Cisco Firewall :: Update License Content Security And Control Info ASA 5510
Mar 20, 2013
I have to upgrade to an ASA 5510 CSC, and the new license is generated, the file you sent me licensing, only seen this:Activation Code not required for this renewal. Please go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date (BASE: 09/04/2014, PLUS: 09/04/2014).This means that what I have not make any upgrades or license charge in the ASA? Does the automatic update is made?
Is it possible have Content Security and Control Security in a ASA 5585-X? I´m asking because the CSC-SSM is only supported in ASA 5540, 5520 and 5510 and I dont know how it feature ca be supported on a new ASA 5585-X.
I have some clarifications regarding ASA firewall, it can be support bandwidth management and content security at the same time. we are looking for below features in ASA5510.
IP/Policy based bandwidth management.Controll the bandwidth and allocate the bandwidth to specified users or servers.Content Security. If not, which device I need to set for Internet Bandwidth Management and content security.
I have a ASA 5510 with Security Plus License and when I looked at the devices a few days ago I had 2 contexts, however after configuring the Mgm port as a regular port the contexts show 0, why? I can not find any post on the internet where this issue has happen: here is the output from show ver:
Cisco Adaptive Security Appliance Software Version 7.0(8) Compiled on Sat 31-May-08 23:48 by builders System image file is "disk0:/asa708-k8.bin"
What's the difference between VPN Plus license and Security Plus license. I have new 5520 shipped with VPN Plus license.Also does it require a seperate license for Anyconnect for Mobile and AnyConnect Essentials.
We want to have a ASA5510 with both IPS function and Content Security feature, while I checked on Cisco website, looks like ASA5510 or 5520 only have one SSM slot, so I can only use either AIP module or CSC module, does it mean I can not get both features at the same time.
Right now I want to have IPS function and anti-spam, anti-virus, antiphishing, content filtering, URL blocking such feature, so what do I need to buy to have all of these function in one device?
Our requirement with that appliance is to do URL blocking and filtering.Are there any other options we can consider or is it SaaS only. Would have preferred Trend Micro, but don't this is possible with this appliance.Will content security be offered on the Cisco ASA 5500-X Series?At this time, content security services are not supported on the Cisco ASA 5500-X Series appliances. However, the ASA 5500-X Series Cisco Cloud Web Security ready. Cisco Cloud Web Security provides content security as a cloud-based software as a service (SaaS).
### Cisco Adaptive Security Appliance Software Version 8.0(3)6 Device Manager Version 6.0(2) Compiled on Thu 17-Jan-08 17:42 by builders System image file is "disk0:/asa803-6-k8.bin" Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 256MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB ###
The question is what i need to add the CSC10 SSM with content filtering and url filtering to this version of ASA? Do I need more ram? Do I need more flash? Is this version compatible with the CSCSSM hardware? What licenses i need for 100 users?
We’ve ordered ASA 5510 with security plus license as below description:
ASA5510-K8 ASA 5510 Appliance with SW, 5FE, DES L-ASA5510-SEC-PL= ASA 5510 Security Plus License w/ HA, GE, more VLANs + conns
The license details on the appliance shows as the below, Fail over : Enabled Encryption-DES : Enabled Encryption-3DES-AES : Disabled Security Contexts : Default GTP/GPRS : Disabled Any Connect Premium Peers : Default Other VPN Peers : Default Advanced Endpoint Assessment : Disabled Any Connect for Mobile : Disabled Any Connect for Cisco VPN Phone : Disabled Shared License : Disabled UC Phone Proxy Sessions : Default Total UC Proxy Sessions : Default Any Connect Essentials : Disabled Bot net Traffic Filter : Disabled Inter company Media Engine : Disabled
I’ve noticed that the 3DES is disabled, do I need to order another license to use 3DES or not ?Also, I need 2 ~ 5 branches to connect simultaneously and have VPN access on their laptops to the main branch via vpn software, which VPN software I should use and is our license enough or I should order another license.
I run a website for a local football team using Serif Webplus X6. On uploading the weekly updates of the site the process seems ok for a few minutes with progress bars showing uploading of files but then it all stops and I have to reset my wireless network adaptor 1703 and it continues but I can't just leave it to work on its own. Device manager says that the drivers are up to date but I'm fed up with having to nurse the adaptor. This didn't happen with previous computers.
