not be funded in the future as well.
HTH,
Amit
-
Cisco second leap SCV Bug - workaround other solutions possible
Can we change the NTP server to a non-existent IP address or block access to the NTP server to work around the Bug below.
Upgrade or a planned restart seems not feasible. Please suggest
Update the zone data to include adding that second leap introduced on 30 - JuSymptom:
There are leap second periodic events that can add or remove a second time overall.
When the second update occurs system may hang on because the operating system does not understand "60" seconds (normally clock goes from '59' then on '00' second).Conditions:
The second update will be propagated via the Network Time Protocol (NTP).Workaround solution:
Option #1: An upgrade is required.
Option #2: Shut down the system before the leap second occurs and commissioning the leap second event after event workaround.Other Description of the problem:
Difficulty in the X8.5.2 code.It will only be a problem on your device happens to interrogate the NTP server to the exact moment where he responds with "60" seconds... a second before, or a second later and he will be very well, so I think you must be pretty unlucky hit this bug.
But, Yes, you can assign the VCS a non-existent or inaccessible NTP server on that time period, in which case it then will not ask anything for the second time "60", and then send it to a normal operation afterwards.
Wayne
--
Remember the frequency responses and mark your question as answered as appropriate. -
Cisco series ASR DMVPN Phase 3 Support
Hello
You have an idea if the routers Cisco ASR takes in charge phase 3 of DMVPN recently? Or when they will support?
Although there is no support for the ASR on Cisco documantations, you can see the shortcut commands and redirect PNDH
on the IOS of the ASR. I have it configured, but it doesn't seem to work.
Thank you very much
Best regards
3 phase DMVPN is supported from version 2.5 front.
If you are already running this version or later, please kindly open a TAC case to better study the question.
-
Hello, try as I might I can't find a document that says;
'How to enable encryption on a 1001 ASR' or "enable advanced ip features" on the 1001 ASR.
Can anyone help please. My Kit list.
Cisco ASR1001 system, Crypto, 4 GE built-in, double P/S
Cisco ASR1001 4 GB of DRAM
Advanced Services Cisco ASR 1000 IP license
ASR 1001-Cisco IOS XE - UNIVERSAL ENCRYPTION
License of IPSEC for ASR1000 series
Upgrade from 2.5 Gbps to 5Gbps license for ASR 1001
What is the process to activate the characteristic 2.5gbps to 5gbps or encryption?
Thank you
Chris
Chris,
All licenses feature Cisco ASR 1000 are focused on the honor; in other words, they are not applied through a product Activation Key (PAK), except for the "technology package licenses" and the license upgrade (2.5 to 5 Gbps) performance on Cisco ASR 1001 models.
(http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html)
Q. what are the key new features with the Cisco ASR 1001 compared to other ASR 1000 Series routers chassis?
A. The Cisco ASR 1001 series introduced the concept of the integrated daughter (IDC) card, which is an element scalable nonland on the chassis of the ASR 1001 to provide capabilities (e/s). At the time of the first ship (FCS) client, the Cisco ASR 1001 is available in 3 different versions: the ASR 1001 frame base (part number ASR1001), ASR1001-2XOC3POS with a daughter card chassis integrated with 2 ports ASR1001-4XT3 with a daughterboard integrated with 4-port T3 and OC3 POS. The second phase of the ASR 1001 launched a new 3 chassis: ASR1001-hard DRIVE with built in 160 GB hard drive; the ASR1001-4X1GE with an integrated daughter card providing 4ports 1GE. and the ASR1001-8XCHT1E1 with an integrated daughter card providing multiplexed 8-port T1/E1. In addition, the Cisco ASR 1001 is the first chassis of the Cisco ASR 1000 series, which implements the activation of the software which is the same concept of activation of software as seen on other Cisco offerings, for example on the router Cisco ISR G2 Series. 2 different types of licences will be applied to the FCS, via the activation of the software. First of all, the sets of features offered through the basis of intellectual (K9 and non - K9), Advanced IP Services (K9 and non - K9) and Advanced Enterprise Services (K9 and non - K9). Second, the upgrade of the default execution of 2.5 Gbit/s to 5 Gbps is possible via a license to upgrade performance enabled software (part number to use when ordering of three chassis ASR1001 for the upgrade of 5 Gbps performance is FSL-ASR1001 - 5 G). Other features such as firewalls, encryption is expected to be activated on the 1001 ASR in the future software.
