SNMP version 3 version of Pix 515E 7.0?
Can anyone tell if snmp version 3 is supported on any release of the version 7 PIX. And if not, Cisco plans to PIX? I can't find any information about snmp v3 on PIX. the only reference view's switches and routers. your in advance
Hello
7.0 (1) version adds support for SNMPv2c, offer new services, including counters 64 (useful for packets on Gigabit Ethernet interfaces counters) and support to MIB data transfers in bulk. In addition, Version 7.0 includes SNMPv2 MIB (RFC 1907) and the IF - MIB (RFC 1573 and 2233) and the Cisco IPSec Monitoring MIB Flow, giving visibility full VPN statistical flow tunnel uptime, bytes/packet transferred, and much more.
Answering your question, unfortunately version 3 is not supported.
It will be useful.
Franco Zamora
Tags: Cisco Security
Similar Questions
-
MCU &; ISDNGW SNMP version
Hello
I'm looking for an answer on the following question:
What SNMP version uses the ISDNGW blade 8321 / MCU (42,45 or blade series)?
What is V2 or V3?
Thanks in advance
Stijn
Stijn,
You should be able to find the information you are looking for here:
Concerning
Andreas
-
Hello
I have pix 515E and I configured a VPN on it. My users connect to my network from the internet via the Cisco VPN client.
I have problem, only their LAN machine can do VPN from Cisco VPN client to my network at once.
Users are connected to the internet via an ADSL router and the LAN switch.
--------------------------------------------------
PIX Config:
6.3 (4) version PIX
interface ethernet0 car
Auto interface ethernet1
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
enable encrypted password xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxx encrypted passwd
hostname ABCDEFGH
ABCD.com domain name
clock timezone IS - 5
clock to summer time EDT recurring
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
inside_out to the list of allowed access nat0_acl ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
list of allowed shared access ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
Outside 1500 MTU
Within 1500 MTU
IP address outside xxx.xxx.xxx.xxx 255.255.255.0
IP address inside 192.168.1.1 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
IP local pool vpnpool 192.168.2.1 - 192.168.2.254
PDM logging 100 information
history of PDM activate
ARP timeout 14400
Global interface 10 (external)
NAT (inside) 0-list of access inside_out-nat0_acl
NAT (inside) 10 0.0.0.0 0.0.0.0 0 0
Route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-server RADIUS (inside) host ABCDE timeout 10
AAA-server local LOCAL Protocol
RADIUS protocol radius AAA-server
Radius max-failed-attempts 3 AAA-server
AAA-radius deadtime 10 Server
RADIUS protocol AAA-server partnerauth
AAA-server partnerauth max-failed-attempts 3
AAA-server deadtime 10 partnerauth
partnerauth AAA-server (host ABCDEFG myvpn1 timeout 10 Interior)
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto-map dynamic outside_dyn_map 20 the transform-set ESP-3DES-MD5 value
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
card crypto client outside_map of authentication partnerauth
outside_map interface card crypto outside
ISAKMP allows outside
ISAKMP key * address 0.0.0.0 netmask 0.0.0.0
ISAKMP identity address
part of pre authentication ISAKMP policy 8
ISAKMP strategy 8 3des encryption
ISAKMP strategy 8 md5 hash
8 2 ISAKMP policy group
ISAKMP life duration strategy 8 the 86400
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 sha hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
vpngroup myvpn address vpnpool pool
vpngroup myvpn ABCDE dns server
vpngroup myvpn by default-field ABCD.com
splitting myvpn vpngroup split tunnel
vpngroup idle 1800 myvpn-time
vpngroup myvpn password *.
Telnet 192.168.1.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd address 192.168.1.200 - 192.168.1.254 inside
dhcpd dns ABCDE
dhcpd lease 3600
dhcpd ping_timeout 750
field of dhcpd ABCD.com
dhcpd outside auto_config
dhcpd allow inside
Terminal width 80
--------------------------------------------------
Thanks in advance.
-Amit
Try to add the "isakmp nat-traversal" command to your PIX. I suspect what happens is that Remote LAN users is translated to a single IP address as they pass through the DSL connection. I also assume that the machine doing the translation has a capacity of IPSec passthrough. Linksys routers would be a good example of this type of NAT device that allows IPSec pull-out.
If that's the case, that a single VPN connection will be able to operate both. The above command will turn PIX detect clients that are located behind a NAT device, and then try to configure the VPN sessions in UDP packets and so to work around the limitation of NAT and IPSec passthrough device.
-
I am a new user and I'm trying to configure a PIX 515e Ver 6.3 (3). How can I give my users inside access to my webfarm located on dmz1. I am able to access the test sites inside and outside dzm1. I can't access the Web inside dmz1 sites. Here is my current config:
6.3 (3) version PIX
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
Automatic stop of interface ethernet3
Automatic stop of interface ethernet4
Automatic stop of interface ethernet5
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
nameif ethernet2 dmz1 security50
nameif ethernet3 intf3 securite6
nameif ethernet4 intf4 security8
ethernet5 intf5 security10 nameif
enable password xxxx
passwd xxxx
hostname pix1
apprendrefacile.com domain name
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
aetest name 10.10.10.1
name 10.10.10.2 aetest1
name 13.13.13.3 aetestdmz
name 13.13.13.4 aetestdmz1
access-list from-out-to allow tcp any any eq www
pager lines 24
opening of session
debug logging in buffered memory
Outside 1500 MTU
Within 1500 MTU
dmz1 MTU 1500
intf3 MTU 1500
intf4 MTU 1500
intf5 MTU 1500
IP address outside the 12.x.x.x.255.255.0
IP address inside 10.10.10.2 255.255.255.0
IP address dmz1 13.x.x.x.255.255.0
No intf3 ip address
No intf4 ip address
No intf5 ip address
alarm action IP verification of information
alarm action attack IP audit
no failover
failover timeout 0:00:00
failover poll 15
No IP failover outdoors
No IP failover inside
no failover ip address dmz1
no failover ip address intf3
no failover ip address intf4
no failover ip address intf5
history of PDM activate
ARP timeout 14400
public static 12.12.12.15 (inside, outside) aetest netmask 255.255.255.255 0 0
public static 12.12.12.16 (inside, outside) aetest1 netmask 255.255.255.255 0 0
(dmz1, external) 12.12.12.17 static aetestdmz netmask 255.255.255.255 0 0
(dmz1, external) 12.12.12.18 static aetestdmz1 netmask 255.255.255.255 0 0
Access-group from-out-to external interface
Route outside 0.0.0.0 0.0.0.0 12.12.12.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
Enable http server
http 10.10.10.207 255.255.255.255 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Telnet 10.10.10.0 255.255.255.0 inside
Telnet timeout 20
SSH timeout 5
Console timeout 0
Terminal width 80
Cryptochecksum:XXXXX
: end
Thank you... Jay
with pix v6.x, nat/global or static is a must do before the pix will start to transfer packets between two interfaces.
the current static instructions do not cover the translation between the inside and the dmz. as the traffic between pix inside the net and dmz is private, I suggest you to set up no. - nat between the two.
for example
static (inside, dmz1) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
clear xlate
in the above example, pix inside the host must be able to access the dmz Server pointing to the private ip address of dmz Web server.
If you prefer the pix inside the host to access the dmz by name server, then "alias" command should be applied.
for example
alias (inside) 13.13.13.3 12.12.12.17 255.255.255.255
the need for the command "alias" is due to the fact that when pix inside the host tries to access the server dmz by name, the public dns will point to the public IP address of the dmz Web server. now, as the static electricity created for the dmz Web server is directional i.e. public ip will be accessible from the outside, not the pix inside the net. so the 'alias' command will allow the PIX to manipulate the dns response and point the name to the private ip of Web server dmz for the pix inside the host.
-
Clearing its IPSec on a PIX 515E
Hello
Is it possible to delete a particular IPSec security association to a PIX 515E Version 6.3 (1)?
Concerning
Lisbeth
Clear [crypto] ipsec his destination-address spi protocol entry
is what you are looking for.
-
Hello
7.0 (1) version pix
ASDM version 5.0 (1)
I have a situation where you go paas-thanks to the VPN feature goes on our PIX 515E. I tried to put this on the pix using a VPN Wizard Site to site
who is enabled. I was unable to connect to the pix from the remote site. Witch's journal replied negotiate the pix is OK and the success
The problem is when I try to set up the tunnel to the top of the remote site. I fall without failure.
where can I see the vpn pix for error log?
is there a manual for the solution of site to site VPN using the wizard
Help, please.
Thanks in advance
the section 'use adsm' (step 14) gives an example on how to set up vpn lan - lan via adsm
Newspaper to go to the section "check".
