a client of ours bought an ASA5505-BUN-SEC-K9, and it was working fine, for some reason (beyond me) they flashed the memory and configuration in an attempt to fix smoe problems they were facing. Now they are faced with the dilema that the SEC license is no longer visible and usuable, so how can they recover this license knowing that they have bought the bbundle mentioned above?
View 1 RepliesI'm just wondering, is it possible to find out or recover the passwords for users and pre-shared key for tunnel-group? The VPN connection was confiigured on ASA5505 before me, but no login details were left.
View 3 Replies View RelatedI have 10 user license for Cisco ASA, i have to use this ASA for client connectivity. Can i do NAT of more than 10 users with this license? What i understand is NO.
But as per Below explaination looks like, i can if i am not doing default routing? Actually i just need to add a specific Route towards client DMZ interface on my ASA, no default route, so can i use more than 10 concurrent sessions with this license?
I have Cisco ASA5505 8.2(5) connected with Cisco 5520 8.2(1) via IPSEC tunnel, I was able to SSH from the inside 5520 to inside IP of the asa5505. but I after I upgrade the license to security plus at 5505 I lost the SSH and ASDM to inside IP of 5505 from the inside network of the 5520. however I still can use SSH and ASDM on outside IP of 5505.
I did a lot of testing to make it work but I couldn't I added SSH 0.0.0.0/0 inside and outside also I added acl on both interfaces. when I did a trace on the outside interface from the private network of 5520 to 5505 inside IP I got IPSEC spoofed by the way that trace only works with security plus because I try to test on all my other firewalls 8.2(5) it shows nothing and all my firewalls can accessed from the private network 5520 except the one with the security plus!
I have a spare ASA5505 w/Base License that we want to use as the router/firewall between our wi-fi network and our secondary internet connection. Currently we have a NetGear box as the router there and it is on its last legs. In order for the ASA w/Base license to be able to issue over 150 IP address via DHCP which license do I need to purchase for it.
View 7 Replies View RelatedI want to confirm if the upgrade license (ASA5505-SW-10-UL=) is backward compactible with PIX 501 firewall device? though pix 501is end of life bit i want to verify if the upgrade license for asa5505 will work with it?
View 4 Replies View Relatedi've checked in on one of our 5510's and also on a 5505 but i don't seem to find the license duration (i.e "perpetual).is this normal or just an IOS or platform specific? [code] Cisco Adaptive Security Appliance Software Version 8.2(5)
View 1 Replies View RelatedMy cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network. Is this possible with a 10 USER license.
My cisco representative tells me that I am limited to 10 IP addresses for my 10 user license on an ASA 5505 even though the Cisco documentation specifically states that a 10 user license allows the maximum DHCP clients to 32 IP addresses.
I want to have 30 computers get IP addresses from the ASA, but don't need any but one or two to get outside the internal network. Is this possible with a 10 USER license.
we have a cisco ASA5505 with base license and 3 interface configured. Internal 192.168.1.1/24 DMZ 172.16.0.1/24 Outside 20.20.20.20/24 The DMZ is configured to allow the traffic pass to the outside interface only (base license allow only traffic to one interface) in order to let clients on this network to browse internet. On the outside interface there's a nat configuration that let the port 443 to be natted to an in internal server. Is it possible to let the clients in DMZ to access to the internal server on port 443 from the outside interface?
View 3 Replies View RelatedWhat's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
View 1 Replies View RelatedI´m trying to upgrade a Customer's ASA 5505 base license from 10 to 50 users (ASA5505-SW-10-50=). But the reseller sent a ASA5505-SW-50-UL= license instead. I tried to register that license and the following messaged appeared.
Wrong Sku(s) 'ASA5505-SW-50-UL=' for 'ASA5505-K8' : Device contains following licenses 'ASA5505-SW-10,ASA5500-ENCR-K9'
Serial Number = JMX1235Z0TZ
same platform type as the failed serial number. An upgrade request is not allowed. open a Service Request using the TAC Service Request Tool at [URL].As an alternative you may also call our main Technical Assistance Center at 800-553-2447.Sincerely,Cisco Systems Licensing.
I tried to contact TAC for assistance but It's not possible because that kind of service is outside the parameters of the service contracts associated with my cisco.com profile.
A customer's ASA is presenting the System LED flashing red.I have already analysed the show tech-support and show environment output: Found nothing, everythink seems OK.Cisco ASA 5580-20 - 8.2.1.Single appliance, no failover, multiple context and transparent mode.
View 5 Replies View RelatedIn my ASA 5580-20 system LED is flashing RED how can i trobleshoot this.
I checked rarepanel everything is ok also i saw environment also showing ok
share the prcoedure to recover password in IPS 4260?
View 1 Replies View RelatedI have DSL 8Mbps DL and 768kbps UL,Internet -> Modem -> Cisco Router -> Firewall -> Switch Core - > Multiple switches like sfe2000p,CiscoRouter: i use port gig0/1 for PPPoE and i use port gig0/2 for LAN static,Router port gig0/2 with 122.54.144.153/29 connected directly to Firewall port13 with 122.54.144.154/29,i want 122.54.144.153/29 will my default gateway,Please include no limit bandwidth,filter etc at router, Firewall will be DHCP Server and control the bandwidth, filtering etc and the client computer should get 8Mbps.