How to activate a license once you have a PAK (product authorization key):
1. go to www.cisco.com/go/license
2. tap the PAK you received on the form and submit it;
3 activate the license on the ASR1000.
FAQ on https://tools.cisco.com/SWIFT/Licensing/jsp/Cisco%20Licensing%20FAQ%20-%20June%202011.pdf
For software activation orders, appointments on:
http://www.Cisco.com/en/us/docs/iOS/CSA/configuration/guide/csa_commands.html
HTH.
Cheers, Gustavo
-
Ganymede ACS 5.4 asr 9001 authorization
Hello
If anyone can help with Ganymede attributes users authoriezed on cisco asr 9001 (ios/xr)
Thank you
Yoram
You should know the command you are trying to emit belogns to which task.
Then you know that the task is mentioned according to which task group.
Visit this link to know how to perform the above:
https://supportforums.Cisco.com/docs/doc-15944
Then, you must configure the GANYMEDE server + to return the attribute that puts the task under the privilege of the user:
See here: http://goo.gl/7YP5zu
I use the following command on the ACS server in the config of user group (we have version 4.2):
task = #cisco - support, rwx:admin, #root - system
This will be the user inherit the read, write and execute access to the 'admin' task and will put the user in the local (locally defined on the router) 'cisco-support' and 'root-system' users groups.
NOTE: we did two things at the top. inherits access to the task AND put the user in the context of local groups selected. I don't know if it can be used without the other.
HTH
Amjad
Rating of useful answers is more useful to say "thank you".
-
Bash vulnerability fix for CUCM 7.1.5 7.1.5 unit connection
The UC client environment consists of CUCM 7.1.5 7.1.5 UCCX 7 unit connection.
According to Cisco, the patches are provided in version 10.5. Does this mean there is no solution for version 7.x and the customer must migrate to version 10 to obtain the fix? Please advice
Assessment of CUCM to CVE-2014-6271, 2014-7169, 6277-2014 and 2014-6278
Ref: CSCur00930
Known affected releases: (16)
10.0 (1.10000.24)
10.5 (1.10000.7)
5.0
5.1
6.0
6.1
7.0
7.1
7.1 (5)
8.0
8.5 (1)
8.6
8.6 (2.10000.30)
9.0 (1)
9.1 (1)
9.1 2
Fixed known disclosed: (5)
10.5 (1.11900.12)
10.5 (1.98000.307)
10.5 (1.98000.311)
10.5 (1.98000.372)
10.5 (1.98000.378)
Evaluation of connection of the unit to Cisco for CVE-2014-6271 and CVE-2014-7169
Ref: CSCur05328
Known affected releases: (1).
9.5 (0.9) TT0
Fixed known provided: (1).
10.5 (1.11900.13)
There is an out COP file on ORC that can apply to 8.5.1, 8.6.2, 9.01, 9.1.2, 10.0 and 10.5.1
Cisco has implemented the fix bash in some version of special techniques (ES) as well, but only for major 8, 9 and 10 version.
CUCM 7.1.5 is end of Support (EOS) and therefore no BASH does difficulty for this version. You should consider moving your client to a version ever. Remember that anything past 9.1.2 (10 and above) it will take new virtualized hardware (UCS) as MCS-servers are no longer supported.
-
XFP-10GLR-OC192SR vs SFP - 10 G-LR-CURV
Hello
I am facing a climb on a Cisco ASR 1004 against a SFP - 10 G-LR-CURV mounted on a Cisco Catalyst 4500 XFP-10GLR-OC192SR switch and I can't the Protocol of the line upward. They are connected through a fiber Km SM 6.
It's relevant output of ASR 1004
GFS-core-router02 #show interfaces tenGigabitEthernet 1/0/0
TenGigabitEthernet1/0/0 is down, line protocol is down
Material is SPA-1X10GE-WL-V2, the address is f8c2.8894.0840 (bia f8c2.8894.0840)
Description: # for the future 10G uplinks.
