Announcement

Collapse
No announcement yet.

Cisco ASA access problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA access problem

    Hi all, I m facing problem with ASA, here is scenario for the same,
    I have 2 cisco ASA 5540 with multiple context.

    Configured in active -active failover. My primary admin context is

    working without any hassel. But when I tried to connect to outside

    interface (secondary firewall)of admin contex it gives me an error

    log - "ifc-classify --Virtual firewall classification failed."
    From the same device if I connected from 'inside' - I am

    able to. But not able to send any outside traffic. (Not able to

    connect to gateway IP of outside interface.)

    Please help.

    Thanks in advance.
    Last edited by ScorpR; 7th November 2008, 10:54.

  • #2
    Re: Cisco ASA access problem

    ScorpR
    Can you edit your post to get rid of the link (over the entire message!) plus can you post a copy of your config without the personal info.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Cisco ASA access problem

      Here is my admin context configuration-----


      ASA Version 7.2(3) <context>
      !
      hostname 60
      domain-name XXX.com
      enable password 872OPHGpXeuegZf8lPkk encrypted
      names
      !
      interface vlan997
      nameif outside
      security-level 0
      ip address 10.12.241.60 255.255.255.128 standby 10.12.241.61
      !
      interface vlan64
      nameif MGMT
      security-level 100
      ip address 10.12.240.1 255.255.255.224 standby 10.12.240.2
      !
      interface vlan65
      nameif SRV
      security-level 100
      ip address 10.12.240.33 255.255.255.224 standby 10.12.240.34
      !
      interface vlan66
      nameif PROXY1
      security-level 100
      ip address 10.12.240.65 255.255.255.224 standby 10.12.240.66
      !
      passwd 2KWFQnbbNIdI.22KYOUA encrypted
      dns server-group DefaultDNS
      domain-name xxx.com
      same-security-traffic permit inter-interface
      same-security-traffic permit intra-interface


      !Access Lists

      pager lines 24
      logging asdm informational
      mtu outside 1500
      mtu SECURITY_MGMT 1500
      mtu SECURITY_SRV 1500
      mtu PROXY 1500
      monitor-interface outside
      monitor-interface MGMT
      monitor-interface SRV
      monitor-interface PROXY
      icmp unreachable rate-limit 1 burst-size 1
      no asdm history enable
      arp timeout 14400

      !access-group

      route outside 10.0.0.0 255.0.0.0 10.12.241.1 1
      route outside 61.xx.xx.0 255.255.255.224 10.12.241.1 1
      route PROXY 0.0.0.0 0.0.0.0 10.12.240.75 1

      timeout xlate 3:00:00
      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
      timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
      timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
      timeout uauth 0:05:00 absolute

      !Device Access

      Comment


      • #4
        Re: Cisco ASA access problem

        Does this make sense?

        ifc-classify
        Virtual firewall classification failed
        A packet arrived on a shared interface, but failed to classify to any specific context interface.
        Recommendation: Use the global or static command to specify the IPv4 addresses that belong to each context interface.
        Syslog messages: None.

        http://www.cisco.com/en/US/docs/secu...nd/ref/s2.html
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Cisco ASA access problem

          Thanks for the support.
          Issue resolved.

          Comment


          • #6
            Re: Cisco ASA access problem

            Would you mind updating with what the fix was, for the benefit of other users please?
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment

            Working...
            X