Cisco Firewall :: Are Both ASA5505 / AIP SSM-10 Able To Receive OS Updates With Service Contract
Mar 8, 2013
I currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device. Looking at url... I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing "IPS Signature and Engine Updates" and "OS Updates."
It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:
1. ASA OS
2. AIP SSM-10 OS
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract? Essentially, I want to make sure that when I submit by budget, there isn't another contract that I also need.
View 8 Replies
ADVERTISEMENT
Oct 23, 2012
I have a Cisco AIR-WLC2006-K9 in my Cisco lab where I work on my Cisco skills, I recently had the need to update the software on my WLAN controller but his is according to the website only available with a service contract. On trying to get a service contract I found that the device is EOL and EOS and ths no serrvice contract can be purchased for this device and hence no ability to download software for it. So here is my question, when a device is EOL and OES and service contract can no longer be acquired for a device why does Cisco not either open these up for download AS-IS or provide some kind of agreement for people like myself who have moslty EOL and EOS equipment in their labs where we can acquire the needed software to keep our skills sharp in an affordable way ?
View 0 Replies
View Related
Sep 25, 2012
We have currently LMS 3.2 installed. We know have some new switches C2960-48PST-L that are not supported in CiscoView and Common Services.When trying an update in Software Center | Device Update, we receive an error message:Error while downloading package information from Cisco.com for the selected products. See the C:/PROGRA~1/CSCOpx/log/psu.log file for details.
The psu.log file shows the following:
[ Wed Sep 26 14:33:15 CEST 2012 ] INFO [SecurityHandler : getCSProxyLogin] : No proxy User Name configured
[ Wed Sep 26 14:33:15 CEST 2012 ] INFO [SecurityHandler : getCSProxyHost] : No proxy Host configured
[ Wed Sep 26 14:33:24 CEST 2012 ] INFO [SecurityHandler : getCSProxyHost] : No proxy Host configured
[ Wed Sep 26 14:33:24 CEST 2012 ] INFO [SecurityHandler : getCSProxyPort] : No proxy port confgured
[ Wed Sep 26 14:33:26 CEST 2012 ] INFO [SecurityHandler : getCSProxyHost] : No proxy Host configured
[ Wed Sep 26 14:33:26 CEST 2012 ] INFO [SecurityHandler : getCSProxyPort] : No proxy port confgured
[code]....
View 2 Replies
View Related
May 16, 2011
When I create a service object or group and add the object to a new rule it never works.I mean the traffic match not the rule. I see not hits.I placed the rule on top of my access list to check if I do somethink wrong but it is not working. When I place only a service for example tcp/23 it is working.
my ip service object
object-group service g-as400 description access client 2 as400 machine service-object tcp-udp destination eq 397 service-object tcp destination eq 137 service-object tcp destination eq 2001 service-object tcp destination eq 3000 service-object tcp destination eq 445 service-object tcp destination range 446 447 service-object tcp destination eq 449 service-object tcp destination eq 5010 service-object tcp destination eq 5544 service-object tcp destination eq 5555 service-object tcp destination range 8470 8476 service-object tcp destination eq 8480 service-object tcp destination eq
[code]...
View 8 Replies
View Related
Jun 19, 2011
We are a relatively new Cisco partner. We used to work with CDW and now we are buying from distribution and selling directly. We buy a lot of ASA 5505 units from D&H.
My question is, aside from the disc that comes with the unit where do we download the latest firmware image and management software? It appears you have to have a contract ID to get these through the Cisco website. Do we not get "car blanche" access as a Cisco partner to these resources?
Also doesn't the Cisco ASA 5505 at least come with a license for the latest firmware? Many ship with very old software and even old CDROMs.
View 2 Replies
View Related
Aug 21, 2011
Is there a document that explains how the configurations are updated to the standby ASA and what needs to be manually added tot he ASA? I have two ASA 5510 running ASA ver 8.3(2) and ASDM 6.4(1). When I add static routes to the primary ASA the routes are not sent to the failover ASA. Is this to be expected or do I have a bug?
View 10 Replies
View Related
Feb 27, 2012
I've got the following licenses installed.
LMS4.0-750 devices.
If I now buy a software support contract for the above will that also entitle me to a free upgrade to LMS 4.1-750 or will I still need to buy a upgrade license.