MTU 1500 bytes, BW 9953280 Kbit/s, 10 DLY usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
KeepAlive not supported
Full-duplex, 10000Mbps, link type is strength-to top's media type 10GBase-LR
control output stream is on, control of input stream is on
Type of the ARP: ARPA, ARP Timeout 04:00
Last entry, never, never hang output
Final cleaning of "show interface" counters never
Input queue: 0, 375, 0, 0 (size/max/drops/dumps); Total output drops: 0
Strategy of queues: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bps, 0 packets/s
5 minute output rate 0 bps, 0 packets/s
0 packets input, 0 bytes, 0 no buffer
Received 0 emissions (0 of IP multicasts)
0 Runts, 0 giants, 0 shifters
entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
Watchdog 0, multicast 0, break 0 comments
exit 0 packets, 0 bytes, 0 underruns
0 output errors, 0 collisions, 17 interface resets
unknown protocol 0 drops
0 babbles, collision end 0, 0 deferred
carrier, 0 no carrier, lost 0 0 interrupt output
output buffer, the output buffers 0 permuted 0 failuresGFS-core-router02 #show hw-module subslot transceiver status 0 1/0
The transmitter/receiver in the slot 1 subslot 0 port 0 is enabled.
Temperature module = 26,710 C
Bias transmitter current Tx = 26700 uAmps
Power of the transceiver Tx = - 2.7 dBm
Optical power of transmitter/receiver Rx =-13.9 dBmAnd this from the switch 4500
Core-sw01 #show interfaces tenGigabitEthernet 5/1/1
TenGigabitEthernet1/1/5 is down, line protocol is down (notconnect)
Material is 10 Gigabit Ethernet Port, the address is 0462.7399.3f84 (bia 0462.7399.3f84)
Description: # #LEVEL3_IP_TRANSIT #.
MTU 9070 bytes, BW 10000000 Kbit/s, 10 DLY usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
KeepAlive set (10 sec)
Type of connection Full-duplex, speed Auto, auto, media type is 10GBase-LR
input stream control is turned off, output flow control is disabled
Type of the ARP: ARPA, ARP Timeout 04:00
Last entry, never, never hang output
Last clearing of "show interface" counters 3w4d
Input queue: 0/2000/0/0 (size/max/drops/dumps); Total output drops: 0
Strategy of queues: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bps, 0 packets/s
5 minute output rate 0 bps, 0 packets/s
0 packets input, 0 bytes, 0 no buffer
Received 0 emissions (0 multicasts)
0 Runts, 0 giants, 0 shifters
entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
entry packets 0 with condition of dribble detected
exit 0 packets, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
unknown protocol 0 drops
0 babbles, collision end 0, 0 deferred
0 lost carrier, 0 no carrier
output buffer, the output buffers 0 permuted 0 failurestransceiver, base-sw01 #show interfaces tenGigabitEthernet 5/1/1
ITU channel not available (wavelength is not available).
Transmitter/receiver is calibrated internally.
If the device is calibrated on the outside, only the calibrated values are printed.
++: high alarm +: high warning-: low attention-: low alarm.
NA or n/a: not applicable, Tx: transmit, Rx: receive.
My: milliamps, dBm: decibels (milliwatts).Optical optics
Temperature Tx Rx power supply voltage
Port (Celsius) (Volts) (dBm) (dBm)
--------- ----------- ------- -------- --------
25.8 3.26 TE1/1/5-1, 3-9.3As it can be seen, the two modules are within the operating signal light range.
I think the problem is in the XFP-10GLR-OC192SR, who works in mode SONET, rather than ETHERNET (note the BW 9953280 Kbit/s in the interface)
So is it possible to force the interface to work in mode ETHERNET?
Kind regards
Miguel
I think you're right.
Try to change the mode with the mode of configuration to the following address:
hw-module subslot 1/0 enable LAN
Reference: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/shared_port_adap... -
What is the difference between RP1 and RP2 in ASR1006
Hi can anyone tell what is the difference between RP1 and RP2 in ASR1006? Thank you
Read all about here: Cisco ASR 1000 processors data sheet series road
-
ACS 5.2 - swap values CLI and Gwendoline.
I'm running eval ACS 5.2 demo version (more in detail below) for proof of concept and noticed an oddity... It appears that if you create a filter out and click the CLI/DNIS tab, click on create and then click DNIS and enter your info ex: * coolssid and click on submit it shows everything correctly, but if you go back and change. It inverts the.
Version: 5.2.0.26
The identifier for the internal version: B.3075.EVALIf you have the recording webex Viewer you can watch the recording of Webex little I made showing the steps and the issue.
I hope someone has an answer or Cisco can fix this bug.
