I have a Cisco ASA 5505 device with basic (default) license, currently all my reirections, VPN's, VLAN's(3 Vlan's) etc are configured on the same and are working fine.Now i need to upgrade my basic license to "Security Plus" for some additional features, if i upgrade it directley is there any complications in present rules, below is my doubhts
1. if i upgrade, did it change any of my present configurations ?
2. is there any name change or property changes for VLAN's or VPN's
3. did it affect the firewall functions
4. If anything goes wrong, can i restore it in to my old state using my previous dump.
We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?
My client is having a 5505 which supports 2 SSL peers as per now and we want an upgrade . I had a look into GPL and I was confused with two of the following part numbers . Which one should I go for as both of these look same for me and there is a huge difference in price .
I have a two ASA HA and I'd like to upgrade the license to ASA5500-SSL-250. I need to know if i have to purchase one license (ASA5500-SSL-250) for the Active unit and one license (ASA5500-SSL-250) for the standby unit.
I want to confirm if the upgrade license (ASA5505-SW-10-UL=) is backward compactible with PIX 501 firewall device? though pix 501is end of life bit i want to verify if the upgrade license for asa5505 will work with it?
I am having an issue where I can't connect to VPN after upgrading the license. The license upgraded is related to AnyConnect VPN. I noticed from the newly upgraded license, the Encryption-3DES-AES is disabled whereas previously it was enabled.
I have a firewall module in a Switch Catalyst 6500. I wan to upgrade its context capacity to a greater capacity. When I looked it in the Dynamic configuration, it send me following number parts:
FR-SVC-FWM-VC-T1= FR-SVC-FWM-UPGR1=
The first one is the license to have 20 context and the next one is upgrade from 20 context to 50 context. My problem is that I haven't could find a service support contract associate them.I want to know if they have or not service contract, because I can´t find them.
I'm new to ASA and bought a used one from ebay but I cannot connect to the ASDM - I get an error in all the browsers.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
Having browsed the support forums and Google - it seems I need the 3DES license. I have obtained an activation key from Cisco and applied it to my ASA 5505 however I get a warning about the device is licensed for a higher software level. the license on the ASA is Security plus. When I apply the activation key from Cisco most of the features are disabled.
I've purchased a used ASA 5505 device. Upon reseting and looking at the startup, I see that it is unable to retrieve Activation License and used default. Activation License shows as all zeros.
Is there a way to find whatever Activation License is tied to my device from Cisco without a service contract ? or I have to live with the default ?
I am planning to setup Clientless Web VPN on our ASA 5505 for secure access to a internal web resource from outside. When I checked the licensing details on the ASA using #sh ver I could notice thar Web VPN peers allowed is only 2 Does this mean that only two clientless simoultaneous connections are possible ?
Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 3, DMZ Restricted
One of our clients has recently purchased upgrade licenses for their cisco asa as follows
L-ASA5505-10-50= and L-ASA5505-SEC-PL=
after retrieving the activation key from the cisco website we tried entering the activation key to the asa both via ASDM and telnet when entering the command on telnet the shell becomes unresponsive when entering the command on ASDM we receive a "success" message followed by a request to restart ASDM and save the configuration after a minute or so i get an error screen saying "write mem" the asdm restarts and nothing changes.
I am working on ASA 5505 with Base License that uses 3 VLAN's.
-My VLAN 1 is for used for my home network. -VLAN 2 is connected to the public Internet and my IP gets assigned by ISP dynamically. -VLAN 3 is DMZ where I will have few VM's that would need access to and from the Internet.
I am looking to work with following:
1) 172.16.0.2 that sits on DMZ will need to access public Internet over port 80 2) Permit access from the Internet over port 3389 to 172.16.0.2 3) Permit any host on private VLAN (192.168.0.0 network) to access 172.16.0.2 over the port 3389 4) Permit second VM on the DMZ VLAN let say 172.16.0.3 to access public Internet on all ports. Access in to this host is not permitted. 5) For some reason DHCP hosts are NOT getting DNS (8.8.8.8) entry when IP hets assigned or renew. I have a statements below but it is not working.
Also, if ACL rules for VoIP are written correctly. The goal is to permit these ports (SIP related) to access VoIP router. [code]
I'm tring to setup a DMZ for a guest wireless off of a 5505. So this device has a base license. It has vlan1 and vlan 2 for inside and outside.Another vlan is configured to be a failover for the currently active wan connection. It is using the "no forward interface" command.Can I add another vlan as a DMZ if I use the "no forward interface" command? [code]
I have ASA 5505 with base licence. I configured NATing and VPN(site to site). All are working fine.My ASA is base license so i created 2 VLANS, one is inside and outside.Inside i am using 10.91.40.0/24 serie IP addresses.Below are the new requirements that i need to configre:
1. First 30 IP addresses only needs internet directly.( Servers and Management)
2. If remaining IPs likes to use web then traffic needs to forward one proxy server( where he gives user authentiation)
I recently purchased a used Cisco ASA 5505 and I accidentally (and very stupidly) erased the flash without backing up my license.I have generated a demo licence from the Cisco licencing site, so I have basic functionality. However, the email that I received informed me that there is a higher licence already stored for my device.My question is, is there a way to get that licence back if I can provide the serial number / any other identification to prove I now own the ASA?
My ASA 5505 base license allows for three VLANs, the third one can only initiate traffic to one other VLAN (as specified by no forward interface vlan <number> on the third VLAN). This doesn't mean it can't "access" the other VLAN, it just can't initiate traffic to it. A lot of people get that wrong.Let's say you've got three VLANs, one is OUTSIDE, two is DMZ, and three is INSIDE. On the second VLAN would I enter the no forward interface as vlan 3, then set the name via the nameif command and everything will work just fine. The DMZ will not be able to initiate traffic to the INSIDE, but will to the outside, and assuming you have your ACLs and NAT set up properly, it will be able to respond to traffic from the INSIDE.
Would that be best practice or would I enter the "no forward" interface as in VLAN 1, thus is being able to respond to traffic from the outside as opposed to the inside.
I had a DMZ set up but since there was an intrusion into my network, I am building it again.
I have 5505 license with default 10 user license, want to increment the remote vpn user to 50 user license;will it be on yearly basis.Another question, can we purchase security plus license for configuring the failover config ,as well support the 50 user license on the same..
I have a couple of 5505's with base licenses. One of the two has a limited output when running the sho version command, as it has a restricted license. What license I would need to buy in order to bring it up to "normal" base license ?
Well, I tried using the cisco configuration for ASA 5505 for blocking P2P: url...but this configuration only is usefull with programs like Kazaa, so I try this configuration to block ARES but the problem is that ARES try to make downloads from different ports, ¿How do I block ARES if there are sereveral ports ?
We recently upgraded a ASA 5505 with the security plus license to allow us to add a second subnet, but are having a few problems configuring the second subnet. The original subnet we have configured 10.1.1.0 is able to access the internet without any problems. However the new subnet 10.1.5.0 is unable to access the internet and when we ran a trace packet the nat config nat (inside) 1 0.0.0.0 0.0.0.0 is showing as the rule that drops the packet.
Additionally we have not been able to get the 2 subnets to talk to each other even though same-security-traffic permit inter-interface is configured. How to configure the subnet 10.1.5.0 to access the internet or to get the subnets to communicate. Below is a streamlined version of our current config.
I am buying ASA 5505 with security license. It says it can support 20 vlans does it support 20 vlans by allowing to create subinterfaces? As it has 8 physical ports only?
I'm trying to activate the DMZ interface on a restricted license ASA 5505 but I get an error when I try to ADD the interface. The message says "With the current license device will only supports 2 fully functional interfaces. Third interface can be added,but the traffic from this interface to another interface need to be blocked. Please make appropriate selection in advanced tab." I gather that I have to define the limitation myself? The problem is that I can't access the advanced tab because of the error. Can I do something via CLI to get through? I'm using ASA 8.2 and ASDM 6.2.
I have a base 5505 and would like to get AnyConnect working. To do that, would I have to first purchase either an essentials or premium license and then purchase the AnyConnect Mobile license?
At the end of the day I simply need to upgrade the license on my ASA 5505 v7.2.4 (upgrade will come later as part of a larger project) to allow for >10 Inside Hosts. From what I've read there seems to be a 50 license upgrade out there. Can this be purchased directly? From whom? Will it only affect the Inside Hosts number and not affect any other licenses, configurations, etc. Just being overly cautious since this is way outside of my normal realm. Below is the current activation-key information....
Result of the command: "show activation-key"
Serial Number: xxxxxxxxxxxxxx Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
I open case open to the Cisco about I am not able to get the SSH connection from ASA 5505 after upgrade the IOS 8.2.3 and Device Manager 6.3.3 from the older IOS 7.2.4 and device manager 5.2.4.
I am working in MNC and we have more than 30 office around the world.We have all offices have ASA5505 which we upgrade 3 years before and Now We are in procession to upgrade the IOS on all ASA5505 to all 30 offices.
But after I upgrade the 10 offices and relieze that not able to get SSH connection to ASA5505 with new IOS 8.2.3.I opened the 2 times case and call the Cisco Technical but no luck so far.
I have been delaying an upgrade past 8.2.5 because it is stable and I didnt feel like learning a new way of doing NAT because of the way the code was changed. What is forcing me to go down this path is that I need to be able to let protocol 41 pass through the firewall which doesnt work in 8.2.5 and is what is making me look at 8.3 or 8.4
I know that I will have to install a memory upgrade on both my lab 5505's before I can install the upgraded binary. Will be ordering that in the next few days.
Any suggestions on going to 8.3 or 8.4 based on the reason for the upgrade ? I had been told by TAC to stay away from 8.3 but never got a good reason for that. My lab config (i.e. home ASA) is pretty straight forward (no SSL or IPSEC config), so I would hope it would go fairly smooth. I had heard a lot of horror stories early on but wanted to see how things had been going for everyone with the later versions of code.
I just upgraded an ASA5505 running 8.4.1 to 8.4.2 after noticing that I was experiencing the ssh bug described here: [URL]. Now every time I reload the unit I get the following message on the console:
Reading from flash... !!... Cryptochecksum (unchanged): b19f76ce 30b189e5 9272b4d4 4f746634 Type '?' for a list of available commands.
[Code]...
I tried searching for this message with no luck at all. The firewall seems to be working ok as I can still get online and my VPN tunnels are up,
I have been browsing the forum and the support notes for a couple of hours and haven't found a definitive answer to my question. Our ASA is on the subject versions. I watched a video on YouTube stating that upgrading the ASA is easiest if you upgrade ASDM, then the ASA. Problem is, I don't think I can upgrade ASDM first because I don't see a version that is compatible with ASA 7.2.x and 8.0.x.
I am trying to get experience with 8.4 code on my 5505. I purchased a Cisco 512MB memory upgrade and installed it. It booted up once and I thought I was ok. I then looked down and noticed that all lights were blinking on the front panel and I had no console access.
