I have several ASA-5505 units with the SecurityPlus license. These are running older OS versions and I would like to upgrade them. I am wondering if I will lose the SecurityPlus if I upgrade the image to 8.3
View 4 RepliesI'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
I'm getting ready to reload an ASA that will be a long drive if it doesn't come back up after this upgrade attempt.
View 9 Replies View RelatedI open case open to the Cisco about I am not able to get the SSH connection from ASA 5505 after upgrade the IOS 8.2.3 and Device Manager 6.3.3 from the older IOS 7.2.4 and device manager 5.2.4.
I am working in MNC and we have more than 30 office around the world.We have all offices have ASA5505 which we upgrade 3 years before and Now We are in procession to upgrade the IOS on all ASA5505 to all 30 offices.
But after I upgrade the 10 offices and relieze that not able to get SSH connection to ASA5505 with new IOS 8.2.3.I opened the 2 times case and call the Cisco Technical but no luck so far.
I have been delaying an upgrade past 8.2.5 because it is stable and I didnt feel like learning a new way of doing NAT because of the way the code was changed. What is forcing me to go down this path is that I need to be able to let protocol 41 pass through the firewall which doesnt work in 8.2.5 and is what is making me look at 8.3 or 8.4
I know that I will have to install a memory upgrade on both my lab 5505's before I can install the upgraded binary. Will be ordering that in the next few days.
Any suggestions on going to 8.3 or 8.4 based on the reason for the upgrade ? I had been told by TAC to stay away from 8.3 but never got a good reason for that. My lab config (i.e. home ASA) is pretty straight forward (no SSL or IPSEC config), so I would hope it would go fairly smooth. I had heard a lot of horror stories early on but wanted to see how things had been going for everyone with the later versions of code.
I just upgraded an ASA5505 running 8.4.1 to 8.4.2 after noticing that I was experiencing the ssh bug described here: [URL]. Now every time I reload the unit I get the following message on the console:
Reading from flash...
!!...
Cryptochecksum (unchanged): b19f76ce 30b189e5 9272b4d4 4f746634
Type '?' for a list of available commands.
[Code]...
I tried searching for this message with no luck at all. The firewall seems to be working ok as I can still get online and my VPN tunnels are up,
I have been browsing the forum and the support notes for a couple of hours and haven't found a definitive answer to my question. Our ASA is on the subject versions. I watched a video on YouTube stating that upgrading the ASA is easiest if you upgrade ASDM, then the ASA. Problem is, I don't think I can upgrade ASDM first because I don't see a version that is compatible with ASA 7.2.x and 8.0.x.
View 3 Replies View RelatedI am trying to get experience with 8.4 code on my 5505. I purchased a Cisco 512MB memory upgrade and installed it. It booted up once and I thought I was ok. I then looked down and noticed that all lights were blinking on the front panel and I had no console access.
[code]...
I am trying to find out the best path to upgrade to two ASA 5510 running 9.0 (1). I know there are changes in the new version. Let me know what information you need and i will post.
View 2 Replies View RelatedI have a Cisco ASA 5505 device with basic (default) license, currently all my reirections, VPN's, VLAN's(3 Vlan's) etc are configured on the same and are working fine.Now i need to upgrade my basic license to "Security Plus" for some additional features, if i upgrade it directley is there any complications in present rules, below is my doubhts
1. if i upgrade, did it change any of my present configurations ?
2. is there any name change or property changes for VLAN's or VPN's
3. did it affect the firewall functions
4. If anything goes wrong, can i restore it in to my old state using my previous dump.
I have successifuly upgraded ASA and ASDM image. My question is how to make it to boot it as default when you do a factory reset of the device. For the ASA image I found out that it will boot the first image it founds on the flash, so I left only the latest bin file and if I do factory reset it boot the latest. But for ASDM it still boots the old one, because there is no "asdm image disk0:/asdm-645.bin" command in the config. I`m not sure how, because I only left the new ASDM bin image. Is there any variable or something that still points to old asdm image?