Thank you
Kayle
Hi, Kayle, I would say that this must be a bug. I couldn't see any bug existing on this issue.
You can open a TAC case to report?
-
Hello
Someone had problems with the TMS 13.0.2 to 13.1.1 upgrade that installation fails to put SQL server level?
My server is now at the stage where I can't install the upgrade or re-install v13.0.2.
Thank you
David
Strange, I've marked this bug as a 'visible customer' a week ago. I know that it can take a day or two before, it can actually be displayed by partners/clients, but it shouldn't take a week.
In general, mark us (at least in the world of Cisco TMS) all new bugs as a 'visible customer '. However, not all bugs old Tandberg bug tracking system have been replicated to CDETS yet, that's why you sometimes see bugs which are not visible in the Bug Toolkit.
It's the RNE for CSCtt19457:
----
Symptoms
The upgrade of Cisco TMS to the version 13.1 or 13.1.1 fails. The Databaselog.txt file shows a timeout in SQL Server:
2011-10 - 03T 15: 37:53 to execute SQL block 1349, starting at line 30465
2011-10 - 03T 15: 38:39 error in UpgradeDatabase unhandled
2011-10 - 03T 15: 38:39 timeout has expired. The delay before the end of the operation or the server is not responding.
2011-10 - 03T 15: 38:39 at System.Data.SqlClient.SqlConnection.OnError (SqlException exception, Boolean breakConnection)
Conditions
The issue was seen in facilities at TMS using SQL Server 2008 and occurs when the stored procedure "NET_Utility_CheckForAccessCopyPasteErrors" is installed. Installation it would normally take about one millisecond, but when this occurs, it takes more than 20 seconds.
Workaround
Upgrade SQL Server to the latest service pack and run Setup again. If the SQL code is already on the latest service pack, restart the SQL Server service.
-
Hello
Can someone point me to doumented attesting that no Cisco VPN device can serve as an algorthym of SHA-2 hash ISAKMP.
Concerning
Paul
Paul:
Examples:
Guide to Administration of SA 500 series security appliances, ~ page 159.
Release notes for Cisco ASR 1000 series aggregation routers Cisco IOS XE release 2
http://www.Cisco.com/en/us/docs/iOS/ios_xe/2/release/notes/rnasr21.PDF
Best regards
Mike
-
Any bug IOS (ADSL + IPSEC) with Cisco 1721?
Hello
I tried to install an IOS image with support ADSL and IPSEC on a Cisco 1721.
When the router works fine with ADSL, it does not work with IPSEC and vice versa.
I tried to change the router with a similar 1721, but nothing has changed.
I tried the following images (I found them with IOS Scheduler) for IPsec:
C1700-o3sy756i - mz.121 - 3.XP3.bin
C1700-o3sy756i - mz.121 - 5.YB5.bin
When I install the versions of IOS, I can't see the ATM interface.
Have you noticed any IOS bug related to ADSL + IPSEC with the Cisco 1721 versions?
Thank you
Paolo
Hi Paolo
It comes to the interface card WIC ADSL is not supported in versions of software you tried.
According to "Software Advisor", the card WIC-1ADSL is supported on the platform of 1721 in the following versions:
12.2 (13) T, 12.2 (4) AGO, 12.2 (4) 12.2 (4) YH, YJ 12.2 (8), YL 12.2 (8), YM 12.2 (8), YB, YN 12.2 (8)
So, you will need to get a new image, a crypto of the cause.
/ Michael
-
A possible bug related to the Cisco ASA "show access-list"?
We had a strange problem in our configuration of ASA.
