Cisco Firewall :: Adding Second Subnet On ASA 5505 With Security Plus License

Jan 31, 2012

We recently upgraded a ASA 5505 with the security plus license to allow us to add a second subnet, but are having a few problems configuring the second subnet.  The original subnet we have configured 10.1.1.0 is able to access the internet without any problems.  However the new subnet 10.1.5.0 is unable to access the internet and when we ran a trace packet the nat config nat (inside) 1 0.0.0.0 0.0.0.0 is showing as the rule that drops the packet.
 
Additionally we have not been able to get the 2 subnets to talk to each other even though same-security-traffic permit inter-interface is configured.  How to configure the subnet 10.1.5.0 to access the internet or to get the subnets to communicate.  Below is a streamlined version of our current config.

!interface Vlan1nameif insidesecurity-level 100ip address 10.1.1.1 255.255.255.0 ospf cost 10!interface Vlan2nameif outsidesecurity-level 0ip address 66.66.66.66 255.255.255.240 ospf cost 10!interface Vlan13nameif corporatesecurity-level 100ip

[Code].....

View 15 Replies


ADVERTISEMENT

Cisco Firewall :: Adding A DMZ On ASA 5505 With Base License

Dec 28, 2011

I'm tring to setup a DMZ for a guest wireless off of a 5505. So this device has a base license.  It has vlan1 and vlan 2 for inside and outside.Another vlan is configured to be a failover for the currently active wan connection.  It is using the "no forward interface" command.Can I add another vlan as a DMZ if I use the "no forward interface" command? [code]

View 6 Replies View Related

Cisco Firewall :: ASA 5505 Security Plus License Upgrade?

Apr 19, 2012

We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Security License And Vlans Supported?

May 18, 2013

I am buying ASA 5505 with security  license. It says it can support 20 vlans does it support 20 vlans by allowing to create subinterfaces? As it has 8 physical ports only?

View 3 Replies View Related

Cisco Firewall :: Difference Of VPN Plus License And Security Plus License ASA 5520

Oct 16, 2012

What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.

View 1 Replies View Related

Adding A Subnet To A Switch On Different Subnet?

Aug 3, 2012

What I am trying to do is I have one switch with say a 10.1.9.1 sub-net I need to have one of the ports to be trucked with two vlans one for DSL and the other for a local connection with the sub-net of 10.1.5.1 both of the sub-nets are configured in the core as 9 and 5 so I have port 0 set up as a trunk and it is set up as ge-0/0/0.0 vlan_5, vlan_192 on the 10.1.9.1 subnet switch. The DSL is working but the local is not pulling a 10.1.5.1 IP and has no connectivity. Everything looks as if it is configured correctly but still the DSl is working but not the Local connection.

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Cannot Ping Any Of Subnet IPs

Sep 7, 2011

We want to use an ASA as a pure routing device. Our network has several internal subnets (10.1.x.0/24), and we want to be able to reach them from outside and to allow access between them.
 
We have a defined a VLAN for each subnet range with the same security-level, added it to an Ethernet port and made the Ethernet that acts as outside as a trunk, and defined it as the global routing.
 
We cannot ping any of the subnet IPs defined in the ASA from outside nor we can ping it from the internal IP addresses.
 
Configuration:
: Saved
:
ASA Version 8.2(1)

[Code].....

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Cannot Ping From One Subnet To Another?

Aug 4, 2012

I have been tasked with replacing our company eSoft router with a Cisco ASA 5505 with the upgraded security license.   I have been working on the configuration for a couple of weeks now, after reading hundreds of forum posts, watching youtube videos, and endless google searching, and despite my best efforts I am still having an issue I can’t figure out.
 
I have a couple of subnets, that when the ASA is connected, I cannot ping, nor can they get to the internet or our Exchange server. At this point I’m not sure if it’s an access rule issue, NAT issue, or DNS issue.
 
Here is the network layout:
 
ASA: 192.168.0.2 (Primary Gateway)
192.168.0.0 (Primary facility, ASA is the gateway)
192.168.2.0 (Second facility, connected via Verizon point-to-point)
192.168.3.0 (Third facility, connected via Verizon point-to-point)

[Code].....

