My customer has a rather complex configuration on an ASA 5510 running version 8.2.
They are migrating to new ASA 5515X models which of course only version support 8.6
How can i convert the configuration from 8.2 to 8.6 since the new ASA's do not support the earlier versions?
The X series seems to be a great option for new deployments but what about replacements of existing older models?
I need to upgrade to firewall which supports Active/Standby configuration.I am currently using a ASA-5510,SSM-20 8.2(5).Will the configuration file from the ASA-5510 work on the 5515X?
View 1 Replies View RelatedI will be implementing a new firewall (cisco asa 5515x) on my existing 3750x (server switches) and my 2960s (user switches). What should I need to apply on my firewall and swtiches to make the implementation successfull. I will put my 3750x as my DMZ and my 2960s as my inside. The 3750x have multiple subnet and also the 2960s.which features and technologies i need to know on those 3 products. my 3750x and 2960s don't have any ACL defined and most common features are vlan, switchport, trunking, spanning-tree, stacking, vtp.how my asa knows that my 3750x/2960s have multiple vlans. my current connection right now on 3750x and 2960s is just through 6 ports i assigned as one trunk, below is my config [code]
my 2960s vlans are almost the same with my 3750x except vlan 160, 170, 192. but of course when i put this in asa, i have to segragate vlan for 3750x (192, 100, 110,160, 170) and 2960s (130, 150). for my 2960s connection to the asa and since this will have big bandwidth, i will use 3 ports on my asa (and trunk it) connecting to my 2960s and i will use 2 ports on my asa (and trunk it) connecting to my 3750x. the one internet ports and my one management ports on my asa will stay like that.
I have a strange issue which happened to me last weekend with two ASA 5515X on version 8.6(1)2. There was a planned power shutdown which only affected the primary firewall. Failover was configured and running successfully. The configuration was also saved after every change made. After power was shut and primary firewall went off the secondary took over like it should but unfortunately all configuration was gone. We immediately powered on the primary again but also this one lost the configuration.
While reconfiguring the firewall we ran into another problem. The devices won't pair although it was the correct configuration. After three times removing and adding the same failover configuration the devices accepted the failover and worked together again.
I went through the bug toolkit and white papers regarding ASA 5515x and this particular version but were not able to find anything.
I am in a process of replacing the Cisco ASA 5510 with 7.3 OS with a new Cisco ASA 5515X with 8.6OS. In the existing Cisco ASA 5510, we have configured 'no nat-control' for which the traffic from all sub-interfaces were flowing to the lower security interfaces without any NAT command. Just access-lists were configured. Now how do i acheive the same in the Cisco ASA 5515X with 8.6? I do not find any 'no nat-control' command available for it.
View 3 Replies View RelatedWhat is the maximum number of contexts a pair of 5515Xs in HA mode can support?
I know each 5515X can have a max of 5 contexts, but does that mean in HA mode a pair can support 10 with license pooling?
I'm using ASA 5515X my concern is I was not able to block the traffic of P2P such as BitTorrent etc. I was also view some technotes on how to use webfilter without using Websense or Smartfilter tools and lucky I'm able to block certain websites. how to block the traffic of P2P?
View 2 Replies View RelatedI have ASA 5515x and it has already Internet Connection since my firewall is not "production". So right now I'm trying to configure a Remote Session just for a test and eventually I was not able to connect from it. I followed the instructions from technotes but still Remote Connection dropped. Here's my sample configuration on my firewall, btw I also configured a service policy rule and ACL just to make sure if I can able to access the Server inside my network but Session also dropped.
nat (inside,outside) source static 1.1.1.1 2.2.2.1
access-list 110 extended permit tcp host 3.3.3.1 host 2.2.2.1 eq 3389
CiscoASA(config)#class-map rdpmss
[Code].....
I have a misanderstand about management interface configuration in cluster. So I have a cluster asa 5515X with management interface. i Would like to be able to connect to any of the member of my cluster on management interface, so i would like to fix a different ip on management interface on each of my node ip 92 and 91. I think it is the only way to make asa firmware update to access local flash on each node.
my config
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif
[Code].....
im new to cisco asa and the model is 5515x with license plus. below is my config at home,
ciscoasa#
ciscoasa# sh run
: Saved
[Code]......
I have a customer who is going to host a VOICE services like providing SIP services to its customers. What specific ports required to be opened up for this on ASA 5515X. I would rate it ASAP.
View 3 Replies View RelatedI need to know if the cisco ASA next generation specially ASA 5515X support PBR or no ?how to implement it? Also if i have many internet connections and i need to dedicate 2 ISP’s ADSL internet lines to certain service (such as mail) if the 1st fail, so the 2nd line come up to make redundancy with it ----------- Is this available on cisco ASA next generation.
View 1 Replies View RelatedI have a FWSM cluster that I exceeded the maximum number of static nat entries on. i migrated the connectivity off to a pair of PIX 535's that seem to be handling the adderess translation needs. however the number of NAT entries being required is increasing and being the PIX series wal EOL'd several years back..I need to replace them.. The static 1-1 nat entries cannot be summarized into network as the hosts that are being nat'd are scattered all over various micro subnets in the all 3 rfc1918 ipv4 address ranges and they are being manged directly by snmp and SNMP-trap and other services that prohibit the use of many-to-one nat. Is there a mknown maximum number of static 1-1 nat entries that can be defined on the ASA 5515-x, 5525=x and higher ASA firewalls? Say I wanted to be able to grow to 2500 or more static 1-1 nat entries. I am currently running 2010 1-1 static host nats currently.
View 1 Replies View RelatedI'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
i have asa 5505 with the asdm v5.2 (4), and the asa v7.2(4). This platform has a base license. if i upgrade adsm and asa on v6.2(1) and v8.2(2) if I lose my license and that you need to activate them? i configured site to site vpn (this firewall and the another) that i lose my configuration if i upgrade my firewall.
View 2 Replies View RelatedI have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies View RelatedI have a problem trying to connect a VPN site to site between a FWASA 5515X - ASA5510. [code] The configuration in the 5510 its the old one that i been using with a firewall 5505.
View 1 Replies View RelatedI have recently gone to upgrade my firewall to version 8.4.4, but afte i upgraded this all the network objects have all got jumpled up, lost there descriptions lost there names and there are some duplicates.
View 1 Replies View RelatedUpgrading from 7.2 to 8.4 cisco ASA rewrite itself commands? Nat for example is different from 8.3/8.4 right?
View 4 Replies View RelatedI am upgrading a active/standby pair of asas 5520's from 8.4.1 to 8.4.5. I am wondering if there is anything i need to be careful of. I do use a lot of Nat policys and i have had issues with 8.4.1 and proxy arp so i hard coded alot of my nat ip's.is there a good procedure? I want toupgrade one and keep one shut down while i test all my applications and connectivity and then bring it back online and upgrade it.
View 3 Replies View RelatedI have never touched a firewall box before but i need to upgrade the IOS on 2 ASAs that are running in production. I am upgrading from 8.2(2) to 8.2 (5). Just to point out, one of the firewalls is having SSM module with it. Below in the end is the "sh inventory" output.I have downloaded the asa825-k8.bin and asdm-645-106.bin files already on my computer. Two queries to clear off:
1. Wanted to know if I need to download any more files. Like some feature licenses or anything else? I did "dir flash: to see what contents it had already and this was it:
28 -rwx 16275456 02:18:46 Nov 07 2010 asa821-k8.bin
129 -rwx 11348300 04:34:32 Nov 07 2010 asdm-621.bin
3 drwx 4096 08:03:46 Jan 01 2003 log
10 drwx 4096 08:04:00 Jan 01 2003 crypto_archive
11 drwx 4096 08:04:32 Jan 01 2003 coredumpinfo
2. How to I take a complete backup like it works in ASDM v6.2 "Tools->Backup configurations". I was reading thru the RN for doing that and what I could understand, it was talking about some "export" thing but it did not make much sense to me.Below is the sh version and sh inventory from both the ASAs?
FW01# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
[code]....
I'm upgrading an ASA from 7.2.4 to 8.2.5 due to memory requirements for 8.3. My question is should I upgrade to 8.2.5 or to the interim for 8.2.5. I would prefer not to upgrade to 8.2.5 and then hit the bug for the ASA leaving connections open and then have to upgrade to the interim anyway. But I know that it is advised not to upgrade to interim levels unless you have specific requirements or issues to fix.
View 2 Replies View Relatedwe have ASA 5510 which we need to upgrade from 8.0(3) to 8.2.5. can we directly switch to 8.2.5 from 8.0(3) , if not what all versions we need to go from.
What all point needs to check before that following is show flash output.
97 14635008
Jan 01 2003 14:12:16 asa803-k8.bin 98 4096
May 14 2008 21:22:10 tmp 2 4096
Apr 20 2008 02:21:46 log 6 4096
Apr 20 2008 02:22:16 crypto_archive 99 6851212
[Code] .....
I am having ASA5510 firewall which has 1GB RAM currently. I want to upgrade to 2GB. When I opened the box, I can see only 1 slot to insert the RAM. I searched in Cisco website and I got to know that I need to use 2 x 1 GB RAM. So, I need to have 2 slots to do that. But, I am having only 1 slot in the box.
View 5 Replies View RelatedWe have 2 x ASA5520 and I upgraded this to 8.2.2 last year, I see 8.2.5 and now 8.4 is out. If we are having no issues, is it best just to leave it as it is? I can see a couple of features I may find useful in 8.2.5, but 8.4 seems like a huge jump and a risky one too.
View 1 Replies View RelatedIs it possible to upgrade directly from 8.0(4) to 8.2(5) software in 5510. Is there be any workaround in regards to the config.
View 3 Replies View RelatedI'm getting ready to reload an ASA that will be a long drive if it doesn't come back up after this upgrade attempt.
View 9 Replies View RelatedWe are about to upgrade our ASA's from 7.04 to 8.2. Obviously I will be opening a TAC case to assist with the upgrade and I will also be upgrading ASDM software at the same time. These production firewalls are paired with an active --> failover scenario and not active --> active. I had previously engaged cisco regarding the upgrade and they have recommended an upgrade path to ensure success. Also, I have a pair of test ASA's that I've gone through the upgrade process with - documenting the changes in commands and any changes in my config (I didn't notice any).So, the reason for my post is this: What are the gotcha's that you may have run into when upgrading your ASA's?These are fairly high visibility ASA's and any downtime due to the upgrade needs to be mitaged as much as possible.
View 1 Replies View RelatedI want to upgrade a pair of FWSM in active failover from 4.0(4) to 4.1(8) i just want to double check the process. i have tftp access to the primary at the minute. i cannot access the same tftp server with the standby. do i need flip over to the standby to be able to tftp the image across?
failover activehostname# changeto system
hostname# copy tftp://x.x.x.x/c6svc-fwm-k9.4-1-8.bin flash:image
hostname# copy tftp://x.x.x.x/asdm-622f.bin flash:asdm
hostname# reload
Once i have the images loaded i reload both at the same time?[URL]
We wish to upgrade 8.2(3) to 8.2(5) on our asa 5520 and 5510. I have been looking for Cisco guides for installation instructions but havent been able to track any. or is it just as striaght forward as copy image, reboot secondary and the primary
View 2 Replies View RelatedUpgrade from firmware 8.21 5o 8.31? I am installing 1GB of memory in my ASA 5510 and in the process I have upgrade the firmware.
- Will the upgrade change my configuration or will I have to change this manually myself at some point
- What is the meaning of "Real IP" I am not sure what the means (reading up on it now)
- What else should I be concerned about during the upgrade?
I open case open to the Cisco about I am not able to get the SSH connection from ASA 5505 after upgrade the IOS 8.2.3 and Device Manager 6.3.3 from the older IOS 7.2.4 and device manager 5.2.4.
I am working in MNC and we have more than 30 office around the world.We have all offices have ASA5505 which we upgrade 3 years before and Now We are in procession to upgrade the IOS on all ASA5505 to all 30 offices.
But after I upgrade the 10 offices and relieze that not able to get SSH connection to ASA5505 with new IOS 8.2.3.I opened the 2 times case and call the Cisco Technical but no luck so far.