View 2 Replies
View Related
Apr 29, 2012
I have bought 2 new ASA5505 with SmartNet contract. I already have my 2 SmarNet contract number. Now I want to add these 2 contracts to my TAC account, so I can have support for my 2 new products. My TAC account already have 1 SmartNet contract for another device I have.What is the procedure to add my SmartNet contract to my account?
View 2 Replies
View Related
Mar 11, 2011
I would like to add a second mifi 2200 to my current contract. (Same phone # & same bill.) That way I can use the second one while I'm on the road & my wife can use the first one at home!
View 2 Replies
View Related
Oct 4, 2012
On a Cisco ASA 8.4 code is it possible to receive an alert once a certain number of tcp/udp connections is reached? I'd like to see if I can get an email alert or syslog if the ASA reaches say 2,000 connections for example. Once I get an alert I could then investigate the cause of so many connections.
View 1 Replies
View Related
Jul 20, 2011
I can't receive mails from some customers, asa 5505 log get the message: "ASA_Outside|Deny TCP (no connection) from X.X.X.X/35702 to ASA_Outside/25 flags ACK on interface outside".
View 5 Replies
View Related
Mar 27, 2012
my company just ordered fornew LMS release and exactly needed the support to open TAC's .I searched but couldn't find the part number for this,some one send me this part number CON-PSUS-LMS410K9,I searched but I could not find anything usefull.
View 2 Replies
View Related
Apr 9, 2011
How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that
View 7 Replies
View Related
Jan 17, 2012
We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM. We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]
View 1 Replies
View Related
Mar 26, 2013
I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace. I have been tasked to switch the firewall out with a cisco asa firewall 5510. The sonic firewall currently allows email traffic, web traffic, and dns traffic. When I use the current config below on the asa I am unable to receive email from the outside network. I can send and browse websites but I cannot receive email.
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj
[Code]......
View 3 Replies
View Related
Jun 3, 2012
I have setup an asa 5505 with multiple sub nets (plus license) and a vpn tunnel (ipsec) between this and an other asa on a second branch office (multiple vlans) . Now I need to route only two vlans from the first site to reach some of the second branch networks
let's call them: 1 branch
A-172.16.4.0/24
B-172.16.2.0/24
2 branch
C- 10.10.10.0/24
D- 10.20.10.0/24
E- 10.66.10.0/24
the tunnelis ok From A to CDE . but from B to CDE won't come up. pinging is unsuccessful as well as all other traffic. the connection profile is setup to have both A and B as local networks and A and B by the moment share the same access rules configuration.
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet from the source ip from network B.
View 2 Replies
View Related
Feb 24, 2011
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
View 2 Replies
View Related
May 17, 2011
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies
View Related
Jul 14, 2011
I've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Apr 1, 2013
I'm trying to troubleshoot an ASA5505.
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic. I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did. That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below. However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
show ver
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2)
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"
[Code].....
View 4 Replies
View Related
Feb 28, 2012
We have a situation where services are stopped on the real servers. The probes fail and we confirm the services are not running on the server. We cannot access the ports from the ACE directly. We can still however acces the VIP on the TCP port (L4 VIP class-map). So we can still telnet to the VIP on the port from thr Client side of the network.This is on ACE 20 Modules deployed in Routed mode. The version of software is A2(3.3).
Tried removing multi-match and loadbalance policies as well as class-map and re-applying then re-appyling the service policy to interface. Same behavior,This is a problem at another level as some services are being monitored by GSS via TCP keep-Alive and this obviuosly causes a problem as the service then never goes off-line.
View 10 Replies
View Related
Oct 23, 2012
I have found cisco's config for dynamic DNS on an ASA. However, I have seen many articles that the ASA doesnt support the HTTP update method that most dynamic dns services use.
View 2 Replies
View Related
Aug 12, 2012
how to change the order of the groups that are displayed at the SSL VPN sign in page? I am using an ASA-5520. Right now the anyconnect client group displays above the clientless SSL intranet group and I want it reversed.
View 6 Replies
View Related
Feb 18, 2013
I currently have 2 5505 SEC BUN as Primary/FO Firewalls and I am considering purchasing the ASA5510-AIP10-K9 for use as a dedicated IPS device. Looking at [URL] I see that for service updates, CON-SU1-AS1A10K9 is available for this product, providing "IPS Signature and Engine Updates" and "OS Updates."It is my understanding that in the ASA5510-AIP10-K9 there are 2 OS:
1. ASA OS
2. AIP SSM-10 OS
My question is: Are both the ASA and AIP SSM-10 able to receive "OS updates" with this service contract?