View 7 Replies View Related

Cisco Firewall :: Do Need Security Plus License To Do HA With Two 5520

Mar 7, 2011

Do I need the security plus license to do HA with two 5520's?I was told by our purchasing department that the 5520 was supposed to be able to do HA out of the box, but when I look I see only the VPN + license.  Does that mean I can download the security plus license?  Or do I even need it on the 5520.

View 2 Replies View Related

Cisco Firewall :: Security Plus License For ASA5505

Jul 2, 2012

I have Cisco ASA5505 8.2(5) connected with Cisco 5520 8.2(1) via IPSEC tunnel, I was able to SSH from the inside 5520 to inside IP of the asa5505. but I after I upgrade the license to security plus at 5505 I lost the SSH and ASDM to inside IP of 5505 from the inside network of the 5520. however I still can use SSH and ASDM on outside IP of 5505.
 
I did a lot of testing to make it work but I couldn't I added SSH 0.0.0.0/0 inside and outside also I added acl on both interfaces. when I did a trace on the outside interface from the private network of 5520 to 5505 inside IP I got IPSEC spoofed by the way that trace only works with security plus because I try to test on all my other firewalls 8.2(5) it shows nothing and all my firewalls can accessed from the private network 5520 except the one with the security plus!

View 11 Replies View Related

Cisco Firewall :: ASA 5505 - 3 DES License

May 20, 2013

I'm new to ASA and bought a used one from ebay but I cannot connect to the ASDM - I get an error in all the browsers.
 
Cannot communicate securely with peer: no common encryption algorithm(s).
 
(Error code: ssl_error_no_cypher_overlap)
 
Having browsed the support forums and Google - it seems I need the 3DES license. I have obtained an activation key from Cisco and applied it to my ASA 5505 however I get a warning about the device is licensed for a higher software level. the license on the ASA is Security plus. When I apply the activation key from Cisco most of the features are disabled.

[Code] ......

View 4 Replies View Related

Cisco Firewall :: Security Context License On 5550

Dec 9, 2012

 I need your support for upgrading the Security context license on 5550, at present we have 5 Security context license installed in ASA but we want it to increased till 10 conctexts. I want to understand if we need to get addtional 5 Security context license or 10.     

View 5 Replies View Related

Cisco Firewall :: ASA 5510 - Difference Between CSC-10-PLUS And Security Plus License

Mar 3, 2011

I have ASA 5510. Is there any difference between CSC-10-PLUS license and Security Plus License...

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Activation License?

Oct 12, 2011

I've purchased a used ASA 5505 device.  Upon reseting and looking at the startup, I see that it is unable to retrieve Activation License and used default.  Activation License shows as all zeros.
 
Is there a way to find whatever Activation License is tied to my device from Cisco without a service contract ?  or I have to live with the default ?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 License Upgrade

Dec 17, 2012

I have a Cisco ASA 5505 device with basic (default) license, currently all my reirections, VPN's, VLAN's(3 Vlan's) etc are configured on the same and are working fine.Now i need to upgrade my basic license to "Security Plus" for some additional features, if i upgrade it directley is there any complications in present rules, below is my doubhts
 
1. if i upgrade, did it change any of my present configurations ?
2. is there any name change or property changes for VLAN's or VPN's
3. did it affect the firewall functions
4. If anything goes wrong, can i restore it in to my old state using my previous dump.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - SSL WebVPN License

Dec 27, 2012

I am planning to setup Clientless Web VPN on our ASA 5505 for secure access to a internal web resource from outside. When I checked the licensing details on the ASA using #sh ver I could notice thar Web VPN peers allowed is only 2 Does this mean that only two clientless simoultaneous connections are possible ?
 
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs                       : 3, DMZ Restricted

[Code]....

View 5 Replies View Related

Cisco Firewall :: Upgrading ASA 5505 License

Oct 8, 2012

One of our clients has recently purchased upgrade licenses for their cisco asa as follows

L-ASA5505-10-50=
and
L-ASA5505-SEC-PL=

after retrieving the activation key from the cisco website we tried entering the activation key to the asa both via ASDM and telnet when entering the command on telnet the shell becomes unresponsive when entering the command on ASDM we receive a "success" message followed by a request to restart ASDM and save the configuration after a minute or so i get an error screen saying "write mem" the asdm restarts and nothing changes.

