Cisco ASA AnyConnect VPN ‘Using ASDM’

KB ID 0000069

Problem

Note: This is for Cisco ASA 5500, 5500-x, and Cisco Firepower devices running ASA Code.

Below is a walk through for setting up a client to gateway VPN Tunnel using a Cisco Firepower ASA appliance. This was done via the ASDM console. The video was shot with ASA version 9.13(1) and ASDM 7.13(1).

Suggestion: If you are setting this up for the first time, I would suggest setting it up to use the ASA’s LOCAL database for usernames and passwords, (as shown in the video). Then once you have it working, you can change the authentication (AAA) to your preferred method (see links at bottom of page).

The original article was written with ASA version 8.0(4) and ASDM 6.1(3), which was a little more difficult so I will leave that procedure at the end just in case 🙂

Note: The ASDM cannot be used on the normal port (https) on the outside interface when using AnyConnect, because HTTPS or TCP port 443 needs to be free (and also IMPORTANTLY NOT ‘port-forwarded’ to a web server / Exchange server etc. for this to work). To fix that, either change the port that AnyConnect is using (not the best solution!) Or, (a much better solution) Change the port ASDM is using

Solution

Setup AnyConnect From ASDM (Local Authentication)

In case you don’t want to watch a video! Launch the ASDM > Wizards > VPN Wizards > AnyConnect VPN Wizard > Next.

Give the AnyConnect profile a name i.e PF-ANYCONNECT, (I capitalise any config that I enter, so it stands out when I’m looking at the firewall configuration). >Next > Untick IPSec > Next.

Note: You can use IPSec if you want, but you will need a Certificate pre-installed to do so!

Now you need to upload the AnyConnect client packages for each operating system that is going to want to connect, 

Once the package (with a pkg extension) is located, you can upload it directly into the firewalls flash memory. 

Repeat the process for each OS that will be connecting. (PLEASE! Don’t forget to add the macOS package! or your users will see THIS ERROR) > Next > As mentioned above I’m using LOCAL (on the ASA) authentication. I always set this up first, then test it, then if required, change the authentication method > If you don’t already have a LOCAL user created then add a username and password for testing > Next.

Next (Unless you want to setup SAML) > Here I’ll create a new ‘Pool’ of IP addresses for my remote clients to use. You can also use an internal DHCP server for remote clients, again I normally setup and test with a Pool from the ASA, then if I need to use a DHCP server, I swap it over once I’ve tested AnyConnect. If that’s a requirement, see the following article;

AnyConnect – Using a Windows DHCP Server

Enter the DNS server(s) details for you remote clients > WINS? Who is still using WINS! > Domain name > Next > Tick ‘Exempt VPN traffic from network address translation’ > Next.

Next > Finish

DON’T FORGET TO SAVE THE CHANGES!! (File > Save Running Configuration to Flash)

Now any remote client attempting to connect to AnyConnect can install the client software directly from the firewall, (This is assuming you have not already installed it for them beforehand).

 

For Older Versions of the ASA/ASDM

Note: The information below is OBSOLETE, I only leave it here in case someone is running some VERY old versions of the ASDM and AnyConnect

1. Open up the ADSM console. > Click Wizards >SSL VPN Wizard.

2. Select “Both Options”. > Next.

3. Enter a connection name > If you have a certificate already select it here or simply leave it on” -None-” and the ASA will generate an un trusted one. > Next.

4. For this example we are going to use the ASA’s Local database to hold our user database, however, if you want to use RADIUS/Windows IAS select those options and accordingly, and then follow the instructions. Note: To set up IAS read my notes HERE > Enter a username and password.

5. Add. > Next

6. We are going to create a new policy in this case called SSL Users > Next.

7. You can now add bookmarks (Links on the VPN portal page) > Manage > Add > Type in a name > Add. > OK.

8. Give it a name and subtitle (look at step 18 to see how that displays) > Enter the internal URL for the web site > OK.

9. Add > OK.

10. OK.

11. Next.

12. Create an IP Pool (IP range to be leased to the VPN clients that is DIFFERENT to your LAN IP range) > New > enter a name, IP addresses, and the subnet mask > OK.

