Cisco Firewall :: Information On ASA 5505 And 5510
May 22, 2011
I´m looking for a firewall for my company and am reading about both Cisco ASA 5505 with Security Plus bundle and Cisco ASA 5510 with Security Plus bundle and I have a few questions.This is the document i´m getting my information from.URL,It states the following:Cisco ASA 5505 Security Plus bundle,Includes Cisco ASA 5505, unlimited users, 8-port Fast Ethernet switch, stateful firewall, 25 IPsec VPN peers, 2 SSL VPN peers, stateless Active/Standby high availability, dual ISP support, DMZ support, 3DES/AES license, and 1 expansion slot.
View 5 Replies
ADVERTISEMENT
Jun 22, 2011
I have a ASA 5510 firewall with CSC module and Security Plus license for CSC module.Will you tell me how to configure my firewall to send emails to particular mail ID when someone login into the firewall or any virus attacks from outside.
View 6 Replies
View Related
Jan 3, 2013
I am in need of some information regarding licesnes on the ASA 5505.I have a client who is connecting their main office to a DR site via a site-to-site VPN. I understand that the standard license for the ASA 5505 is for 10 clients.Does the site-to-site connection consume one of these licenses?Does each endpoint communicating over the site-to-site VPN consume one license also?For example, if I have the site-to-site VPN and 10 servers on each side, would that mean that I need 21 licenses; 1 for the VPN and 20 for each server on each side?
View 4 Replies
View Related
May 4, 2011
Configured ASA 5510 with CSC module and working fine.Here i likes to configure, Whenever any users from outside accessing my firewall (like VPN users) that logging information i need to send one particular mail ID.Simply, i likes to enable my fireawall to send logging information to one particular mail id.
View 10 Replies
View Related
May 31, 2011
Configured ASA 5510 with CSC module and working fine.Whenever any users from outside accessing my firewall (like VPN users) that logging information i need to send one particular mail ID.
Simply, i likes to enable my fireawall to send logging information to one particular mail id.
View 1 Replies
View Related
Sep 27, 2012
I have a question about Cisco ASA 5505 firewall.We need 3 interfaces on the firewall , "inbound", "outbound" and "DMZ" , to control traffic between these zones.
Can we do this with Cisco ASA 5505 50-user bundle , or do we need to purchase Cisco ASA 5505 Security Plus bundle to get the DMZ zone working.
View 4 Replies
View Related
Apr 24, 2012
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies
View Related
Jan 24, 2013
I am trying to find out the best path to upgrade to two ASA 5510 running 9.0 (1). I know there are changes in the new version. Let me know what information you need and i will post.
View 2 Replies
View Related
Oct 15, 2012
We have a ASA 5505 and a 5510, that we are using site to site..I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces..
-access-list outside_in extended permit icmp any any unreachable
-access-list outside_in extended permit icmp any any time-exceeded
-access-list outside_in extended permit icmp any any echo-reply
when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.
View 1 Replies
View Related
Mar 18, 2012
I am absolutely new in the enterprise firewall world but I would like to start learning how to configure ASA 5505 and 5510. I did some research myself and I found that the material or the topic itself is a huge adventure (lots to read and understand). My company uses IOS versions until 8.2 due to the differences in the NAT-ting rules with 8.3 and 8.4.
View 1 Replies
View Related
Aug 16, 2010
I currently use MS ISA Server 2006 to protect a windows internal network, where there is also an MS Exchange server. I have acquired a Cisco 5510 to enhance security at main office. Later I will have ASA 5505 for branches, including VPN-ning. to have firewall at main office. I have several public IPs and would like to setup DMZ for Web, Exchange server and FTP. How do I setup interface and sub-interface for the DMZ?Can I continue using ISA Server connecting to Cisco 5510 on the perimeter? If so, How do I set the interfaces (and sub-interfaces) as well as NAT-ting and access configuration between the inside and outside?
View 12 Replies
View Related
Mar 6, 2011
I have a customer moving from a 5505 to a 5510. They are currently running websense express, which monitors and filters traffic based off of a port mirror on the ASA. Can this function still be performed on the ASA5510? If so, I am having trouble figuring out the method.
View 6 Replies
View Related
May 21, 2012
Is this a good price *NEW* for this unit...325.00
NEW SEALED* Cisco ASA5505-BUN-K9 Firewall 10-User
I assume 10-user means this device comes with a 10 user VPN license? Is there anything else I should be looking for when purchasing an ASA? Mainly looking to use my NetGear WNDR3700 as just a WiFi AP and not my edge device.