I'm currently reconfiguring an ASA5510 installation to a HA setup with a second 5510. The old 5510 has an "AnyConnect for Mobile" license which isn't being used. So we upgrade that one to a SecPlus License to enable failover posibilities and we bought a new 5510 also with a SecPlus license. When I'm trying to enable failover I get the message that my mate hasn't got the "AnyConnect for Mobile" license. I know for failover both devices must be exactly the same (at first i thougth that the AnyConnect license would be lost when upgrading to SecPlus). So now I'm wondering and searching for solutions to remove the AnyConnect license (because we don't use it).
I'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
I am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
Do I need the security plus license to do HA with two 5520's?I was told by our purchasing department that the 5520 was supposed to be able to do HA out of the box, but when I look I see only the VPN + license. Does that mean I can download the security plus license? Or do I even need it on the 5520.
I have Cisco ASA5505 8.2(5) connected with Cisco 5520 8.2(1) via IPSEC tunnel, I was able to SSH from the inside 5520 to inside IP of the asa5505. but I after I upgrade the license to security plus at 5505 I lost the SSH and ASDM to inside IP of 5505 from the inside network of the 5520. however I still can use SSH and ASDM on outside IP of 5505.
I did a lot of testing to make it work but I couldn't I added SSH 0.0.0.0/0 inside and outside also I added acl on both interfaces. when I did a trace on the outside interface from the private network of 5520 to 5505 inside IP I got IPSEC spoofed by the way that trace only works with security plus because I try to test on all my other firewalls 8.2(5) it shows nothing and all my firewalls can accessed from the private network 5520 except the one with the security plus!
I need your support for upgrading the Security context license on 5550, at present we have 5 Security context license installed in ASA but we want it to increased till 10 conctexts. I want to understand if we need to get addtional 5 Security context license or 10.
I have a two ASA HA and I'd like to upgrade the license to ASA5500-SSL-250. I need to know if i have to purchase one license (ASA5500-SSL-250) for the Active unit and one license (ASA5500-SSL-250) for the standby unit.
1) Will I be able to update firmware (from 8.2 to 8.3 or higher for example) without smarnet for ASA 5510? And what can not I do without smartnet? 2) I have only AIP-SSM-10 module to this asa 5510. is there a smartnet for it, too? And when I buy only module is there build in a 1 year subscription for IPS signatures? 3) If I have Cisco ASA 5510 base license, will my IPS on AIP-SSM-10 work? 4) Also I'm planning in a year buy one more 5510 with same module and put ther in failover. Will I really need Security Plus license for failover (Active/Standby)? For Active/Active I know that I need one, yes?
I have a problem with ASA5510 CSC10 license renewing. Initially, we had CSC license with 500 seats, and renewed it to 250 seats. After that every time it shows that license expires day before today.(for example if today is 4 April it show that license expires on 3 April).
Clicking on "Check Status Online" didn't work. What can correct this problem ?
I am looking for redundant asa deployment for fail over set up . however both units have csc cards. does this product ASA5510-CSC10-K9 has license for fail over ? what's the part no for asa failover license ?
We recently upgraded a ASA 5505 with the security plus license to allow us to add a second subnet, but are having a few problems configuring the second subnet. The original subnet we have configured 10.1.1.0 is able to access the internet without any problems. However the new subnet 10.1.5.0 is unable to access the internet and when we ran a trace packet the nat config nat (inside) 1 0.0.0.0 0.0.0.0 is showing as the rule that drops the packet.
Additionally we have not been able to get the 2 subnets to talk to each other even though same-security-traffic permit inter-interface is configured. How to configure the subnet 10.1.5.0 to access the internet or to get the subnets to communicate. Below is a streamlined version of our current config.
I'm currently working on setting up 2 ASA 5510's with redundancy/failover. I'm not an expert when it comes to the ASA's so I'm not 100% sure if I can do what I need to.I have 2 inside networks that need to remain separate, a DMZ network,and an outside network. Since each network connects via ethernet to one of the 4 ethernet ports on the ASA 5510's, all 4 ethernet ports on the ASA 5510 will be in use. If I wanted to setup one firewall as Active and the other as standby, how would I go about doing that? Do I need a direct ethernet connection between the 2 firewalls to use something such as HSRP? Or would the Standby firewall be able to tell if the Active firewall is OK since they would both be connected on each of their interfaces to the same networks?