13. Point the ASA to the Anyconnect client you want to use (Note you can upload a software image from your PC here as well) Next > Accept the warning about NAT Exemptions (Note if you do get a warning to add a NAT Exemption see the note at the end).

14. Finish.

15. Before it will work you need to Select Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles > Double click the Connection profile you created earlier in step 3 > Enter a name in the Aliases section i.e. AnyConnect > OK. > Tick the box that says “Allow user to select connection profile by its alias………” > Apply.

16. File > Save running configuration to flash.

17. Connect externally to https://{public_IP} (Note this has to be in the browsers trusted site list) > Enter a username and password > Login

18. You are now on the “Portal” site any bookmarks created above will be visible > Click the AnyConnect Tab.

19. Double click to launch AnyConnect.

20. The Anyconnect client will install if not used previously (User needs to be local admin) and connects.

NAT Exemptions: Note if you received a warning about needing to add the remote VPN pool as a NAT Exemption (After step 13) you will need to add the following lines to the ASA

Syntax;

[box]

access-list {name} extended permit ip {LAN behind ASA} {Subnet behind ASA} {VPN Pool Range} {VPN Pool Subnet}

nat (inside) 0 access-list {name}

Working example

access-list nonat extended permit ip 10.254.254.0 255.255.255.0 10.254.253.0 255.255.255.0

nat (inside) 0 access-list nonat

[/box]

WARNING: Make sure the name matches any existing no NAT ACLs or your IPsec vpns will fail!

Related Articles, References, Credits, or External Links

Cisco ASA 5500 AnyConnect Setup From Command Line

AnyConnect: Allow ‘Local’ LAN Access

AnyConnect 4 – Plus and Apex Licensing Explained

Cisco AnyConnect – Essentials / Premium Licences Explained

AnyConnect (AAA) Authentication Methods

Kerberos Authentication (Cisco ASA)

LDAP Authenticaiton (Cisco ASA)

RADIUS Authentication(Cisco ASA)

Duo 2FA Authentication (Cisco ASA)

Cisco – Testing AAA Authentication (Cisco ASA and IOS)

Updating the AnyConnect client for Deployment from the Cisco ASA 5500

KB ID 0000704 

Problem

Your ASA will (by default) update your AnyConnect clients to the latest client software when they connect. However you need to supply the ASA with the updated packages first.

Solution

1. Download the latest AnyConnect client package, from Cisco. The one you want will have a file extension of .pkg

AnyConnect 4

AnyConnect 3

2. Connect to the ASDM > Configuration > Remote Access VPN > Network (Client) access > AnyConnect Client Software > Add.

 

Note: On older versions of the ASDM you will find the option under > Network (Client) access > Advanced > SSL VPN > Client Settings > Add.

3. Select Upload > Browse to the software you downloaded > Select.

 

4. The file should upload to flash memory.

 

5. And it will tell you if it has been successful.

 

6. Select the new software and, using the ‘up arrow’ move it to the top of the list > Apply.

Note: At this point I also delete the old software packages.

7. Don’t forget to upload the packages for Linus and MacOS of you may see the following error;

The AnyConnect package on the secure gateway could not be located.

 

 

8. Remember to save the changes. File > Save running configuration to flash.

Related Articles, References, Credits, or External Links

Cisco ASA5500 AnyConnect SSL VPN 

Original article written: 02/11/12

IIS – Cannot Download File From Website (With Extension .xyz)

KB ID 0001223 

Problem

I first saw this problem a few months ago, when I wasted to download some .bin and .pkg files from a web server running IIS, into a Cisco firewall. Then again this week I needed to get a large .iso file into a clients network so I put it on a publicly accessible web server running IIS, and had the problem again.

 

Solution

On the IIS server, open administrative tools > Internet Information Services (IIS) Manager > Drill down to the default website > Locate the ‘MIME Types‘ and open them.

You will probably find there is not one for the file extension you cannot download (in this case .iso) > Add one in > Set the MIME type to;

application/octet-stream

 

Then re-try your download.

