Cisco Firewall :: 5520 - Upgrade Asa 8.25 To 8.4?

Apr 15, 2013

I am trying to upgrade our ASA5520(Primary/Standby) to 8.45. Can i upgrade 8.25 directly to 8.45 or do i have to upgrade to 8.3 first?                  

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Upgrade From 8.2(3) To 8.2(5)

Oct 19, 2011

We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary

View 2 Replies View Related

Cisco Firewall :: ASA 5520 IOS Upgrade

Sep 7, 2011

I have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest. What could be the better way and upgrade procedure. Below is show version details and IOS upgrade to latest.

Cisco Adaptive Security Appliance Software Version 7.2(4)Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by buildersSystem image file is "disk0:/asa724-k8.bin"Config file at boot was "startup-config"

IGN-ASA-1 up 45 days 17 hoursfailover cluster up 45 days 17 hours
Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 256MBSlot 1: ATA Compact Flash, 512MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB

[Code] ........

View 5 Replies View Related

Cisco Firewall :: How To Upgrade From ASA 5520 (8.2.5) To ASA 5545x

Feb 11, 2013

Due to increase of demands on our ASA cluster, we need to upgrade to a new cluster of 5545x. Our current config contains a lot of S2S & NAT

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Firmware Upgrade?

May 7, 2013

We have 2 ASA 5520s in active/standy.  We run IOS 8.2(5)24 and I wondered if I need to upgrade as I see the versions have gone to 8.4 and beyond!  We are not getting any issues and I'm aware of the difficult migration from 8.2 to 8.4 etc due to the NAT change.

View 3 Replies View Related

Cisco Firewall :: Upgrade From ASA 5520 To 5525

Feb 27, 2013

I'm about to  upgrade from an ASA5520 to ASA5525.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 / 5550 - Cannot Upgrade To 8.3

Aug 7, 2011

I have a couple of ASA5520 and ASA5550, and I wanted to know if it is worth it to upgrade the software from 8.2(4) to 8.2(5)?  Because of the RAM I cannot upgrade to 8.3 for now.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Upgrade 8.0(4) To 8.4.2 / Zero Downtime?

Mar 11, 2012

We are currently on 8.0(4) and planning on upgrading our failover pair to 8.4.2, I read some documents saying that we can perform a zero downtime upgrade.
 
According the below documents Version 8.2 supports mismatch memory failover, [URL]
 
 Upgrade Path:
 
Active Firewall:                         Standby Firewall:
   8.0(4)                                       8.0(4)-->8.2.2
   8.0(4)                                       Upgrade RAM-2G---Reload
   faiover to standby                    8.2.2
   8.0(4)--->8.2.2                          8.2.2

[code]...

Can I perform zero downtime upgrade with the above upgrade path? Will both the firewalls act as a failover pair if one is on 8.2.2 and other is on 8.4.2.
 
"Performing Zero Downtime Upgrades for Failover Pairs
 
The two units in a failover configuration should have the same major  (first number) and minor (second number) software version. However, you  do not need to maintain version parity on the units during the upgrade  process; you can have different versions on the software running on each  unit and still maintain failover support." [URL]

View 4 Replies View Related

Cisco Firewall :: 5520 - Different DMZ Behavior After Upgrade To ASA 8.4(4)

May 23, 2012

I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of 10.20.20.16/28 configured. 10.20.20.17 is the ASA/Gateway and 10.20.20.19 is one host and 10.20.20.20 is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 Need To Upgrade Flash From 64M To 256M?

Dec 12, 2012

I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33.  the ASA only has 64M of flash.  I have a 256M flash card.  What are the steps to upgrade the flash?  I am not sure how  it will boot up because the new flash will be blank?

View 2 Replies View Related

Cisco Firewall :: Upgrade ASA 5520 In Active / Standby Configured From 7.2(4) To 8.3(1)

Oct 9, 2011

I have been asked to look at upgrading two 5520 ASA configured in a HA pair Active/Standby, from version 7.2(4) to version 8.3(1) to bring it in line with some other ASA firewalls in the organisation.
 
My question is can I simply upgrade straight from 7.2(4) to 8.3(1) or will I have to step the upgrade from 7.2(4) => 8.2(x) => 8.3(1)
 
Having read a few articles on the forums and the release notes I think I should be able to go from 7.2(4) => 8.3(1) .
 
