i found this part number for asa5512x product "ASA5512-SSD120-K9" it's a New Product Hold and under group "Cisco ASA CX Context-Aware Security" Who have know more information about this? Cisco ASA CX Context-Aware Security ASA5512-SSD120-K9 ASA 5512-X with SW, 6GE Data, 1GE Mgmt, AC,3DES/AES,SSD 120G
View 3 RepliesWe have currently install single ASA 5550 and want to install one more ASA for active standby mode, but cisco discontinue or End of sale ASA 5550. can any one guide me ASA 5555X is compatible with ASA5550 on active standby mode or not.
View 2 Replies View RelatedI have ASA 5512X and I'm trying to run CX features on it. but the problem is I don't have SSD drive in the chassis. how can I get one? is any kind of SSD drive compatible with cisco ASA-CX firewalls or i should order it from cisco only? what is the part number for that model?
View 3 Replies View RelatedI am trying to figure out if the new code for ASA SM 9.0(x) or 9.1 is compatible with CAT6500 but I could not find any document that explicity confirms the the INCOMPATIBILITY. This table from the Release notes is not quite clear.
[URL]
It says that code 8.5 is compatible with Cat6500 and version 9.X is compatible with R7600.So are the two different trains now, one for Cat6500 and one for R7600?
My real goal is to find the correct software versions (not interim) that provides compatilibity with Catalyst 6500 with Supervisor 2T and ASASM.
I am wondering what is Latency value for Cisco ASA 5585X and 5555X . I can see on websites that it says "low latency firewall" but I dont see any value.
View 1 Replies View RelatedI understand that the NM-1FE Fastethernet modules are not compatible with Cisco 2600 series routers, just the Ethernet 1-E module. With that being said, are there ANY modules supported by the 2600, 2621 or 2621XM series routers that have fastethernet port(s) outside of the pricey NM-16ESW module? I don't need a 16 port module!
View 3 Replies View RelatedWe are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below.
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
!
ASA Version 8.6(1)2
[Code].....
I am updating my 8.2(3) code for my new ASA5512 that is running 8.6(1) and am unable to get on the internet with my current configuration from the inside interface.
Information:
Outside: ***.***.33.11
Gateway: ***.***.32.9
Inside: 192.168.215.0 /24
dhcp 215.100 - 150
[Code] .....
I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
View 5 Replies View RelatedTrying to setup a new ASA 5512 and like a ******* I've somehow locked myself out.
how to do a hardware reset?
Recently upgraded to an Asa 5512x from a pix 515e. I have an Ipswitch secure MoveIT server on the dmz1 interface that needs to be accessed from both the inside and outside interfaces. I have setup a static nat from the outside to the dmz1 and it works, I can also connect from the inside interface. Now I need the MoveIT server to access the DNS server and email server on the inside interface so it can send notifications. On the pix I just created a static from the inside to the dmz1 using its own IP address - static (inside,dmz1) 192.168.1.7 192.168.1.7 net mask 255.255.255.255. I would then add the access-list to allow. How would I set this up with the Asa 8.6 commands?
View 5 Replies View RelatedI'm trying to get started on setting up my first Transparent ASA.I understand an ASA in Transparent Mode can now have an ip address with Bridge Groups or some such mechanism. I'm looking for examples of how to set that up and other information below. Is the ip address associated with the device or is it interface specific? Will I be able to SSH with that ip address setup? Can I use ASDM if the Transparent ASA has an ip address? This 5512X has an IPS. Any one who has setup an IPS on this platform knows it has some very particular requirments in order to communicate with the outside world. I need examples of how to do that with a Transparent ASA.How is NAT setup differently (if at all) on a Transparent ASA?Are ACLs done any differently?
View 3 Replies View RelatedI was wondering how to tighten the security of my email delivery to a range of ip addresses (I know how on my old firewall but the cisco is quite a bit different). Right now anyone sending email to a particular ip address on my firewall can do so. I want to restrict that to two ip address ranges it will accept deliver from. I'm thinking I need two network objects for the two ranges then add to a network object group. Configuring the ACL for delivery using that group if I'm correct about that ?
View 4 Replies View Relatedurl...For the New Firewalls i.e. 5512X , 5515X etc there seems to be integrated IPS and we don't need to order any extra license or part number to get the IPS features .
But for the 5585X It says 2Gbps for SSP10 engine but I have seen in the Dynamic Configuration Tool that SSP10 and IPS-SSP10 are different things . Which means that I will have to order 2 service engines SSP10 and IPS SSP10 to get the IPS features and if I only order SSP10 with that Chasis I will only get firewalling ?
I am looking into a DR plan where should a primary site go down users with the Cisco anyconnect client will be able to VPN to a second site. The ASA I am configuring is a 5512x for the 2nd site. The main site has a pair of 5510's in a HA pair. Is it possible to setup a secondary Remote Access VPN connection for users to connect to? If I was to configure Anyconnect RA VPN on the ASA on the 2nd I would need to purchase an SSL cert in order to configure this?
View 9 Replies View Relatedwe have a pix 515E firewall with software version Cisco PIX Security Appliance Software Version 7.0(4) and ASDM version Device Manager Version 5.0(4). we are in a process of upgrading the software. Kindly suggest the software and ASDM version most fit for the device. Also the software should be compatilbe for the current configuation running.
View 3 Replies View RelatedI am purchasing 2 5512x ASAs to be configured as an Active/Passive pair as a VPN device. Do I need to purchase anyconnect licenses for both devices?
View 2 Replies View RelatedWe have installed 5585-x in active/active mode with transparent firewall. We have created two virtual sersors for vs1 and vs2 in IPS module and linked with ASA context C1(vs1), C2(vs2) and admin(vs0).
As firewall is working in transparent mode, we have bridge IP address for context C1 10.1.1.1 and for context C2 10.2.2.1.
I have added default routed for context C1 10.1.1.2 .It is in the outside of asa and SVI on switch.For the other context C2 10.2.2.2.
IP address range for the IPS module and what should be the gateway for IPS module.AS the traffic is coming from outside and going to inside interface of ASA.
I am using an ASA5510 and I would like integrate the CSC SSM module in it. What is the Process to upgrade, is it possible and Where I can find it ?
View 1 Replies View RelatedI have a couple of ASA 5510 firewalls configured and working. I'm now charged with configuring the IPS modules. I'm having to do this remotely. Since the IPS module hasn't been configured I'm guessing it's on 192.168.1.2 with the default username/password.
I'm told that the workstation I access from connects through a switch to the ASA and to the IPS.
I've set the ASA management port to 192.168.1.1. I can't ping 192.168.1.2 - not sure I'm supposed to be able to. In the ASDM, Configure IPS prompts for an IP address. Entering 192.168.1.2 returns "IP address of the management port is unreachable".
How can I update the expired certificate in AIP-SSM-10 Module using CLI or ASDM.....Here;s the output from the device....and also is there a way I can generate some daily or weekly reports in a graphs.
edge-s2# show versionApplication Partition:
Cisco Intrusion Prevention System, Version 7.0(2)E4
Host: Realm Keys key1.0Signature Definition:Signature Update
[Code].....
I am configuring new ASA 5520 with AIP module for our network with HA (2 boxes), would be the best practice to configure in order to protect web servers and email server.
View 2 Replies View RelatedI have 2 ASA 5540's that I want to run in HA A/F. The active ASA has an IPS module running. I no longer need this and would rather remove it than purchase another module for the spare. What is the process to do this safely? After removal will the HA wizard recognize that the module was removed or do I have to update the software?
View 3 Replies View RelatedIs it possible to use ports from 2 SFP and 2 RJ45 Interface on ASA 5550 Module 1.
View 5 Replies View RelatedAs i'm facing the issue with Cisco CSC module installed on ASA 5510, It hangs up and doesnt work sometime, so it is bypassing all the traffic without inspection through CSC module. After restarting ASA 5510 box, it works fine as it used to work. Now, My question is how can i refresh the module again without interrupting the ASA box/ and how can i avoid this problem forever? Because i cant interrupt the daily work due to this module problem by restarting the box again and again.
View 1 Replies View RelatedSince the 5500X series firewalls use a software IPS SSM that is set up differently from the old ones, I am a little confused on the initial setup.
[URL]
we see a proposed setup for L3 management of the IPS
interface GigabitEthernet0/0
nameif outside security-level 0
ip address 203.0.113.1 255.255.0.0
[Code].....
If we switch from primary to secondary firewall the interfaces on the secondary go to state waitung than to failed. after awhile the secondary gives the control to the primary.
it seem that traffic passes the secondary firewall during this short failover time . we have several context created on the firewall, Switch Ports checked , cabeling check everythink checked
blackhole Interface inside (10.255.102.134): Normal (Waiting)
blackhole Interface shared (10.255.102.134): Normal (Waiting)
blackhole Interface inside (10.255.102.133): Failed (Waiting)
blackhole Interface shared (10.255.102.133): Normal
blackhole Interface inside (10.255.102.133): Normal (Waiting)
blackhole Interface shared (10.255.102.133): Normal
I just got 2 Cat6504 Chassis and 2 ASASM pluged in them. show version from submodule ASA as follow:
SVC-APP-HW-3#show ver
Cisco IOS Software, trifecta Software (trifecta-SP-M), Version 15.1(1)SY, RELEASE SOFTWARE (fc2)
[Code].....
I want to upgrade new OS for ASA to 8.5 (asa851-smp-k8.bin) but after copy this soft to the module, I can not "write" command or when I reload this box, everything was no changed. SVC-APP-HW-3#write startup-config file open failed (No such device)
I have requirement received from one of my customer. the part number given as ASA5540-AIP40-K8, same time requesting for addition of another 4Port GE Module (i believe its SSM-4GE Module). Is any option to add this module in to the above specified model (ASA5540-AIP40-K8).
As per my understanding the ASA5540 have the option to add 1 additional module only, so if we AIP-SSM module, we don't have any free slot left with to add another SSM-4GE Module in the firewall.
i am not getting even the option to add SSM-4GE in the ASA5540-AIP40-K8
I found my CSC module installed in ASA 5510 unresponsive. I tried to recover / re-image the module with .bin file. but I think it is not possible to re-image because there is no rechability with CSC module, and session 1 command also doesn't work,
you can see the response here.
CS-ASA# session 1
Opening command session with slot 1.
Card in slot 1 did not respond to session request.
CS-ASA#
In this case how to enter into the module?
I removed and inserted the module and tried to reach to it .. but couldnt solve . I just wanted to know whether hardware is dead or not.
I am using Cisco ASA5510 Firewall in my network. Upgraded the Memory and Flash to 1GB and 512MB.But the 5 interfaces ports are 10mbps.Can it possible to upgrade the module of Interfaceses from 10mb to 1gb?
View 2 Replies View RelatedI am having an ASA5510 with a CSC-SSM-10 module. I am able to block http traffic through the ASA but cannot block https traffic through it. Need to block https traffic using the CSC module.
View 19 Replies View RelatedBecause ASA5585X doesn't support CSC module, how can do URL filtering on ASA5585X
View 1 Replies View Related