In the "show running-config:
Inside_access_in access-list CM000067 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:http_access
Inside_access_in access-list CM000458 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:https_access
Note to inside_access_in to access test 11111111111111111111111111 EXP:1/16/2014 OWN list: IT_Security BZU:Network_Security
access-list extended inside_access_in permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 Journal
access-list inside_access_in note CM000260 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - dgm
access-list inside_access_in note CM006598 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ns
access-list inside_access_in note CM000220 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ssn
access-list inside_access_in note CM000223 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:tcp / 445
inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq www log
inside_access_in allowed extended access list tcp 172.31.254.0 255.255.255.0 any https eq connect
inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log
inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 connect any eq netbios-ns
inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log
inside_access_in list extended access permitted tcp 172.31.254.0 connect any EQ 445 255.255.255.0
Inside_access_in access-list CM000280 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:domain
inside_access_in list extended access permitted tcp object 172.31.254.2 any newspaper domain eq
inside_access_in list extended access permitted udp object 172.31.254.2 any newspaper domain eq
Inside_access_in access-list CM000220 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:catch_all
inside_access_in list extended access permitted ip object 172.31.254.2 any newspaper
Inside_access_in access-list CM0000086 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:SSH_internal
inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 interface inside the eq ssh log
Inside_access_in access-list CM0000011 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange
inside_access_in list extended access allow object TCPPortRange 172.31.254.0 255.255.255.0 host log 192.168.20.91
Inside_access_in access-list CM0000012 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:FTP
access-list extended inside_access_in permitted tcp object inside_range 1024 45000 192.168.20.91 host range eq ftp log
Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange
inside_access_in access list extended ip 192.168.20.0 255.255.255.0 allow no matter what paper
Inside_access_in access-list CM0000014 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:DropIP
inside_access_in list extended access permitted ip object windowsusageVM any newspaper
inside_access_in list of allowed ip extended access any object testCSM
inside_access_in access list extended ip 172.31.254.0 255.255.255.0 allow no matter what paper
Inside_access_in access-list CM0000065 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:IP
inside_access_in list extended access permit ip host 172.31.254.2 any log
Inside_access_in access-list CM0000658 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security
inside_access_in list extended access permit tcp host 192.168.20.95 any log eq www
In the "show access-list":
access-list inside_access_in line 1 comment CM000067 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:http_access
access-list inside_access_in line 2 Note CM000458 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:https_access
Line note 3 access-list inside_access_in test 11111111111111111111111111 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security
4 extended access-list inside_access_in line allowed tcp host 1.1.1.1 host 192.168.20.86 eq newsletter interval 300 (hitcnt = 0) 81 0x0a 3bacc1
line access list 5 Note CM000260 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - dgm
line access list 6 Note CM006598 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ns
line access list 7 Note CM000220 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ssn
line access list 8 Note CM000223 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:tcp / 445
allowed to Access-list inside_access_in line 9 extended tcp 172.31.254.0 255.255.255.0 any interval information eq www journal 300 (hitcnt = 0) 0 x 06 85254 has
allowed to Access-list inside_access_in 10 line extended tcp 172.31.254.0 255.255.255.0 any https eq log of information interval 300 (hitcnt = 0) 0 x7e7ca5a7
allowed for line access list 11 extended udp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-dgm eq log of information interval 300 (hitcn t = 0) 0x02a111af
allowed to Access-list inside_access_in line 12 extended udp 172.31.254.0 255.255.255.0 any netbios-ns eq log of information interval 300 (hitcnt = 0) 0 x 19244261
allowed for line access list 13 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-ssn eq log of information interval 300 (hitcn t = 0) 0x0dbff051
allowed to Access-list inside_access_in line 14 extended tcp 172.31.254.0 255.255.255.0 no matter what eq 445 300 (hitcnt = 0) registration information interval 0 x 7 b798b0e
access-list inside_access_in 15 Note CM000280 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:domain
allowed to Access-list inside_access_in line 16 extended tcp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b
allowed to Access-list inside_access_in line 16 extended host tcp 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b
allowed to Access-list inside_access_in line 17 extended udp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf
allowed to Access-list inside_access_in line 17 extended udp host 172.31.254.2 all interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf
access-list inside_access_in 18 Note CM000220 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:catch_all
allowed to Access-list inside_access_in line 19 scope ip object 172.31.254.2 no matter what information recording interval 300 (hitcnt = 0) 0xd063707c