My ASA version is 8.4(2) and ASDM 6.4(5). The old one was ASA 8.2 and ASDM 6.3.
We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?
View 1 Replies View RelatedBefore upgrading to 8.4(4)1 I was able to ping our inside interface accross the VPN. Now I cannot. Because ping is not working, my SNMP server thinks that the device is offline however I know the VPN tunnel is still up and the remote branch office is working fine. Here is the config of the branch office ASA 5505 in question. How to get icmp working again?
ASA Version 8.4(4)1
!
hostname BranchASA5505
domain-name houston.deh
[Code].....
My macbook pro recently upgraded to the last version of java and now I can open the ASDM for my Cisco ASA 5505, when I try open, only show me the window of Java 7 ..., and don't load the ASDM.
View 15 Replies View RelatedI have DSL 8Mbps DL and 768kbps UL,Internet -> Modem -> Cisco Router -> Firewall -> Switch Core - > Multiple switches like sfe2000p,CiscoRouter: i use port gig0/1 for PPPoE and i use port gig0/2 for LAN static,Router port gig0/2 with 122.54.144.153/29 connected directly to Firewall port13 with 122.54.144.154/29,i want 122.54.144.153/29 will my default gateway,Please include no limit bandwidth,filter etc at router, Firewall will be DHCP Server and control the bandwidth, filtering etc and the client computer should get 8Mbps.
View 2 Replies View RelatedI recently upgraded the flash and the RAM on one of my ASA 5505 lab machines. The flash was upgraded from 128 to 512MB and the RAM was also upgraded from 256 to 512MB. I am using asa845-k8.bin. The firewall boots and runs file until you issue the reload command. The system shuts down but never reloads.
View 11 Replies View RelatedI used ASDM to upgrade a 5505 tonight and now I get the error message attached. How/where do I find out which versions are compatible?
View 2 Replies View RelatedI have a printer sitting on an outside interface e0/7 that external vendors were able to print to prior to an ISP IP address change and IOS upgrade.
We upgraded our IOS from 8.2.1 to 8.2.5. The printer wasn't changed so the MAC address mapping is still correct on the ISP translation list. The ISP issues DHCP MAC reservations for static IP address assignment. My printer doesn't seem to be getting the DHCP assignment now.
Here is the before and after config. I'm just wondering since this worked prior to changeing the IP and IOS changes if there is another command I need since upgrading from 8.2.1 to 8.2.5. The DHCP IP address is assigned and is working on my e0/0 vlan2 outside interface.
Config that worked prior to the IP and IOS change. hostname hrhdomain-name hrh.comenable password passwd multicast-routingnamesname 10.200.200.0 TestNet!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.8 255.255.255.0ospf cost 10ospf network point-to-point non-broadcastospf
[Code]....
I am running two ADSL lines into one C1921 router with 2 ADSLoPOTS cards installed.If I copy the firmware flash file on to the router (adsl_alc_20190.bin) and reboot, only one card shows the new firmware (slot 0).So sh dsl int atm 0/0/0 shows new firmware but sh dsl int atm 0/1/0 shows no change.How do I upgrade them both?
View 2 Replies View RelatedI found my CSC module installed in ASA 5510 unresponsive. I tried to recover / re-image the module with .bin file. but I think it is not possible to re-image because there is no rechability with CSC module, and session 1 command also doesn't work,
you can see the response here.
CS-ASA# session 1
Opening command session with slot 1.
Card in slot 1 did not respond to session request.
CS-ASA#
In this case how to enter into the module?
I removed and inserted the module and tried to reach to it .. but couldnt solve . I just wanted to know whether hardware is dead or not.
If ASA5525 with ASA8.6(1)2 can be browsed using ASDM7.0(1), as currently i'm running ASDM6.6(1) if it will work, any document how to do the upgrade using GUI screen?
View 8 Replies View RelatedWe have just installed a Cisco RV120W behind a third party firewall. All works correctly now, but we are struggling to get the Quick VPN clients connected. I have enabled port forwarding for PPTP & L2TP over IPSEC on the third party router, but still cannot connect (the RV120W was previously used as a primary router & worked perfectly). What ports do I need to open on the third party router to get this to work correctly?
View 4 Replies View RelatedI have Asa 5510 with base license and no 3des free license installed on to it.Will it be required for both the licenses to be installed on it for site to site tunnels to establish.This firewall is not taking the below commands to give and the tunnel is not getting through.tunnel-group x.x.x.x type ipsec-l2ltunnel-group x.x.x.x ipsec-attributes.
View 3 Replies View RelatedI have installed a new SSL certificate on our ASA 5500. I removed the old one, installed the new one. And associated the trust points with the interface we use for Web Connect and Any Connect connections.
They are still seeing the old expired certificates. Users can still log in and authenticate but I would rather them see the correct certificate.
I have FSWM active/standby installed in 6509-E core switches running following FWSM Firewall Version 3.1(3) Device Manager Version 5.0(2)F..I want to upgrade to latest FWSM version as well as ASDM, I downloaded asdm-622f.bin and c6svc-fwm-k9.4-1-5.bin from cisco portal. When i checked the show version of FWSM, it says..The Running Activation Key is not valid, using default settings: Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000
I have gone through threads on CSC about how to upgrade FWSM in failover mode, now my concern is, Do i have to take care about activation key or keep as it is ? I have maintenance contract with cisco for all devices.
if there's a way to upgrade my ASA5505 to support gigE without spending an arm and a leg for an ASA 5510?
View 4 Replies View RelatedMy client is having a 5505 which supports 2 SSL peers as per now and we want an upgrade . I had a look into GPL and I was confused with two of the following part numbers . Which one should I go for as both of these look same for me and there is a huge difference in price .
ASA5500-SSL-10
ASA 5500 SSL VPN 10 Premium User License
ASA-AC-E-5505
AnyConnect Essentials VPN License - ASA 5505 (25 Users)
I have a cisco ASA5505, with base license, it appears I can only have 2 ssl/webvpn connection running at any one time. How can I upgrade only the webvpn portion to allow more licenses?
View 2 Replies View RelatedI upgraded an ASA 5505 from 8.3(2) to 8.4(4) this evening. The 5505 is a backup and used to perform testing prior to production changes. After the upgrade was complete, a VPN tunnel began to fail. I did a limited search online to see if this was a known issue or something new. I also reviewed the release notes but did not see anything that matched the issue I received.
My concern is that this tunnel configuration is scheduled to be deployed to the production firewalls next week after their upgrade. But if it failed on the upgraded test unit, it may fail on the production units.
I downgraded the backup unit to 8.3(1) and verified that the tunnel indeed worked at that level.
Attempting to upgrade from ASA 8.3.2, ASDM 6.3.4, Any Connect 2.5.1 to ASA 8.4(4)1, ASDM 6.4(9) and Any Connect 3.1.00495 using ASA 5505.
Client is Windows XP SP3 w/ IE7. Can log into the ASA web portal and starts to install via ActiveX. I get past the IE7 message bar to authorize installing the ActiveX control. I briefly see a message that says "ActiveX could not be launched" (I think. It is very fast) and then the install hangs w/ the message in the web connect dialog about the IE7 message bar. If I let the timer expire, the java install also fails. If I download the installer via the web portal, and install Any Connect via the downloaded installer, everything works fine.
Same problem w/ ASA 9.1.1, ASDM 7.1(1) and Any Connect 3.1.02026. I have added the web page address to the trusted zone, and checked all the zones for permissions to install ActiveX controls, etc. Worked w/ the older/original software when I remove the kill bit for Microsoft KB2736233. Have not installed any custom Any Connect profile to use transforms. I did see in the release notes some information on NO INSTALL ACTIVEX=0, but I think this applies to the per-install package only.
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies View RelatedI have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies View Related