View 19 Replies
View Related
Oct 19, 2011
Is there any difference with traffic shaping capability on the 5510 as opposed to the 5505? is there anything the 5510 can do that the 5505 cant? with regards to TShaping?
View 4 Replies
View Related
Nov 17, 2011
Our company is planning to buy one of cisco ASA 55xx series.But there is still one question left about DHCP pool limitations.Here I found some information about licensing for DHCP on ASA 5505: [URL]In other words, we don't have any information about ASA 5510, which contains DCHP pool licensing.
View 9 Replies
View Related
Oct 15, 2012
We have a ASA 5505 and a 5510, that we are using site to site.I need to traceroute from the 5505-5510.. From the outside interfaces.. Don't want to do this through the site-to-site.I have temporarily added a few acl on the outside interfaces.when i traceroute it only goes one hop.. Maybe thats the way it suppose to be? I need to know all the hops between the outside interfaces on the 5505 to the outside interface on the 5510.
View 12 Replies
View Related
Feb 12, 2013
is it possible to configure a webfiltering on ASA 5505,5510,5520 ? So if its possible can you provide us a configuartion template.
View 3 Replies
View Related
Jun 23, 2011
I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes. At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results. A reload of the ASA-5510 will restore connectivity for the next quarter hour.
Here's the version information on the 5510:
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
[Code].....
View 1 Replies
View Related
Mar 23, 2013
A bit of a straight forward question, is it possible to connect a 5505 to a 5510 direct via a crossover or do you need a switch inbetween capable of trunking?
View 1 Replies
View Related
Sep 24, 2011
I am using two firewalls to connect two different offices. Firewall 5510 is running ASDM 6.3 and 5505 is running ASDM 6.2, Problem is that even after connecting two sites, i am unable to ping remote network from either side. I am mentioned static route as tunneled.
View 1 Replies
View Related
Apr 2, 2013
Its more for information purposes. I am trying to compile some information together to get a better understanding of them so anything generic would do. Such as what it looks for in the traffic to block attacks, negative impacts of performance and a couple of top products I could have a browse of and so on.
View 1 Replies
View Related
Jun 14, 2011
i would like to get information from my ASA5520 using SNMP V2c such as :
-xtable entries
-ARP cache table
does it's possible or not ..
View 2 Replies
View Related
Jan 1, 2012
I am looking into buying an ASA5505 but I would like to know if it is going to work in my setup. I have an Internet connection and 2 seperate networks. I know that the ASA5505 has 8 ports and I would like to know if I can assign each port to a different network zone? I dont want to use VLAN but physical networks. I know it is possible with ASA5510 and above but I want to make sure I can do the same with a ASA5505 (Without the security upgrade). I want to get an ASA5505 unlimited users.
So an Internet connection (with multiple IPs), 2 seperate networks, I want to filter traffic between all 3 and route between them also.
View 2 Replies
View Related
Apr 18, 2013
I am not very experienced with Cisco networking.
Here is the situation.
Site A - headquarters 192.168.1.x
Site B - remote office 192.168.20.x
Site C - remote office 192.168.30.x
Site A - ASA 5510
Site B - ASA 5505
Site C - ASA 5505
Site-to-site VPN is established and works between A and B, A and C. Users would like to establish a tunnel between B and C to work on a common project and the data is on Site B.
I tried configuring the S2S VPN with pre-shared keys on both firewalls at sites B and C but in the end it is not established (I cannot ping either side). I used the Wizard interface multiple times and one time the CLI. I generally followed the settings chosen between the headquarter and the individual remote sites and tried to replicate them. Obviously I have made a mistake somewhere.
Could there be any limitation on the ASA 5505 in terms of licensing and the number of S2S tunnels?
View 7 Replies
View Related
Dec 12, 2011
We have a Cisco ASA 5510 at our main office that makes connection with a 5505 at our other office using site to site VPN. (works)
Now for the question,
we want to access our other office from the main office but we wont want them to have access to our servers etc. so basically we want to control them but they shouldn't have the rights to control us.
Is this possible with a site to site VPN? and how to do it.
View 7 Replies
View Related
Feb 13, 2013
I have a ASA5505 with version 8.4(3) that it's working as a DHCP server and I would like to get information about IPs availables (or assignated) on theirs pools via SNMP but I can't find the MIB or OID that I need.
What MIB that I need?
View 1 Replies
View Related
Apr 4, 2012
I'm trying to get a tunnel to come up between a 5510 and a 5505. I currently have a vpn tunnel up and running from the 5510 to another remote site. [code]
View 2 Replies
View Related
Aug 14, 2011
Attached is a diagram of my network. My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
outside 10.94.4.0 255.255.255.0 10.10.8.1
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. Do I have to add a route to the switch just to manage the ASA 5505?