allowed to Access-list inside_access_in line 19 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xd063707c
access-list inside_access_in line 20 note CM0000086 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:SSH_internal
permit for line access list extended 21 tcp 172.31.254.0 inside_access_in 255.255.255.0 interface inside the eq ssh information recording interval 300 (hitcnt = 0) 0x4951b794
access-list inside_access_in line 22 NOTE CM0000011 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:PortRange
permit for access list 23 inside_access_in line scope object TCPPortRange 172.31.254.0 255.255.255.0 192.168.20.91 host registration information interval 300 (hitcnt = 0) 0x441e6d68
allowed for line access list 23 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 192.168.20.91 host range ftp smtp log information interval 300 (hitcnt = 0) 0x441e6d68
access-list inside_access_in line 24 Note CM0000012 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:FTP
25 extended access-list inside_access_in line allowed tcp object inside_range Beach 1024 45000 host 192.168.20.91 eq ftp interval 300 0xe848acd5 newsletter
allowed for access list 25 extended range tcp 12.89.235.2 inside_access_in line 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp interval 300 (hitcnt = 0) newsletter 0xe848acd5
permit for access list 26 inside_access_in line scope ip 192.168.20.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xb6c1be37
access-list inside_access_in line 27 Note CM0000014 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:DropIP
allowed to Access-list inside_access_in line 28 scope ip object windowsusageVM no matter what information recording interval 300 (hitcnt = 0) 0 x 22170368
allowed to Access-list inside_access_in line 28 scope ip host 172.31.254.250 any which information recording interval 300 (hitcnt = 0) 0 x 22170368
allowed to Access-list inside_access_in line 29 scope ip testCSM any object (hitcnt = 0) 0xa3fcb334
allowed to Access-list inside_access_in line 29 scope ip any host 255.255.255.255 (hitcnt = 0) 0xa3fcb334
permit for access list 30 inside_access_in line scope ip 172.31.254.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xe361b6ed
access-list inside_access_in line 31 Note CM0000065 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:IP
allowed to Access-list inside_access_in line 32 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xed7670e1
access-list inside_access_in line 33 note CM0000658 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security
allowed to Access-list inside_access_in line 34 extended host tcp 192.168.20.95 any interval information eq www 300 newspapers (hitcnt = 0) 0x8d07d70b
There is a comment in the running configuration: (line 26)
Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange
This comment is missing in 'display the access-list '. In the access list, for all lines after this comment, the line number is more correct. This poses problems when trying to use the line number to insert a new rule.
Everyone knows about this problem before? Is this a known issue? I am happy to provide more information if necessary.
Thanks in advance.
See the version:
Cisco Adaptive Security Appliance Software Version 4,0000 1
Version 7.1 Device Manager (3)
Updated Friday, June 14, 12 and 11:20 by manufacturers
System image file is "disk0: / asa844-1 - k8.bin.
The configuration file to the startup was "startup-config '.
fmciscoasa up to 1 hour 56 minutes
Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor
Internal ATA Compact Flash, 128 MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Hardware encryption device: Cisco ASA-5505 Accelerator Board (revision 0 x 0)
Start firmware: CN1000-MC-BOOT - 2.00
SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03
Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.06
Number of Accelerators: 1
Could be linked to the following bug:
CSCtq12090: ACL note line is missing when the object range is set to ACL
The 8.4 fixed (6), so update to a newer version and observe again.
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Hello
Please can you anyone @ cisco let me see the following Cisco Bug ID CSCtn29349
Concerning
Roberto Taccon
The bug is now updated and visible.
If your concern was related to questions of split-TCP handshake, you might be interested in
http://Tools.Cisco.com/Security/Center/viewAlert.x?alertId=22462
Maybe you are looking for
-
FF removes the list of exceptions of the cookie whenever the browser closes.
For about a month, I had intermittent problems with FF dumping the cookie exceptions list whenever the browser closes. Initially, I had a very long list of exceptions and noticed a few weeks he was now totally blank. After I discovered the problem, I
-
Satellite A20-S103D: two questions about the recovery process
Hello I bought the machine above my nephew - is no longer necessary.It runs Windows XP Home Edition and is not a Windows CD or disc of recovery of any kind. I have a Windows decal on the underside with the product key, but when I use "Belarc Advisor"
-
All, When you use the virtual com COM4 on a RT system port: 1. can I send data to the RT via this port? 2 is this port for playback only? I can see the boot data so I know that I speak of the RT. Thank you
-
Memory resize with change 0-, it slows the calculation?
I'm adding two arrays with elements 1e6; the addition of loop 1000 times. When I use the review buffer allocation tool, it shows a buffer allocation to one of the entries on the node to add. When I trace the performance, he reported 1000 memory resiz
-
Server 2008 Standard: Where's my virtual product key?
Bought a FPP Windows 2008 Server Standard, nine AOC and still sealed. Only, it came with a product key of Phys. Isn't it supposed to come with a key product of Virt as well? Who can I contact if it was missed? Thank you very much for your answers.