Related Articles, References, Credits, or External Links

NA

Cisco CSC – Upgrade the Operating System

KB ID 0000807 

Problem

Upgrading the operating system on the CSC module is pretty straight forward, as long as you have a valid support agreement for your hardware and a CCO account you can download the updates straight from Cisco (here).

Solution

WARNING: It’s rare that you can update straight to the latest version, by all means try, and the CSC module will simply error if it will not accept the version you are trying to update to.

WARNING 2: This may involve some downtime, especially if your CSC module is configured to fail-closed, you may wish to set it to fail-open during the upgrade to minimise disruption. Unless you have a dual failover firewall solution, in which case scroll down.

You can do this via command line if you wish, but it’s a lot simpler to do via the web console. You will need to download your updated software (with the .pkg extension NOT the .bin extension).

Once downloaded, log into the web portal of the CSC module https://{IP-Address}:8443 > Administration > Product Upgrade > Browse > Locate your update > Upload > Go an have a coffee, it will take a while.

Upgrading CSC Modules in a Failover Pair

If you have firewalls deployed in failover, then you will have two CSC modules to upgrade.

1. Just for ease I’m showing the command line and the web console view. Start by upgrading the CSC module in the Secondary Standby firewall, here I’m upgrading 6.3.1172.0 to 6.3.1172.4.

2. Now I take the same module to 6.6.1125.0.

3. Once I know the system has updated and is back online, I jump onto the Primary Active firewall and force a failover to the Secondary Standby firewall.

Check module status with;

[box]
show module 1 detail
[/box]

To force failover, on the Primary Active firewall.

[box]

configure terminal
no failover active

[/box]

4. Note: At this point the screen looks the same as above, but ‘physically’ the firewalls have swapped over, the Primary is now Standby and can be updated. Below I’m upgrading from 6.2.1599.0 to 6.2.1599.6.

5. Now we can see both modules are running the latest (at time of writing), product version.

6. Now to fail back simply issue the following command an the Secondary Active firewall;

[box]

configure terminal
no failover active

[/box]

7. You can also check the versions match with the following command;

[box]
show failover
[/box]

Related Articles, References, Credits, or External Links

NA

ASA 5585-X Update the CX SSP Module

KB ID 0001005 

Problem

Every piece of documentation I found on upgrading CX SSP modules was for doing so on models other than the ASA5585-X. The (current) latest CLI guide says;

“For the ASA 5585-X hardware module, you must install or upgrade your image from within the ASA CX module. See the ASA CX module documentation for more information.”

Yeah good luck finding that!

Solution

Before I saw the information above I tried to upgrade the CX module from the ASA and this is the error you get when you try;

[box]PetesASA(config)# hw-module module 1 recover configure url tftp://10.0.41.100/asacx-5500x-boot-9.3.1.1-112.img
ERROR: Module in slot 1 does not support recovery[/box]

Then, I tried the update from within the CX module, and got the following error;

[box] asacx>system upgrade ftp://10.0.41.100/asacx-sys-9.3.1.1-112.pkg
Verifying

111
Upgrade aborted.

[/box]

Note: If you have not already found out, the default username is admin and the default password is Admin123.

Turns out that was an error in 3CDaemon that I use as an FTP server, once I fixed that, I was cooking on gas.

Upgrade the ASA 5585-X CX SSP Module

1. Connect to the CX modules console port, and you can view the version.

[box] Cisco ASA CX 9.1.2
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg
If you require further assistance please contact us by sending email to
export@cisco.com.

You can access the Web UI from your browser using the following URL(s):
https://192.168.8.8/

asacx login:

[/box]

2. Now the CX module has its default IP of 192.168.8.8, I need to change this, I’ll do that from command line on the ASA like so.

[box] PetesASA(config)# session 1 do setup host ip 10.0.41.34/24,10.1.41.1

Syntax

session 1 do setup host ip {IP Address}/{Subnet Mask},{Default Gateway}

[/box]

3. At this point make sure that Management port 1/0 on the CX module is connected to the network.

4. You can simply ping the new IP, or view it in the ASDM. (Note: here you can also view the CX software version).

5. Now the CX module and your FTP server are on the same network, and you have downloaded the CX software from Cisco, you can perform the upgrade, (from the console session on the CX module).