View 2 Replies View Relatedi try to recover cisco ASA 5505 IOS in Rommon mode but i have this message : [code]
View 1 Replies View Relatedi have a active/standby pair of asa 5520's, i can access the active asa but not the standby asa via console,
i have tried the password recovery on the standby unit but it does not work, do i need to remove the unit from the network to become a standalone unit to perform the recovery?
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies View RelatedI purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)
I have a normal setup of ASA5505 (without security license) connected behind an internet router. From the ASA5505 console I can ping the Internet. However, users behind the Firewall on the internal LAN, cannot ping the Internet even though NATing is configured. The users can ping the Inside interface of the Firewall so there is no internal reachability problem. In addition, I noticed that the NAT inside access list is not having any hit counts at all when users are trying to reach the internet.
When i replace the ASA5505 with a router with NAT overload configuration on it, the setup works normally and users are able to browse the internet.
The ASA5505 configuration is shown below.
hostname Firewall
interface Ethernet0/0
description Connected To Internet Router
switchport access vlan 10
[Code].....
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies View RelatedI've recently upgraded my old firewall from a PIX to an ASA5505 and have been trying to match up the configuration settings to no avail. I have is that I can't ping the new firewall on it's inside interface, despite having "icmp permit any inside" in the running config. Secondly, the server I have on there ("Sar") can't connect out to the internet.I've included the ASA's running config incase anybody can see if something stands out. I have a feeling it's either not letting anything onto the inside interface, or there is no nat going on. Lastly (and possibly relevant), the firewall is actually going at the end of a vlan, which is different to the firewall's inside vlan number. I don't know if this is actually the problem because the server can't connect out even if connected directly into the firewall.
View 32 Replies View RelatedInternet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
I'm trying to troubleshoot an ASA5505.
The original goal was to block "Mumble/Murmur" (a voip app) traffic, which runs on TCP/UDP 64738, both inbound and outbound, except to a certain host (63.223.117.170).
However, when nothing I tried seemed to make a difference, just to troubleshoot, I decided to try blocking all inbound traffic. I first disconnected ethernet port 0/0 to ensure that it was cabled correctly and the outside interface went down when I did. That worked as expected, so I confirmed I had the right interface and it was cabled correctly.
I then applied a "any any deny ip" rule as the first element in the outside interface access_list, as you can see below. However, it appears to have had no real effect and the hit count is very low (it should be astronomical).
show ver
Cisco Adaptive Security Appliance Software Version 9.0(2)
Device Manager Version 7.1(2)
Compiled on Thu 21-Feb-13 13:10 by builders
System image file is "disk0:/asa902-k8.bin"
[Code].....
I’m stuck in some problem with installation of LMS4.0 in customer site.
- we purchase a LMS4.0(CWLMS-4.0-100-K9) but couldn’t install it on Windows server 2008 R2 64bit because those things don’t support each other.
- I need to upgrade the LMS4.0 to LMS4.2 that is supporting Windows server 2008 R2 64bit.
- So, I ordered following items via product update tool (url...) [code]
- In this status, how to install LMS4.2 with license for 100 devices? If I install R-PI12-BASE-K9 first, can i enter a licese for 100 devices for CWLMS-4.0-100-K9 into PI1.2?
i have CSC-SSM-20 i want to renew the license to support 750 users for 3 years if i have base license only and if i have base and plus as bundle?i want to know the steps and also the part numbers and what is the difference between these two part numbers
ASA-CSC20-750UP-1YASA 5500 CSC-SSM-20 750-User w/ Plus Lic. Renewal (1-year)
ASA-CSC20-750P-1YASA 5500 CSC-SSM-20 750-User Plus Lic. Only Renewal (1-yr)
Can i buy a plus license for asa 5520??
View 2 Replies View RelatedMy customer is asking to see the license for the SSM-10 card how do i access the card to show this information. the Firewall unit has a base licence installed.
View 2 Replies View RelatedI'm new to ASA and bought a used one from ebay but I cannot connect to the ASDM - I get an error in all the browsers.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
Having browsed the support forums and Google - it seems I need the 3DES license. I have obtained an activation key from Cisco and applied it to my ASA 5505 however I get a warning about the device is licensed for a higher software level. the license on the ASA is Security plus. When I apply the activation key from Cisco most of the features are disabled.
[Code] ......
Do I need the security plus license to do HA with two 5520's?I was told by our purchasing department that the 5520 was supposed to be able to do HA out of the box, but when I look I see only the VPN + license. Does that mean I can download the security plus license? Or do I even need it on the 5520.
View 2 Replies View RelatedNot abe to upgrade the IOS image PIx7.0 from earlier version 6.3 in to my old Pix-525 FO(Secondary unit) license box .
Is it possible to upgrade without Primary unit (Unrestricted License) ?
I have got ASA 5520. I am planning to install Cisco ASA AIP SSM-20 and Cisco ASA Content Security and Control (CSC) Security Services Module on ASA 5520.. However I am also thinking of adding AIP only as I can do the function of content filtering with proxy server. Relating this issue I would like to ask -
1. What would be the benefit of adding CSC ?
2. Do I have to pay the license cost every year for both of these SSM? What would be the cost ?
3. Upto how many SSM can I add into ASA 55020 ?