View 1 Replies
View Related
Dec 10, 2011
i want to connect to asa 5505 (office 1) using vpn from ASA 5510(office 2)...The network guy in office 1 has asked me to setup ASA 5510 has hardware client mode.
i have the following details from office 1
host peer address of office 1 : A.B.C.D,
phase 1 encryption : DES
phase 1 Authen : SHA
Diffie helman : group 2
Groupname : MNC
IP Schema remote site network : 170.31.0.0 255.255.0.0
password : Cisco$123
In asa 5510 ,
ASA Version 8.2(5)!hostname CISCOASAenable password 5EpARJwwtf4VFC9S encryptedpasswd 5EpARJwwtf4VFC9S encryptednames!interface Ethernet0/0nameif outsidesecurity-level 0pppoe client vpdn group DADAip address pppoe setroute!interface Ethernet0/1nameif insidesecurity-level 100ip address 192.168.10.1 255.255.255.0!interface Ethernet0/2shutdownno nameifno security-levelno ip address!interface Ethernet0/3shutdownno nameifno security-levelno ip address!interface Management0/0nameif managementsecurity-level 100ip address 192.168.1.1 255.255.255.0management-only!ftp mode passiveaccess-list 124 extended permit esp any anypager lines 24logging asdm informationalmtu outside 1500mtu inside 1500mtu management 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp
[code]......
What more i need to add to get the vpn connected with ASA 5510?
View 1 Replies
View Related
May 7, 2013
for testing purposues i wanted to exchange a running ASA 5510 with a ASA 5505. I included the running configs from both the ASA 5510 and the new configured ASA 5505.
On the running ASA 5510 there is:
one interface for WEB
static IP xx.xxx.xxx.178
route 0.0.0.0 xx.xxx.xxx.177
[Code].....
View 1 Replies
View Related
Jun 29, 2011
i have a small asa 5505 trying to connect to a asa 5510
cisco-26834# sh crypto isakmp sa
Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)Total IKE SA: 1
1 IKE Peer: 216.**.**.146 Type : user Role : initiator Rekey : no State : AM_CTCP_WAIT_REPLY
here's the full debug for the 5505 :
cisco-26834# Jun 30 03:35:26 [IKEv1 DEBUG]: IP = 216.**.**.146, IKE AM Initiator FSM error history (struct &0xc66a55b8) <state>, <event>: AM_DONE, EV_ERROR-->AM_CTCP_WAIT_REPLY, EV_CTCP_LINK_FAIL-->AM_CTCP_WAIT_REPLY, NullEvent-->AM_CTCP_INIT, EV_REQ_CTCP_LINK-->AM_START, EV_START_AM-->AM_START, EV_START_AM-->AM_START, EV_START_AM-->AM_START, EV_START_AM
Jun 30 03:35:26 [IKEv1 DEBUG]: IP = 216.**.**.146, IKE SA AM:c045cc52 terminating: flags 0x01000021, refcnt 0, tuncnt 0
Jun 30 03:35:26 [IKEv1 DEBUG]: IP = 216.**.**.146, sending delete/delete with reason message
Jun 30 03:35:26 [IKEv1]: IP = 216.**.**.146, Error: Unable to remove IPSec/TCP entry
[code].....
what should i check on my 5510 ?
View 1 Replies
View Related
Jun 27, 2012
my company has the asa 5505 working as the remote access vpn server. my company needs more licenses for vpn than the asa 5505 give it. because of my company purchased the asa 5510. i must migrate configuration from the asa 5505 to the asa 5510. i exported configuration file from asa 5505. i made the changes on them and imported them in the asa 5510. my asa5510 doesn't work. i putted configuration files from asa 5505 and 5510.
View 10 Replies
View Related
Aug 14, 2011
My company has leased some office space to an outside company that handed me a 5505 and said "We want to VPN to our HQ through your Internet". I have two issues: I need this to work and I need to be able to access the 5505 from the management network. I don't care about the VPN aspect as much as making sure that I have basic communication down. I have everything configured per the diagram, but I can't ping the 5505 outside (Vlan 2) interface. I want to be able to configure and test the VPN setup on the 5505 from Putty on my PC.
The default route on the 5520 sends traffic to 10.10.1.1 and the default route on the 5510 sends traffic to the WAN interface. I added this route on the 5510:
outside 10.94.4.0 255.255.255.0 10.10.8.1
I still can't ping the default gateway on the 5505. There is a switch between my PC and the 5520 but the default route passes the traffic to the 5520. However on my tracert I don't even get to the 5520. What's going on here? Do I have to add a route to the switch just to manage the ASA 5505?
View 30 Replies
View Related