Note: Don’t press any keys (unless asked to), while this is going on, or it has a habit of aborting!

[box] asacx>system upgrade ftp://10.0.41.100/asacx-sys-9.3.1.1-112.pkg
Verifying
Downloading
Extracting
Package Detail
Description: Cisco ASA-CX 9.3.1.1-112 System Upgrade
Requires reboot: Yes

NOTE: If this device is being managed by a PRSM server, you must also apply the same upgrade package to the PRSM server or you will not be able to deploy configurations from the PRSM server to this device.

Do you want to continue with upgrade? [y]:y

Doing so might leave system in unusable state.

Upgrading
Starting upgrade process …[ 459.563380] kjournald starting. Commit interval 5 seconds
[ 459.648202] EXT3 FS on sde3, internal journal
[ 459.700274] EXT3-fs: mounted filesystem with ordered data mode.

Populating new system image
Copying over new application components
Cleaning up old application components

Reboot is required to complete the upgrade. Press ‘Enter’ to reboot the system. {Enter}

Broadcast message from root (console) (Fri Oct 3 08:20:59 2014):

The system is going down for reboot NOW!

[/box]

6. Post reboot you can see the new version from the console connection.

[box] Cisco ASA CX 9.3.1.1
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg
If you require further assistance please contact us by sending email to
export@cisco.com.

You can access the Web UI from your browser using the following URL(s):
https://10.0.41.34/
https://[fe80::5af3:9cff:fe05:d2e4]/

asacx login:

[/box]

You can also check the version has updated from within the ASDM.

 

Related Articles, References, Credits, or External Links

NA

 

ASA Upgrading and Imaging a Hardware CX Module

KB ID 0001025

Problem

Last time I had to do one of these the process was very straight forward, one command and the ASA got its new image from FTP, extracted it, and then installed it.

I had a CX module fail last week, and Cisco shipped me out a replacement. After installing it and running the setup, I needed to upgrade it (it will be managed by PRSM). It was running version 9.0.2 (probably been on the shelf a while!). And every time I tried to run a system upgrade it told me this, (regardless of what version I tried to install).

[box]This package is not applicable to release 9.0.2.[/box]

If I tried to set a boot image in the ASA, I got the following errors;

[box] Module 1 cannot be recovered.

OR

ERROR: Module in slot 1 does not support recovery

[/box]

Well there is a boot image especially for the 5585-X CX module, so how do you use it?

Solution

Remember the ASA-SSP-CX unit is basically the same hardware as the ASA, you need to boot that card to ROMMON, then install the boot image via TFTP. Once that’s loaded you can run setup and install the new software package.

1. As you can see this one’s running a very old OS.

[box] Petes-CX>show version

Cisco ASA CX Platform 9.0.2 (103)

Cisco Prime Security Manager 9.0.2 (103) for Petes-CX firewall

Petes-CX>

[/box]

2. Reload the module and as it starts to boot, send a ‘break’ keystroke.

[box] Petes-CX>system reload
Are you sure you want to reload the system? [N]: y
Broadcast message from root (console) (Mon Jan 19 14:47:09 2015):
The system is going down for reboot NOW!
INIT: SwitchingStopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 3862)
.
Stopping Advanced Configuration and Power Interface daemon: no /usr/sbin/acpid found; none killed
stopping Busybox inetd: inetd… stopped inetd (pid 3875)
done.
Stopping Vixie-cron.
Stopping ntpd: stopped process in pidfile ‘/var/run/ntp.pid’ (pid 3880)
done
Stopping syslogd/klogd: done
Deconfiguring network interfaces… done.
Stopping CGroup Rules Engine Daemon…stopped /usr/sbin/cgrulesengd (pid 3865)