View 4 Replies View Related

Cisco Firewall :: 5505 / How To Give Access To Remote Subnet

Mar 23, 2011

I want to give access to remote subnet on firewall 5505.

Remote subnet is 16x.15X.56.0

Here is my access list

access-list outside_5_cryptomap extended permit ip 192.168.12.0 255.255.254.0 16x.15X.56.0 255.255.254.0

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Multi Subnet / Vlan Routing?

May 4, 2011

I'm new to Cisco equipment much more familiar w/ Sonicwall w/ that said......I have a 5505 w/ Security Plus licensing
 
I have set up multiple VLANs as follows
 
VLAN 1 inside - still setup as 192.168.1.1 (will not be using this for our lan)
VLAN2 - outside
VLAN100 - LAN 10.1.1.1/24

[Code]....

If I do add all the VLANs above I understand I will probably have to make a trunk port since I only have 5 usable interfaces

View 12 Replies View Related

Cisco Firewall :: Security Context License Requirement - ASA5520

Jan 14, 2013

A simple question - I have ASA 5520s and was wondering what license is required to create multiple (more than default 2) security contexts.

The ASA already have ASA 5520 VPN Plus license.
 
Software Version 8.4(1)

View 2 Replies View Related

Cisco Firewall :: ASA 5510 With Security Plus License Lost Contexts

Jan 28, 2013

I have a ASA 5510 with Security Plus License and when I looked at the devices a few days ago I had 2 contexts, however after configuring the Mgm port as a regular port the contexts show 0, why?  I can not find any post on the internet where this issue has happen:  here is the output from show ver:

Cisco Adaptive Security Appliance Software Version 7.0(8)
Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"

[Code]......

View 3 Replies View Related

Cisco Firewall :: Adding Content Security To ASA5510-BUN-K9 Edition

Sep 27, 2012

I have an ASA5510-BUN-K9 in this version:

###
Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(2)
Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Hardware:   ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
###

The question is what i need to add the CSC10 SSM with content filtering and url filtering to this version of ASA? Do I need more ram? Do I need more flash? Is this version compatible with the CSCSSM hardware? What licenses i need for 100 users?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 With Base License That Uses 3 VLAN

Jul 17, 2012

I am working on ASA 5505 with Base License that uses 3 VLAN's.
 
-My VLAN 1 is for used for my home network.
-VLAN 2 is connected to the public Internet and my IP gets assigned by ISP dynamically.
-VLAN 3 is DMZ where I will have few VM's that would need access to and from the Internet.
 
I am looking to work with following:

1) 172.16.0.2 that sits on DMZ will need to access public Internet over port 80
2) Permit access from the Internet over port 3389 to 172.16.0.2
3) Permit any host on private VLAN (192.168.0.0 network) to access 172.16.0.2 over the port 3389
4) Permit second VM on the DMZ VLAN let say 172.16.0.3 to access public Internet on all ports. Access in to this host is not permitted.
5) For some reason DHCP hosts are NOT getting DNS (8.8.8.8) entry when IP hets assigned or renew. I have a statements below but it is not working.
 
Also, if ACL rules for VoIP are written correctly. The goal is to permit these ports (SIP related) to access VoIP router. [code]

View 1 Replies View Related

Cisco Firewall :: Configuring ASA 5505 With Base License

May 11, 2011

I have ASA 5505 with base licence. I configured NATing and VPN(site to site). All are working fine.My ASA is base license so i created 2 VLANS, one is inside and outside.Inside i am using 10.91.40.0/24 serie IP addresses.Below are the new requirements that i need to configre:
 
1. First 30 IP addresses only needs internet directly.( Servers and Management)

2. If remaining IPs likes to use web then traffic needs to forward one proxy server( where he gives user authentiation)

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Retrieve Original License?