View 3 Replies
View Related
May 14, 2013
How to create a mixed service ports on ASA 8.4(2)?I need to create a service group which has ICMP, TCP ports and also different UDP ports.Normally you would create different service group based on TCP/UDP/TCP-UDP/ICMP/Protocol and add then to new nested service group.But I want to create a new service group where you can define everything without the need to different service groups and nesting them into a new one.
View 1 Replies
View Related
Mar 20, 2013
I just got 2 Cat6504 Chassis and 2 ASASM pluged in them. show version from submodule ASA as follow:
SVC-APP-HW-3#show ver
Cisco IOS Software, trifecta Software (trifecta-SP-M), Version 15.1(1)SY, RELEASE SOFTWARE (fc2)
[Code].....
I want to upgrade new OS for ASA to 8.5 (asa851-smp-k8.bin) but after copy this soft to the module, I can not "write" command or when I reload this box, everything was no changed. SVC-APP-HW-3#write startup-config file open failed (No such device)
View 2 Replies
View Related
Mar 25, 2013
I have a fresh installation of LMS 4.0 on windows server 2003, when i click to open topology i get error message : ANIServer service may be down or Host name isn't DNS resolvable
i tried pdshow -brief ANIServer ===> service UP
DNS is working using host file in driversetc i restarted the server
restared the crmdmgtd
unistall / install java plugin
pdterm ANIServer
pdexec ANIServer
NO change ..
View 6 Replies
View Related
Jun 13, 2012
I have an inside network using PAT to one outside address. Our DNS server is on another local, but outside address. I can't get the inside network to successfully get addresses.I have another inside address that just uses the wirewall and gets addresses just fine from the same server.I have the box checked in ASDN that enables DHCP on the inside interface and points to the correct DHCP server,PAT service is working properly if I use a hard coded address for a machine on the inside network.This is an ASA5540 with 8.3(2)
View 2 Replies
View Related
Mar 15, 2011
Have a customer who has two ISPs right now and only using one through a basic SOHO router. Looking to upgrade to something that supports dual WAN and allows connections from outside in on both WAN ports. There are 25-30 inside hosts.Requirements: Allow incoming connections on BOTH WAN ports to a single inside host
-This is a web app that needs as close to 100% uptime as possible
-Round robin DNS is set up
-Failover for internal people should one of the ISPs go down
Looking at either an ASA 5505 with Security Plus or an 891 Integrated Service Router.
View 1 Replies
View Related
Feb 13, 2013
connecting ASA 5505 with the Action Tech Router?
View 1 Replies
View Related
Jul 3, 2012
we have two ASA (ASA2) with 8.3 version and ASA 7.2 (ASA1) , we have SNMP service active on ASA2 with 8.3 ASA version.Usually we do SNMP request from devices behind NAT on the ASA1 to the ASA2 SNMP service , two weeks ago suddenly we could not do request from devices behind NAT.
We check process (Sh process) from ASA2 and SNMP is running, we run "no snmp server" , and we reconfigure it on ASA2, ACLs to access SNMP seems well, and shun table seems ok too, to finish we check with packet tracer from ASA1 to ASA2 in ASA2 wizard and it seems well.We check SNMP UDP request from ASA1 to ASA2 in ASA1 wizard with packet tracer and it seems OK.Are there any automatic traffic rule ACL on ASA to protect to from multiple request ?
View 5 Replies
View Related
Apr 30, 2013
I'm trying to support a friend. They just switched to TWC Business Class from Megapath. They have a Cisco 5505 ASA and are trying to configure it to work with the new TimeWarner cable modem. But we can't get PCs behind the firewall out to the Internet.
We think it should be a pretty simple config. They have the ASA connected directly to the modem. The modem is running DHCP, and we''ve configured the ASA to get its address via DHCP. We have a Windows server behind the firewall; it can't get out the Internet either. It's set up to be a DHCP server and is giving IP addresses to the PCs on the network.
Laptops connected via wifi to a wireless router attached to the modem are able to connect to the internet, thus we know the modem is up and running fine.
Here's our running config:
ASA Version 8.4(1)!hostname ciscoasadomain-name opanslab.comenable password yYME2neTGgA0S1./ encryptedpasswd yYME2neTGgA0S1./ encryptednames!interface Vlan1nameif insidesecurity-level 100ip address
[Code].....
View 5 Replies
View Related