Success
CGRE[3865]: Stopped CGroup Rules Engine Daemon at Mon Jan 19 14:47:13 2015
Stopping cgconfig service: Success
Sending all processes the TERM signal…
Sending all processes the KILL signal…
Unmounting remote filesystems…
Deactivating swap…
Unmounting local filesystems…
umount2: Device or resource busy

——————————————
–Output Removed for the Sake of Brevity–
——————————————

The system is restarting…

CISCO SYSTEMS

Embedded BIOS Version 2.0(13)0 20:40:45 10/21/11

USB storage device found … SMART eUSB USB Device

Total memory : 12 GB

Total number of CPU cores : 8

CPLD revision 0008h
Cisco Systems ROMMON Version (2.0(13)0) #0: Fri Oct 21 20:01:34 CDT 2011

Use BREAK or ESC to interrupt boot.Use SPACE to begin boot immediately.Boot in 10 seconds.

Boot interrupted.

Management0/0
Link is UP
MAC Address: 6c20.5658.928c

Use ? for help.
rommon #0>

[/box]

3. Remember in ROMMON mode you need to set up all the network settings to copy in the boot image (where 192.168.1.10 will be the CX,and .101 is the TFTP server).

Note: This is the BOOT image, it will have a .img file extension.

[box] rommon #0> ADDRESS=192.168.1.10
rommon #1> SERVER=192.168.1.101
rommon #2> GATEWAY=192.168.1.1
rommon #3> IMAGE=asacx-boot-9.3.2.1-9.img
rommon #4> [/box]

4. Make sure you can ping the TFTP server.

[box]rommon #4> ping 192.168.1.101
Sending 20, 100-byte ICMP Echoes to 192.168.1.101, timeout is 4 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20)[/box]

5. Issue a sync command, then start the transfer.

[box]

rommon #5> sync

Updating NVRAM Parameters…

rommon #6> tftp
ROMMON Variable Settings:
ADDRESS=192.168.1.10
SERVER=192.168.1.101
GATEWAY=192.168.1.1
PORT=Management0/0
VLAN=untagged
IMAGE=asacx-boot-9.3.2.1-9.img
CONFIG=
LINKTIMEOUT=20
PKTTIMEOUT=4
RETRY=20

tftp asacx-boot-9.3.2.1-9.img@192.168.1.010 via 192.168.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

——————————————
–Output Removed for the Sake of Brevity–
——————————————

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 65605385 bytes

Launching TFTP Image…

Execute image at 0x14000
[STUB]
Boot protocol version 0x209

——————————————
–Output Removed for the Sake of Brevity–
——————————————

Starting syslogd/klogd: done
Cisco ASA CX Boot Image 9.3.2.1

Petes-CX login: admin
Password: ************

Cisco ASA CX Boot 9.3.2.1 (9)
Type ? for list of commands
Petes-CX-boot>

[/box]

WARNING the following procedure will erase all the settings from your CX module

6. Partition the CX module drive. (This takes a long time, good time to put the kettle on!)

[box]

Petes-CX-boot>partition
WARNING: You are about to erase all policy configurations and data.
You cannot undo this action.
Are you sure you want to proceed? [y/n]:y
Logical volume “data” successfully removed
Logical volume “var” successfully removed
Logical volume “packages” successfully removed

——————————————
–Output Removed for the Sake of Brevity–
——————————————

Persistent partition is there so create symbolic link /etc/ntp.conf
Persistent partition is there so create symbolic link /etc/hosts
Petes-CX-boot>

[/box]

7. Run the basic setup.

[box]

Petes-CX-boot>setup

Welcome to Cisco Prime Security Manager Setup
[hit Ctrl-C to abort]
Default values are inside []

Enter a hostname [asacx]: Petes-CX
Do you want to configure IPv4 address on management interface?(y/n) [Y]: Y
Do you want to enable DHCP for IPv4 address assignment on management interface?(y/n) [N]: N
Enter an IPv4 address [192.168.8.8]: 192.168.1.10
Enter the netmask [255.255.255.0]: 255.255.255.0
Enter the gateway [192.168.8.1]: 192.168.1.1
Do you want to configure static IPv6 address on management interface?(y/n) [N]: N
Stateless autoconfiguration will be enabled for IPv6 addresses.
Enter the primary DNS server IP address: 192.168.1.20
Do you want to configure Secondary DNS Server? (y/n) [n]: Y
Enter the secondary DNS server IP address: 192.168.1.21
Do you want to configure Local Domain Name? (y/n) [n]: Y
Enter the local domain name: petenetlive.com
Do you want to configure Search domains? (y/n) [n]: Y
Enter the comma separated list for search domains: petenetlive.com
Do you want to enable the NTP service? [Y]: Y
Enter the NTP servers separated by commas: 192.168.1.31,192.168.1.32
Do you want to enable the NTP symmetric key authentication? [N]: N
Please review the final configuration:
Hostname:Petes-CX
Management Interface Configuration

IPv4 Configuration:static
IP Address:192.168.1.10
Netmask:255.255.255.0
Gateway:192.168.1.1

IPv6 Configuration:Stateless autoconfiguration

DNS Configuration:
Domain:petenetlive.com
Search:
petenetlive.com
DNS Server:
192.168.1.20
192.168.1.21

NTP configuration:
192.168.1.31,192.168.1.32
CAUTION:
You have selected IPv6 stateless autoconfiguration, which assigns a global address based on network prefix and a device identifier. Although this address is unlikely to change, if it does change, the system will stop functioning correctly.
We suggest you use static addressing instead.

Apply the changes?(y,n) [Y]: Y
Configuration saved successfully!
Applying…
Restarting network services…
Restarting NTP service…
Done.
Press ENTER to continue…
Petes-CX-boot>

[/box]

8. You can now upgrade the CX module from FTP.

Note: This is the SYSTEM image, it will have a .pkg extension.

[box]

Petes-CX-boot>system install ftp://192.168.1.101/asacx-sys-9.3.2.1-9.pkg
Verifying..
Downloading..
Extracting..
Package Detail
Description:Cisco ASA-CX 9.3.2.1-9 System Upgrade
Requires reboot:Yes

Do you want to continue with upgrade? [y]: y

Warning: Please do not interrupt the process or turn off the system.
Doing so might leave system in unusable state.

Upgrading..
Starting upgrade process ..
Populating new system image..
Copying over new application components..
Cleaning up old application components..
Reboot is required to complete the upgrade. Press ‘Enter’ to reboot the system.

PRESS ENTER

Broadcast message from root (consoStopping OpenBSD Secure Shell server: sshdstopped /usr/sbin/sshd (pid 2883)

[/box]

9. After the module has reloaded, log in and make sure every thing is working.

[box]

Petes-CX login: admin
Password:***********


    Cisco Prime Security Manager 9.3.2.1 (9) for Petes-CX firewall
  Type ? for list of commands

Petes-CX>show services status
============================================================
Process           | PID   | Up    | Up Time
============================================================
HTTP Server       | 6139  | True  | 00:02:00
Data Plane        | 6665  | True  | 00:01:35
Opdata Helper     | 6299  | True  | 00:01:59
AD Interface      | 6674  | True  | 00:01:35
HW Regex Server   | 6572  | True  | 00:01:43
Message Nameserver| 6279  | True  | 00:01:59
HTTP Auth Daemon  | 6469  | True  | 00:01:57
Management Plane  | 6481  | True  | 00:01:57
signup            | 6347  | True  | 00:01:59
PDTS              | 6442  | True  | 00:01:59
Predictive Defense| 6679  | True  | 00:01:35
HTTP Inspector    | 6689  | True  | 00:01:35
HPM Monitor       | 6684  | True  | 00:01:35
Updater           | 7772  | True  | 00:00:19
Card Manager      | 6071  | True  | 00:02:00
ARP Daemon        | 6458  | True  | 00:01:58
Event Server      | 6512  | True  | 00:01:52
TLS Proxy         | 6719  | True  | 00:01:35
============================================================
Petes-CX>

[/box]

 

Related Articles, References, Credits, or External Links

Special thanks to Veronika Klauzova from Cisco TAC