Feb 14, 2012

I recently purchased a used Cisco ASA 5505 and I accidentally (and very stupidly) erased the flash without backing up my license.I have generated a demo licence from the Cisco licencing site, so I have basic functionality. However, the email that I received informed me that there is a higher licence already stored for my device.My question is, is there a way to get that licence back if I can provide the serial number / any other identification to prove I now own the ASA?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - DMZ Configuration With Base License

May 24, 2011

My ASA 5505 base license allows for three VLANs, the third one can only initiate traffic to one other VLAN (as specified by no forward interface vlan <number> on the third VLAN). This doesn't mean it can't "access" the other VLAN, it just can't initiate traffic to it. A lot of people get that wrong.Let's say you've got three VLANs, one is OUTSIDE, two is DMZ, and three is INSIDE. On the second VLAN would I enter the no forward interface as vlan 3, then set the name via the nameif command and everything will work just fine. The DMZ will not be able to initiate traffic to the INSIDE, but will to the outside, and assuming you have your ACLs and NAT set up properly, it will be able to respond to traffic from the INSIDE.
 
Would that be best practice or would I enter the "no forward" interface as in VLAN 1, thus is being able to respond to traffic from the outside as opposed to the inside.
 
I had a DMZ set up but since there was an intrusion into my network, I am building it again.

View 2 Replies View Related

Cisco Firewall :: 5505 Remote VPN And Backup ISP License

Oct 29, 2012

I have 5505 license with default 10 user license, want to increment the remote vpn user to 50 user license;will it be on yearly basis.Another question, can we purchase security plus license for configuring the failover config ,as well support the 50 user license on the same..

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Adding New Rule For Network?

Mar 30, 2011

I have an asa 5505 and I would like to adding a new rule for a network, however it was added, it seems it would be inactive. I have two inside network,192.168.12.0/24 (name: lanA) and 192.168.99.0/24. (name: lanB) I have the following in the running-config:
 
access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any
access-group lanB_acl in interface lanB_interface
  
But when I tried to reach a host in the lanA, the packets are dropped. I configure the asdm, which shows this on the LanB interface:

1 lanB_network | any | ip | permit (hits 344)
2 any | any | ip | deny
 
 and I checked the packet tracer with: tcp, source: 192.168.99.57:10460 dest: 192.168.12.2:443 and it shows that the packet has been dropped by the last 2. 'implicit any any ip deny' rule, in spite of my access-list rule (access-list lanB_acl line 1 extended permit ip 192.168.99.0 255.255.255.0 any) preceded it, and active.
 
The lanB and lanA interfaces are the same security level 100, and I can reach the outside/internet from 192.168.99.57 Is it possible that I have to reload the rules or something like in order to apply? Or I missconfigured something?

View 9 Replies View Related

Cisco Firewall :: ASA5510 Security Context License Transfer To Another Device

Apr 30, 2012

Is it possivble to have 10 security licenses, license to a Cisco 5510 and have them transfeered to a Cisco5520?    

View 1 Replies View Related

Cisco Firewall :: 5505 Which License Needed To Buy For Normal Base

Sep 22, 2012

I have a couple of 5505's with base licenses. One of the two has a limited output when running the sho version command, as it has a restricted license. What license I would need to buy in order to bring it up to "normal" base license ?

View 1 Replies View Related

Cisco Firewall :: How To Block ARES With ASA 5505 Base License

Sep 1, 2011

Well, I tried using the cisco configuration for ASA 5505 for blocking P2P: url...but this configuration only is usefull with programs like Kazaa, so I try this configuration to block ARES but the problem is that ARES try to make downloads from different ports, ¿How do I block ARES if there are sereveral ports ?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Activate DMZ Interface On Restricted License

Aug 3, 2009

I'm trying to activate the DMZ interface on a restricted license ASA 5505 but I get an error when I try to ADD the interface. The message says "With the current license device will only supports 2 fully functional interfaces. Third interface can be added,but the traffic from this interface to another interface need to be blocked. Please make appropriate selection in advanced tab." I gather that I have to define the limitation myself? The problem is that I can't access the advanced tab because of the error. Can I do something via CLI to get through? I'm using ASA 8.2 and ASDM 6.2.

View 4 Replies View Related

Cisco Firewall :: ASA 5505 Base License - How To Get AnyConnect Working

Mar 29, 2012

I have a base 5505 and would like to get AnyConnect working.  To do that, would I have to first purchase either an essentials or premium license and then purchase the AnyConnect Mobile license?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved