Cisco Firewall :: ASA 5505 7.2(4) To 8.2(4) Upgrade?
Feb 27, 2011I'm getting ready to reload an ASA that will be a long drive if it doesn't come back up after this upgrade attempt.
View 9 RepliesI'm getting ready to reload an ASA that will be a long drive if it doesn't come back up after this upgrade attempt.
View 9 RepliesI'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
I open case open to the Cisco about I am not able to get the SSH connection from ASA 5505 after upgrade the IOS 8.2.3 and Device Manager 6.3.3 from the older IOS 7.2.4 and device manager 5.2.4.
I am working in MNC and we have more than 30 office around the world.We have all offices have ASA5505 which we upgrade 3 years before and Now We are in procession to upgrade the IOS on all ASA5505 to all 30 offices.
But after I upgrade the 10 offices and relieze that not able to get SSH connection to ASA5505 with new IOS 8.2.3.I opened the 2 times case and call the Cisco Technical but no luck so far.
I have been delaying an upgrade past 8.2.5 because it is stable and I didnt feel like learning a new way of doing NAT because of the way the code was changed. What is forcing me to go down this path is that I need to be able to let protocol 41 pass through the firewall which doesnt work in 8.2.5 and is what is making me look at 8.3 or 8.4
I know that I will have to install a memory upgrade on both my lab 5505's before I can install the upgraded binary. Will be ordering that in the next few days.
Any suggestions on going to 8.3 or 8.4 based on the reason for the upgrade ? I had been told by TAC to stay away from 8.3 but never got a good reason for that. My lab config (i.e. home ASA) is pretty straight forward (no SSL or IPSEC config), so I would hope it would go fairly smooth. I had heard a lot of horror stories early on but wanted to see how things had been going for everyone with the later versions of code.
I just upgraded an ASA5505 running 8.4.1 to 8.4.2 after noticing that I was experiencing the ssh bug described here: [URL]. Now every time I reload the unit I get the following message on the console:
Reading from flash...
!!...
Cryptochecksum (unchanged): b19f76ce 30b189e5 9272b4d4 4f746634
Type '?' for a list of available commands.
[Code]...
I tried searching for this message with no luck at all. The firewall seems to be working ok as I can still get online and my VPN tunnels are up,
I have been browsing the forum and the support notes for a couple of hours and haven't found a definitive answer to my question. Our ASA is on the subject versions. I watched a video on YouTube stating that upgrading the ASA is easiest if you upgrade ASDM, then the ASA. Problem is, I don't think I can upgrade ASDM first because I don't see a version that is compatible with ASA 7.2.x and 8.0.x.
View 3 Replies View RelatedI am trying to get experience with 8.4 code on my 5505. I purchased a Cisco 512MB memory upgrade and installed it. It booted up once and I thought I was ok. I then looked down and noticed that all lights were blinking on the front panel and I had no console access.
[code]...
I am trying to find out the best path to upgrade to two ASA 5510 running 9.0 (1). I know there are changes in the new version. Let me know what information you need and i will post.
View 2 Replies View RelatedI have a Cisco ASA 5505 device with basic (default) license, currently all my reirections, VPN's, VLAN's(3 Vlan's) etc are configured on the same and are working fine.Now i need to upgrade my basic license to "Security Plus" for some additional features, if i upgrade it directley is there any complications in present rules, below is my doubhts
1. if i upgrade, did it change any of my present configurations ?
2. is there any name change or property changes for VLAN's or VPN's
3. did it affect the firewall functions
4. If anything goes wrong, can i restore it in to my old state using my previous dump.
I have successifuly upgraded ASA and ASDM image. My question is how to make it to boot it as default when you do a factory reset of the device. For the ASA image I found out that it will boot the first image it founds on the flash, so I left only the latest bin file and if I do factory reset it boot the latest. But for ASDM it still boots the old one, because there is no "asdm image disk0:/asdm-645.bin" command in the config. I`m not sure how, because I only left the new ASDM bin image. Is there any variable or something that still points to old asdm image?
My ASA version is 8.4(2) and ASDM 6.4(5). The old one was ASA 8.2 and ASDM 6.3.
We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?
View 1 Replies View RelatedI have several ASA-5505 units with the SecurityPlus license. These are running older OS versions and I would like to upgrade them. I am wondering if I will lose the SecurityPlus if I upgrade the image to 8.3
View 4 Replies View RelatedBefore upgrading to 8.4(4)1 I was able to ping our inside interface accross the VPN. Now I cannot. Because ping is not working, my SNMP server thinks that the device is offline however I know the VPN tunnel is still up and the remote branch office is working fine. Here is the config of the branch office ASA 5505 in question. How to get icmp working again?
ASA Version 8.4(4)1
!
hostname BranchASA5505
domain-name houston.deh
[Code].....
My macbook pro recently upgraded to the last version of java and now I can open the ASDM for my Cisco ASA 5505, when I try open, only show me the window of Java 7 ..., and don't load the ASDM.
View 15 Replies View RelatedI have DSL 8Mbps DL and 768kbps UL,Internet -> Modem -> Cisco Router -> Firewall -> Switch Core - > Multiple switches like sfe2000p,CiscoRouter: i use port gig0/1 for PPPoE and i use port gig0/2 for LAN static,Router port gig0/2 with 122.54.144.153/29 connected directly to Firewall port13 with 122.54.144.154/29,i want 122.54.144.153/29 will my default gateway,Please include no limit bandwidth,filter etc at router, Firewall will be DHCP Server and control the bandwidth, filtering etc and the client computer should get 8Mbps.
View 2 Replies View RelatedI recently upgraded the flash and the RAM on one of my ASA 5505 lab machines. The flash was upgraded from 128 to 512MB and the RAM was also upgraded from 256 to 512MB. I am using asa845-k8.bin. The firewall boots and runs file until you issue the reload command. The system shuts down but never reloads.
View 11 Replies View RelatedI used ASDM to upgrade a 5505 tonight and now I get the error message attached. How/where do I find out which versions are compatible?
View 2 Replies View RelatedI have a printer sitting on an outside interface e0/7 that external vendors were able to print to prior to an ISP IP address change and IOS upgrade.
We upgraded our IOS from 8.2.1 to 8.2.5. The printer wasn't changed so the MAC address mapping is still correct on the ISP translation list. The ISP issues DHCP MAC reservations for static IP address assignment. My printer doesn't seem to be getting the DHCP assignment now.
Here is the before and after config. I'm just wondering since this worked prior to changeing the IP and IOS changes if there is another command I need since upgrading from 8.2.1 to 8.2.5. The DHCP IP address is assigned and is working on my e0/0 vlan2 outside interface.
Config that worked prior to the IP and IOS change. hostname hrhdomain-name hrh.comenable password passwd multicast-routingnamesname 10.200.200.0 TestNet!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.8 255.255.255.0ospf cost 10ospf network point-to-point non-broadcastospf
[Code]....
if there's a way to upgrade my ASA5505 to support gigE without spending an arm and a leg for an ASA 5510?
View 4 Replies View RelatedMy client is having a 5505 which supports 2 SSL peers as per now and we want an upgrade . I had a look into GPL and I was confused with two of the following part numbers . Which one should I go for as both of these look same for me and there is a huge difference in price .
ASA5500-SSL-10
ASA 5500 SSL VPN 10 Premium User License
ASA-AC-E-5505
AnyConnect Essentials VPN License - ASA 5505 (25 Users)
I have a cisco ASA5505, with base license, it appears I can only have 2 ssl/webvpn connection running at any one time. How can I upgrade only the webvpn portion to allow more licenses?
View 2 Replies View RelatedI upgraded an ASA 5505 from 8.3(2) to 8.4(4) this evening. The 5505 is a backup and used to perform testing prior to production changes. After the upgrade was complete, a VPN tunnel began to fail. I did a limited search online to see if this was a known issue or something new. I also reviewed the release notes but did not see anything that matched the issue I received.
My concern is that this tunnel configuration is scheduled to be deployed to the production firewalls next week after their upgrade. But if it failed on the upgraded test unit, it may fail on the production units.
I downgraded the backup unit to 8.3(1) and verified that the tunnel indeed worked at that level.
Attempting to upgrade from ASA 8.3.2, ASDM 6.3.4, Any Connect 2.5.1 to ASA 8.4(4)1, ASDM 6.4(9) and Any Connect 3.1.00495 using ASA 5505.
Client is Windows XP SP3 w/ IE7. Can log into the ASA web portal and starts to install via ActiveX. I get past the IE7 message bar to authorize installing the ActiveX control. I briefly see a message that says "ActiveX could not be launched" (I think. It is very fast) and then the install hangs w/ the message in the web connect dialog about the IE7 message bar. If I let the timer expire, the java install also fails. If I download the installer via the web portal, and install Any Connect via the downloaded installer, everything works fine.
Same problem w/ ASA 9.1.1, ASDM 7.1(1) and Any Connect 3.1.02026. I have added the web page address to the trusted zone, and checked all the zones for permissions to install ActiveX controls, etc. Worked w/ the older/original software when I remove the kill bit for Microsoft KB2736233. Have not installed any custom Any Connect profile to use transforms. I did see in the release notes some information on NO INSTALL ACTIVEX=0, but I think this applies to the per-install package only.
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies View RelatedI have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies View RelatedHow I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedI have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies View Relatedsetting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???
View 4 Replies View RelatedI have a cisco asa 5505 firewall. Is it possible to block secure websites in it like [URL]? I have already tried regular expression filtering but it filters only http traffic.
View 4 Replies View Related