-
PIX 515E and remote access VPN
I use a PIX 515E with: ASDM Version: 5,0000 51 PIX Version: 8.0 (4) and configure it with remote access VPN.
I would like to get an email every time that a user login (and or disconnection) to the VPN. Remote clients use the Cisco VPN Client.
Any help is appreciated,
Hello
Here is a link to the email configuration when you log in to the ASA/PIX: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc7
Then you can create a list of message to send the logs only for the connection/disconnection of the VPN user: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc18
There is a wire that is linked here: https://supportforums.cisco.com/discussion/10798976/asa-email-logging-issue
-
PIX 515E->; URL filtering: enabled
Hello
When I start my Cisco PIX 515E, I can see this output:
Cisco PIX Firewall Version 6.3 (3)
Features licensed:
Failover: disabled
VPN - A: enabled
VPN-3DES-AES: disabled
The maximum physical Interfaces: 3
Maximum Interfaces: 5
Cut - through Proxy: enabled
Guardians: enabled
URL filtering: enabled
Internal hosts: unlimited
Throughput: unlimited
Peer IKE: unlimited
I understand everything except "URL filtering: enabled".
I looked in the documentation, but I can't find an explanation: is the PIX can filter requests for URL?
Thank you in advance for the answer.
Paolo
Hi Paolo,.
6.3 IOS PIX supports filtering of HTTPS and FTP sites to websense filtering servers, this option is enabled by default.
More information can be found here:
http://www.Cisco.com/en/us/products/sw/secursw/ps2120/prod_release_note09186a00801a6d21.html
and here:
Hope this helps-
Jay
-
Hi all
We just bought a PIX 515E and try to use it, but got a number of questions. Here's the NVA of show:
PIX-151st #show version
Cisco PIX Firewall Version 6.3 (1)
Cisco PIX Device Manager Version 3.0 (1)
Updated Thursday 19 March 03 11:49 by Manu
PIX-515E up to 5 hours and 15 minutes
Material: PIX-515E, 64 MB RAM, Pentium II 433 MHz processor
Flash E28F128J3 @ 0 x 300, 16 MB
BIOS Flash AM29F400B @ 0xfffd8000, 32 KB
0: ethernet0: the address is 000f.2457.4b12, irq 10
1: ethernet1: the address is 000f.2457.4b13, irq 11
Features licensed:
Failover: enabled
VPN - A: enabled
VPN-3DES-AES: enabled
Maximum Interfaces: 6
Cut - through Proxy: enabled
Guardians: enabled
URL filtering: enabled
Internal hosts: unlimited
Flow: IKE peers unlimited: unlimited
This PIX has a failover license only (FO).
Problem is that we cannot ping inner harbor, if we do not switch light, but this is a unique machine. Here's another message once we turn on the switch:
PIX-515E # config t
WARNING *.
Configuration of replication is NOT performed the unit from standby to Active unit.
Configurations are no longer synchronized.
PIX-515e (config) #.
Please help solve this problem. I wonder if we buy the wrong license? Thank you very much.
you have in your possession a PIX failover. That's why says in the "sh run".
This device is intended to be used only as a failover for a live device. It will work as a live PIX, but behave badly. It is cheaper than a PIX with an unrestricted license, as it is not intended to be used as a standalone device. Check with the one that you bought to get the situation sorted.
Good luck
Steve
-
When I use ASDM to administer my PIX-515E (v7.0), I get messages from 2 following error if I update the screen after being inactive in the session for about 2-3 minutes about:
Error message 1
ASDM is temporarily unable to communicate with the firewall.
Error message 2
ASDM is unable to reach the PIX. Please check the configuration and your connection and try again by clicking the Refresh button.
These messages were recently and I don't know why. Is there an ASDM idle session time-out setting? I could not found.
Thank you
Bill Fanning
Hello
What version of Java are you using. If you have Java 1.6, can you go back to 1.5 and see if the problem goes away.
Also, here is the URL indicating the operating system for client PC and browser requirements
http://www.Cisco.com/en/us/partner/docs/security/ASA/asa70/asdm50/release/notes/RN505.html#wp231810
I hope it helps.
Kind regards
Arul
* Please note all useful messages *.
-
I am installing a PIX 515e with an ADSL router. I have all the IP addresses for the router etc. I'm trying to connect to a network on the interface internal of the PIX. (Please bare with me as I am new on the firewall!)
I ping the network firewall, but I can not access to the internet. The initial configuration for the PIX documentation implies that by default, it has access form the firewall but no! I'm obviously missing something here, i.e. of Thompson the network to route requests through the firewall interent! ???
Sorry to be so simplistic but I'm learning all the time!
Thanks for any help.
Robin
After you enter the acl to allow ping, can you ping now?
Watch newspaper reveal something?
For DNS and testing, create a static on the PIX for your DNS server. For example "x.x.x.x (indoor, outdoor) static 192.168.0.x netmask 255.255.255.255" where x.x.x.x is a public IP address and 192.168.0.x is your dns server. Then let the outside to your DNS server dns - "access-list 101 permit host udp/tcp host x.x.x.x eq 53 z.z.z.z ' where z.z.z.z is a public dns server (or use one for testing) and x.x.x.x IP NAT'ed to your dns server. See what is happening, look in your journal.
What version of PIX you run.
Let know use.
Steve
-
Using PIX 515E configuration require
Dear all,
Hi.Actually I need help for PIX 515E.Pls. check out the scenario, design & suggest?
Pls. find the details following and configuration of VLAN attached router.
# I want to put as
«Spend my LAN on CISCO 2900 (range 172.16.29.X IP...» (25 PCs) - VLAN router - CISCO PIX - ISP public IP.
# Now it's
"My LAN on CISCO 2900 - VLAN (external) router - ISP.
Details of router & PIX:
#Router inside the IP - 172.16.29.1 (inside property intellectual as it is very critical that cannot be changed)
Outdoor #Router ip - what ip should I use? (I tried with 1.1.1.1 255.255.255.0)
#PIX outside intellectual property - what ip should I use? (My ISP IP?-j' tried with 208.144.230.197 which is currently outside of my router)
#PIX within the intellectual property - what ip should I use? (I tried with 1.1.1.2 255.255.255.0)
Connection ISP #My is directly from the ISP GW to an ethernet cat 5 on my router VLAN
#I would allow www, FTP, web-based like Yahoomail... etc... & Messenger services
VLAN router Config:
Current configuration: 1028 bytes
!
version 12.3
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname VLANRouter
!
boot-start-marker
boot-end-marker
!
activate the gcsroot password
!
No aaa new-model
IP subnet zero
!
!
no record of conflict ip dhcp
DHCP excluded-address IP 172.16.29.1 172.16.29.240
DHCP excluded-address IP 172.16.29.250 172.16.29.254
!
IP dhcp pool dhcppool
network 172.16.29.0 255.255.255.0
DNS-server 208.144.230.1 208.144.230.2
router by default - 172.16.29.1
!
!
!
!
controller E1 0/0
!
controller E1 0/1
!
!
interface FastEthernet0/0
IP 208.144.230.197 255.255.255.224
NAT outside IP
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 172.16.29.1 255.255.255.0
IP nat inside
automatic duplex
automatic speed
!
IP nat inside source list 7 interface FastEthernet0/0 overload
IP http server
IP classless
IP route 0.0.0.0 0.0.0.0 208.144.230.200
!
!
access-list 7 permit 172.16.29.0 0.0.0.255
!
Line con 0
line to 0
line vty 0 4
opening of session
!
!
!
end
All advice is appreciated.
Kind regards
Hiren s Mehta.
ORG Informatics Ltd.
Bamako, MALI
AFRICA
Hi hiren,.
See the answers below:
#Router inside the IP - 172.16.29.1 (inside property intellectual as it is very critical that cannot be changed)
When you upgrade the PIX router inbetween and your switch, you must put the PIX inside IP like 172.16.29.1 and change the router within the subnet to someother pool. Do the PAT on the PIX, rather than the router.
Outdoor #Router ip - what ip should I use? (I tried with 1.1.1.1 255.255.255.0)
Router outside the property intellectual property will be that given by the ISP... The ISP would have given a public IP address for the WAN link. This cannot be changed.
#PIX outside intellectual property - what ip should I use? (My ISP IP?-j' tried with 208.144.230.197 which is currently outside of my router)
PIX outside IP must be comprehensive. ISP would have given you a LAN subnet. Use it. In this case, inside the interface of the router has an IP address from that subnet even...
#PIX within the intellectual property - what ip should I use? (I tried with 1.1.1.2 255.255.255.0)
PIX inside must be 172.16.29.1, which will be the default gateway for all PCs. If you change this subnet, then the PC should have an IP address on the same subnet that has decided.
Connection ISP #My is directly from the ISP GW to an ethernet cat 5 on my router VLAN
didn't get it... is that on the internet router or switch?
#I would allow www, FTP, web-based like Yahoomail... etc... & Messenger services
If all these must be permitted from inside to outside, you have not open anything... by default, all traffic to the inside outside is allowed (except if you put a list of access denied)...
-
VPN with ASA 5500 VPN with PIX 515E vs
I wonder what are the differences between the use of an exisitng PIX 515E for VPN remote users as appossed to acquire an ASA 5500 VPN remote users? Information or advice are appreciated to help me lean toward one or the other.
Craig
According to the version of the code that you run on the PIX on the PIX or ASA VPN features must be the same. So if the choice is not based on differences in features, what else would help guide the choice? You can consider if the existing PIX has sufficient resources to add the extra processing VPN load or if you should put that on another box. You might consider that the PIX is an older product range, and his end is near, while the ASA is the product that is the strategic replacement for the PIX. Given a choice I probably prefer to use a technology newer than the old technology. I also believe that the ASA will give you more choice of technology to go forward (a way of better growth) while the PIX provides current capacity but no path of growth.
On the other hand, there is the aspect of consider that using the existing PIX does not need not to buy something new and ASA would be an expense you have to cover in the budget. And for some people the budget constraint is an important consideration.
HTH
Rick
-
We have a PIX 515E firewall and the SMTP banner is changed to 220 *.
I need to disable this and I can't use the command "no fixup protocol SMTP" as it is not present in 7.1.
Any suggestions?
Kind regards
Keyvan
This is done under the map class 'class-map inspection_default' in this version of the PIX OS.
pls rate if useful!
-
License - PIX 515E, restricted or unrestricted?
How can I know what license I have on a PIX515E? I need to know if it is limited or unlimited. Here is the output of sh worm but nothing jumps on me and said: that which.
Cisco PIX Firewall Version 6.2 (2)
Cisco PIX Device Manager Version 1.1 (2)
Updated Saturday, June 7 02 17:49 by Manu
ABC-FW01 up to 3 hours and 24 minutes
Material: PIX-515E, 32 MB RAM, Pentium II 433 MHz processor
Flash E28F128J3 @ 0 x 300, 16 MB
BIOS Flash AM29F400B @ 0xfffd8000, 32 KB
0: ethernet0: the address is 000a.b7bc.4b30, irq 10
1: ethernet1: the address is 000a.b7bc.4b31, irq 11
2: ethernet2: the address is 0002.b3ad.8176, irq 11
Features licensed:
Failover: enabled
VPN - A: enabled
VPN-3DES: disabled
Maximum Interfaces: 6
Cut - through Proxy: enabled
Guardians: enabled
URL filtering: enabled
Internal hosts: unlimited
Throughput: unlimited
Peer IKE: unlimited
Serial number: 806343913 (0x300fd4e9)
Activation key running: xxxx
Modified configuration of enable_15 to 10:26:27.064 UTC Tuesday, February 7, 2006
It is an unrestricted license. The number of maximum interfaces is a way of saying. Restricted is only 3 where UR is 6. You can use this page to see other differences.
http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html
You could also paste your show in output interpreter tool version, if you are a registered user.
Steve
Maybe you are looking for
-
Toshiba 42WL67Z - no picture via hdmi and vga
Hello After a power outage, my 42WL67Z (Regza LCD) no longer displays a picture via hdmi and vga. The computer receives a TV signal, it detects the screen when connected and offers the usual option (duplicate or prolong the display, screen resolution
-
How can I backup my iPhone iPad apps pro to my iMac computer not iCloud
-
The antivirus that is recommended for Mac?
As I noticed that the forum alert alert does not install MacKeeper, may I know which antivirus is recommended for my Mac Pro, please?
-
I'm reading a parallel port of 10 bits with a NEITHER-6251 Board, the acquisition with an external clock synchronization. If I try to play only 8 bits with the following code, everything goes well: DIGIN_Task = new Task("") DIGIN_TaskReader = new Dig
-
Hi HP I have a laptop HP DV3507ea of February 2009, he's always hard going with Windows 7 Home Premium 64 - bit & a backlit keyboard. In any case, I have a problem of teething & random. The backlight of the lcd screen turns off randomly, but not all