Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput
Feb 27, 2013
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
View 5 Replies
ADVERTISEMENT
Oct 3, 2011
What is the difference between IP throughput routing throughput and firewall throughput
the reason is i am trying to spec a router for a mate who is setting up an online server for an old game ultima online which will have around 300-400 people each pulling around 10kb/sec
I recommended an 880 service router but when he spoke to a guy at the shop they said this would only run at 25mb/sec and he is plugging in to a 100MB/sec line
But the current router that is a home dlink which cost at most 60 Euros on a speed tester can pull 95mb/secI just don’t get how a 60 Euros router can download quicker than a 300-400 Euro router
They said try a ASA5505 that can do 150MB/sec of firewall throughput
View 1 Replies
View Related
Oct 19, 2011
We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary
View 2 Replies
View Related
Apr 15, 2013
I am trying to upgrade our ASA5520(Primary/Standby) to 8.45. Can i upgrade 8.25 directly to 8.45 or do i have to upgrade to 8.3 first?
View 1 Replies
View Related
Sep 7, 2011
I have a 2 ASA 5520 firewalls for high availability and need to upgrade IOS from 7.2(4) to 8.2 or latest. What could be the better way and upgrade procedure. Below is show version details and IOS upgrade to latest.
Cisco Adaptive Security Appliance Software Version 7.2(4)Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by buildersSystem image file is "disk0:/asa724-k8.bin"Config file at boot was "startup-config"
IGN-ASA-1 up 45 days 17 hoursfailover cluster up 45 days 17 hours
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHzInternal ATA Compact Flash, 256MBSlot 1: ATA Compact Flash, 512MBBIOS Flash M50FW080 @ 0xffe00000, 1024KB
[Code] ........
View 5 Replies
View Related
Feb 11, 2013
Due to increase of demands on our ASA cluster, we need to upgrade to a new cluster of 5545x. Our current config contains a lot of S2S & NAT
View 1 Replies
View Related
May 7, 2013
We have 2 ASA 5520s in active/standy. We run IOS 8.2(5)24 and I wondered if I need to upgrade as I see the versions have gone to 8.4 and beyond! We are not getting any issues and I'm aware of the difficult migration from 8.2 to 8.4 etc due to the NAT change.
View 3 Replies
View Related
Feb 27, 2013
I'm about to upgrade from an ASA5520 to ASA5525.
View 1 Replies
View Related
Aug 7, 2011
I have a couple of ASA5520 and ASA5550, and I wanted to know if it is worth it to upgrade the software from 8.2(4) to 8.2(5)? Because of the RAM I cannot upgrade to 8.3 for now.
View 1 Replies
View Related
Mar 11, 2012
We are currently on 8.0(4) and planning on upgrading our failover pair to 8.4.2, I read some documents saying that we can perform a zero downtime upgrade.
According the below documents Version 8.2 supports mismatch memory failover, [URL]
Upgrade Path:
Active Firewall: Standby Firewall:
8.0(4) 8.0(4)-->8.2.2
8.0(4) Upgrade RAM-2G---Reload
faiover to standby 8.2.2
8.0(4)--->8.2.2 8.2.2
[code]...
Can I perform zero downtime upgrade with the above upgrade path? Will both the firewalls act as a failover pair if one is on 8.2.2 and other is on 8.4.2.
"Performing Zero Downtime Upgrades for Failover Pairs
The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support." [URL]
View 4 Replies
View Related
May 23, 2012
I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of 10.20.20.16/28 configured. 10.20.20.17 is the ASA/Gateway and 10.20.20.19 is one host and 10.20.20.20 is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.
View 2 Replies
View Related
Dec 12, 2012
I need to upgrade the ASA 5520 from OS 8.2(5)26 to 8.2(5)33. the ASA only has 64M of flash. I have a 256M flash card. What are the steps to upgrade the flash? I am not sure how it will boot up because the new flash will be blank?
View 2 Replies
View Related
Oct 9, 2011
I have been asked to look at upgrading two 5520 ASA configured in a HA pair Active/Standby, from version 7.2(4) to version 8.3(1) to bring it in line with some other ASA firewalls in the organisation.
My question is can I simply upgrade straight from 7.2(4) to 8.3(1) or will I have to step the upgrade from 7.2(4) => 8.2(x) => 8.3(1)
Having read a few articles on the forums and the release notes I think I should be able to go from 7.2(4) => 8.3(1) .
The second part of my query is around the upgrade itself, having researched this a little there seems to be various views on how to go about upgrading a HA pair and I cannot find anything specific on the website.
The approach I am thinking of is simply as follows;
- upload images onto both firewalls in the HA pair
- On the standby from the CLI
clear configure boot
[Code].....
View 3 Replies
View Related
Jul 21, 2011
last night we tried to upgrade our cluster (2x ASA5520) from 8.0(4) to 8.2(3) and failed miserably.
1. Both units got the new image, but when we reloaded the secondary unit then we got the following strange message:
"Mate's license (10GE I/O Enabled) is not compatible with my license (10GE I/O Disabled). Fail over will be disabled."
After this message fail over was not there anymore and both units became active (!!!) which killed everything. Of course ASA5520 doesn't have 10GE and we have exactly the same units. What could be the problem here? Currently we run with a single unit with 8.2(3) and the secondary unit is switched off.
2. After the upgrade we cannot connect with multiple VPN sessions from the same client, this gets logged:
"Multiple sessions per tunnel are not supported"
This was working just fine with 8.0(4) and doesn't work with 8.2(3). Do we have to update something in the config or what is causing this? If you ask why we went with 8.2(3) instead of 8.2(5) then the answer is because we were testing that for several month in our secondary data center, but unfortunately only on a single ASA and not on a cluster. We couldn't go higher due to the 512MB RAM we have in all units.
And we had to upgrade, because we had crashes with 8.0(4) which was working fine for a long-long time.
View 7 Replies
View Related
Aug 16, 2011
I was trying to upgrade from 8.3.1 to 8.3.2. but I am unable to copy via tftp to the ASA flash or disk0:
ASA5520# copy tftp: flash:
Address or name of remote host []? 10.88.127.153
Source filename []? asa831-k8.bin
Destination filename [asa831-k8.bin]?
[code]....
Half way thru writing to the disk, it goes for a reboot. There is more than enought space on the disk0. I tried copying via a Compact Flash, but the ASA is not detecting the Compact Flash (which I thinks should be disk1). I tried copying a asdm file, even that also went for a reboot.I am stuck now, unable to upgrade
View 12 Replies
View Related
Mar 25, 2013
I need to upgrade the flash memory of the ASA 5520 from 256Mb to 512Mb. As far as I realized the built-in flash memory called system compact flash and there is also an empty slot which it is possible to install a user flash.
What is the difference between user and system compact flash? and for upgrade can I just insert the user compact flash or do I need to upgrade the system compact flash? Where can I find the part number for each type?
View 4 Replies
View Related
Feb 27, 2011
I'm getting ready to reload an ASA that will be a long drive if it doesn't come back up after this upgrade attempt.
View 9 Replies
View Related
Apr 20, 2011
I open case open to the Cisco about I am not able to get the SSH connection from ASA 5505 after upgrade the IOS 8.2.3 and Device Manager 6.3.3 from the older IOS 7.2.4 and device manager 5.2.4.
I am working in MNC and we have more than 30 office around the world.We have all offices have ASA5505 which we upgrade 3 years before and Now We are in procession to upgrade the IOS on all ASA5505 to all 30 offices.
But after I upgrade the 10 offices and relieze that not able to get SSH connection to ASA5505 with new IOS 8.2.3.I opened the 2 times case and call the Cisco Technical but no luck so far.
View 11 Replies
View Related
Jan 18, 2012
I have been delaying an upgrade past 8.2.5 because it is stable and I didnt feel like learning a new way of doing NAT because of the way the code was changed. What is forcing me to go down this path is that I need to be able to let protocol 41 pass through the firewall which doesnt work in 8.2.5 and is what is making me look at 8.3 or 8.4
I know that I will have to install a memory upgrade on both my lab 5505's before I can install the upgraded binary. Will be ordering that in the next few days.
Any suggestions on going to 8.3 or 8.4 based on the reason for the upgrade ? I had been told by TAC to stay away from 8.3 but never got a good reason for that. My lab config (i.e. home ASA) is pretty straight forward (no SSL or IPSEC config), so I would hope it would go fairly smooth. I had heard a lot of horror stories early on but wanted to see how things had been going for everyone with the later versions of code.
View 1 Replies
View Related
Aug 3, 2011
I just upgraded an ASA5505 running 8.4.1 to 8.4.2 after noticing that I was experiencing the ssh bug described here: [URL]. Now every time I reload the unit I get the following message on the console:
Reading from flash...
!!...
Cryptochecksum (unchanged): b19f76ce 30b189e5 9272b4d4 4f746634
Type '?' for a list of available commands.
[Code]...
I tried searching for this message with no luck at all. The firewall seems to be working ok as I can still get online and my VPN tunnels are up,
View 3 Replies
View Related
Feb 28, 2013
I have been browsing the forum and the support notes for a couple of hours and haven't found a definitive answer to my question. Our ASA is on the subject versions. I watched a video on YouTube stating that upgrading the ASA is easiest if you upgrade ASDM, then the ASA. Problem is, I don't think I can upgrade ASDM first because I don't see a version that is compatible with ASA 7.2.x and 8.0.x.
View 3 Replies
View Related
Jan 30, 2012
I am trying to get experience with 8.4 code on my 5505. I purchased a Cisco 512MB memory upgrade and installed it. It booted up once and I thought I was ok. I then looked down and noticed that all lights were blinking on the front panel and I had no console access.
[code]...
View 5 Replies
View Related
Jan 24, 2013
I am trying to find out the best path to upgrade to two ASA 5510 running 9.0 (1). I know there are changes in the new version. Let me know what information you need and i will post.
View 2 Replies
View Related
Dec 17, 2012
I have a Cisco ASA 5505 device with basic (default) license, currently all my reirections, VPN's, VLAN's(3 Vlan's) etc are configured on the same and are working fine.Now i need to upgrade my basic license to "Security Plus" for some additional features, if i upgrade it directley is there any complications in present rules, below is my doubhts
1. if i upgrade, did it change any of my present configurations ?
2. is there any name change or property changes for VLAN's or VPN's
3. did it affect the firewall functions
4. If anything goes wrong, can i restore it in to my old state using my previous dump.
View 1 Replies
View Related
Nov 16, 2011
I have successifuly upgraded ASA and ASDM image. My question is how to make it to boot it as default when you do a factory reset of the device. For the ASA image I found out that it will boot the first image it founds on the flash, so I left only the latest bin file and if I do factory reset it boot the latest. But for ASDM it still boots the old one, because there is no "asdm image disk0:/asdm-645.bin" command in the config. I`m not sure how, because I only left the new ASDM bin image. Is there any variable or something that still points to old asdm image?
My ASA version is 8.4(2) and ASDM 6.4(5). The old one was ASA 8.2 and ASDM 6.3.
View 2 Replies
View Related
May 26, 2013
Site A:
ASA5520
VLAN data subnet 172.16.10.x/24
VLAN Voice subnet 10.0.0.x/24
Site B:
ASA5505 Base license
VLAN data subnet 192.168.10.x/24
VLAN Voice (restr) subnet 10.0.1.0/24
The callmanager is located on site A and needs to sent out DHCP-offers to site B through the VPN so the IP-phones can register to the callmanager. I got the VPN up and running for the data-subnet but i can't get traffic through the voice-subnet/VLAN.
Can the ASA's do the job or do I need to route traffic before the ASA's on both sides and sent it through the tunnel, configured both subnets as interesting traffic? Ofcourse the last situation I need to upgrade the license for the 5505 to gain more VLAN's.
View 4 Replies
View Related
Feb 12, 2013
is it possible to configure a webfiltering on ASA 5505,5510,5520 ? So if its possible can you provide us a configuartion template.
View 3 Replies
View Related
Apr 19, 2012
We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?
View 1 Replies
View Related
Aug 21, 2012
I have several ASA-5505 units with the SecurityPlus license. These are running older OS versions and I would like to upgrade them. I am wondering if I will lose the SecurityPlus if I upgrade the image to 8.3
View 4 Replies
View Related
Sep 19, 2012
Before upgrading to 8.4(4)1 I was able to ping our inside interface accross the VPN. Now I cannot. Because ping is not working, my SNMP server thinks that the device is offline however I know the VPN tunnel is still up and the remote branch office is working fine. Here is the config of the branch office ASA 5505 in question. How to get icmp working again?
ASA Version 8.4(4)1
!
hostname BranchASA5505
domain-name houston.deh
[Code].....
View 2 Replies
View Related
Oct 18, 2012
My macbook pro recently upgraded to the last version of java and now I can open the ASDM for my Cisco ASA 5505, when I try open, only show me the window of Java 7 ..., and don't load the ASDM.
View 15 Replies
View Related
Aug 29, 2012
I have DSL 8Mbps DL and 768kbps UL,Internet -> Modem -> Cisco Router -> Firewall -> Switch Core - > Multiple switches like sfe2000p,CiscoRouter: i use port gig0/1 for PPPoE and i use port gig0/2 for LAN static,Router port gig0/2 with 122.54.144.153/29 connected directly to Firewall port13 with 122.54.144.154/29,i want 122.54.144.153/29 will my default gateway,Please include no limit bandwidth,filter etc at router, Firewall will be DHCP Server and control the bandwidth, filtering etc and the client computer should get 8Mbps.
View 2 Replies
View Related
Mar 1, 2013
I recently upgraded the flash and the RAM on one of my ASA 5505 lab machines. The flash was upgraded from 128 to 512MB and the RAM was also upgraded from 256 to 512MB. I am using asa845-k8.bin. The firewall boots and runs file until you issue the reload command. The system shuts down but never reloads.
View 11 Replies
View Related