The second part of my query is around the upgrade itself, having researched this a little there seems to be various views on how to go about upgrading a HA pair and I cannot find anything specific on the website.
 
The approach I am thinking of is simply as follows;

- upload images onto both firewalls in the HA pair
- On the standby from the CLI
clear configure boot

[Code].....

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - Fail Over Cluster Software Upgrade

Jul 21, 2011

last night we tried to upgrade our cluster (2x ASA5520) from 8.0(4) to 8.2(3) and failed miserably.
 
1. Both units got the new image, but when we reloaded the secondary unit then we got the following strange message:
 
"Mate's license (10GE I/O Enabled) is not compatible with my license (10GE I/O Disabled). Fail over will be disabled."
 
After this message fail over was not there anymore and both units became active (!!!) which killed everything. Of course ASA5520 doesn't have 10GE and we have exactly the same units. What could be the problem here? Currently we run with a single unit with 8.2(3) and the secondary unit is switched off.
 
2. After the upgrade we cannot connect with multiple VPN sessions from the same client, this gets logged:
 
"Multiple sessions per tunnel are not supported"
 
This was working just fine with 8.0(4) and doesn't work with 8.2(3). Do we have to update something in the config or what is causing this? If you ask why we went with 8.2(3) instead of 8.2(5) then the answer is because we were testing that for several month in our secondary data center, but unfortunately only on a single ASA and not on a cluster. We couldn't go higher due to the 512MB RAM we have in all units.
And we had to upgrade, because we had crashes with 8.0(4) which was working fine for a long-long time.

View 7 Replies View Related

Cisco Firewall :: 5520 - Upgrade From 8.3.1 To 8.3.2 / Unable To Copy Via TFTP

Aug 16, 2011

I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
 
ASA5520# copy tftp: flash:
 Address or name of remote host []? 10.88.127.153
 Source filename []? asa831-k8.bin
 Destination filename [asa831-k8.bin]?

[code]....
 
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade

View 12 Replies View Related

Cisco Firewall :: ASA 5520 Flash Upgrade From 256Mb To 512Mb

Mar 25, 2013

I need to upgrade the flash memory of the ASA 5520 from 256Mb to 512Mb. As far as I realized the built-in flash memory called system compact flash and there is also an empty slot which it is possible to install a user flash.

What is the difference between user and system compact flash? and for upgrade can I just insert the user compact flash or do I need to upgrade the system compact flash? Where can I find the part number for each type?

View 4 Replies View Related

Cisco Firewall :: Software Upgrade For ASA 5520 Version 7.0(1) To Version 8.4?

Apr 3, 2012

provide me with the important links which can show me how to do the software upgrade for my ASA 5520 ver 7.0(1) to ver 8.4 ? as well as the ASDM

View 10 Replies View Related

Cisco Firewall :: ASA 5520 K8 - IOS Upgrade And Site To Site VPN

Feb 20, 2013

I have asa 5520 k8 model presently i am running with IOS version 8.0(4) i am upgrading to 8.2(5) is ? any license required from Cisco to upgrade to this IOS, and also let me know how many site to site vpn can be configure on this device.
 
Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                  : Unlimited
Failover                     : Active/Active
[code]...
 
This platform has an ASA 5520 VPN Plus license. Serial Number: JMX1051K2S5.

View 3 Replies View Related

Cisco Security :: ASA 5520 - Upgrade 8.2.x To 9.1.x?

Jan 17, 2013

I have a project to upgrade an ASA 5520 to 9.1.x, then add another ASA for failover.  What will be the correct way ?
 
I had the 2 Gb memory.
 
I have rewritten all nat statements (during my other 8.2 to 8.3 or 8.4 upgrade project, the nat conversion was catastrophic, so I rewrite all now).
 
Can I upgrade directly to v9 ? Or 8.2 -> 8.4 -> 9.1 ?
 
I think to :
 
- inject actual config in the new ASA in 8.2
- remove nat statement
- upgrade to 8.4
- configure new nat
- upgrade to 9
- connect the new ASA to the network and deconnect the other ASA
- test
- upgrade old ASA to 8.4 or 9 directly ?
- configure failover

View 1 Replies View Related

Cisco Infrastructure :: Upgrade IOS On ASA 5520?

Jul 4, 2011

I am going to be updating the IOS on our Cisco ASA 5520 from verion 7.0(8) to 8.2(5).  I am also going to setup AnyConnect.  Are there any major changes in the 2 IOS versions that I need to be aware of or will the config work in either version?  Also, we are currently using the Cisco VPN Client to connect to our network.  Will that still work after the upgrade?

View 3 Replies View Related

Cisco VPN :: 5520 - AnyConnect Essentials To Premium Upgrade

Jun 18, 2012

We upgraded and re-configured two existing ASA5520 platforms in order to provide an SSL VPN solution for one of our customers.
 
The customer opted to deploy AnyConnect Essentials the functionality / features they required for day one were catered for in the Essentials license and budget constraints meant Premium licensing could not be included in the original deployment.
 
The licenses added to the system were:
L-ASA-AC-E-5520=      AnyConnect Essentials VPN License - ASA 5520 (750 Users)
ASA-AC-M-5520          AnyConnect Mobile - ASA 5520 (req. Essentials or Premium)
 
The customer is now seeing a growing number of mobile devices and wishes to support the BYOD culture growing within the business; as a result we now need to use features available in AnyConnect Premium. I am aware from reading the following document [URL] that AnyConnect Essentials and Premium licenses cannot co-exist on an ASA; I need to ensure we purchase the appropriate upgrade for the customer.
 
Is there an SKU to upgrade / migrate an existing Essentials deployment to Premium? I've reviewed the licensing guide and price list but cannot find a method which enables this transition.

View 3 Replies View Related

Cisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8

Nov 2, 2012

We were using ASA-5520-K9 with  ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5520 Identity Based Firewall Doesn't Work Using Citric Published

Jul 26, 2012

We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
 
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
 
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
 
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.

View 17 Replies View Related

Cisco Firewall :: Launch LAND Attack Against Firewall ASA 5520

Apr 15, 2013

I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.

View 1 Replies View Related

Cisco Firewall :: 5520 Single Firewall With 2 Core Switches

Jan 4, 2012

Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.

View 8 Replies View Related

Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting

May 22, 2013

I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
 
[URL] 209.151.225.100
  
Can I use the following command to set ntp server?
 
ntp server 209.151.225.100 source outside.

View 3 Replies View Related

Cisco Firewall :: Make Communication Between 2 Vlans On Firewall 5520 ASA 8.2

Jan 1, 2012

communication between 2 vlans.i have 2 vlans
 
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add    2.2.2.2 
 
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Corporate Firewall Crash

Feb 27, 2011

I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
 
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
 
Nothing changed and firewall continue restarting by itself.
 
Last logs I received before crash were:
 
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =   0x084A619E  0x084A6512  0x084A70E1  0x084A7987  0x084A7AAA  0x08558B9B  0x08558E8A  0x083D3518  0x083CA145  0x080659D1  0x089196D9  0x08919790  0x089FF711  0x08A27468

Here the sh crash info command on module 0, after last reboot:
[Code] ......

View 12 Replies View Related

Cisco Firewall :: 5520 Firewall Management Port

Nov 29, 2011

we are having a firewall asa 5520 .we have connected the  management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - NAT And Firewall Access Control

Oct 4, 2012

I have an ASA 5520 in my company which does all our NAT and Firewall access control.  Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created.  This is a test before the web app is released live.  Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through.  Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - VPN Traffic Is Getting Dropped Through Firewall

Apr 8, 2011

Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
 
2011-04-09 16:15:09    Local4.Info    172.16.1.68    %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE:68.22.26.66/4500 to inside:172.16.9.10/4410 duration 0:27:49 bytes 18653

View 1 Replies View Related

Cisco Firewall :: 5520 - Firewall Behind Two GLBP Routers

May 29, 2012

I have problem in the configuration of Cisco ASA 5520, IOS version 8.4. The connection is as follows: LAN network--> Firewall --> Routers with GLBP with virtual ip address. the clients can not ping the virtual interface of the GLBP group, but I can ping it from the firewall, and I can ping the clients from the firewall, I checked the packet tracer it gives :
 
Phase: 7
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside10,outside) source dynamic LAN interface
Additional Information:(code)

View 1 Replies View Related

Cisco Firewall :: ASA5505 Lose Configuration If Upgrade Firewall

May 17, 2011

i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved