Cisco Firewall :: Upgrading IOS From 8.2 To 8.4 On ASA 5520 Model?
May 15, 2013official or unofficial (official more preferable) guide about upgrading IOS from 8.2 to 8.4 on ASA 5520 model?
View 1 Replies
ADVERTISEMENT
Cisco Firewall :: Upgrading ASA 5520 From 8.2 To 8.4
Feb 26, 2011We have 2 ASA 5520's working in active/standby mode and both have the IPS module installed then 2 firewalls have also been upgraded to have 2GB of memory.
I have been asked if it is worth upgrading to 8.4 from 8.2. There is nothing wrong with our current firmware and if it isn't broken then why change strings to mind, but I also dont wnat to be left behind.
I've upgraded the firmware on the ASA's before, but they have been pretty simple. I do the standby ASA first and wait for it to come up, then do the other. However I think 8.3 and 8.4 are big jumps and have issues with NAT (we have a lot of NAT's and NAT exempts). I have had a quick read of 8.4's document, but has actually upgraded from 8.2 to 8.4?
Cisco Firewall :: Upgrading ASA 5520's From 8.2 To 8.4?
Apr 25, 2012I'm in the process of upgrading our ASA 5520's from 8.2 to 8.4. I have sufficient memory installed and have read many posts in this forum on different upgrade strategies. I have an active/standy configuration and have settled on upgrading the standy unit from 8.2 to 8.3 then to 8.4, fixing any errors, testing traffic and then upgrading the primary unit to the latest rev. I've read where active/standy mismatching is supported but for a short period. My question is how long will I be able to run two boxes with different software? Unfortunately I don't have the option of doing this off line in a lab.
View 1 Replies View RelatedCisco Firewall :: ASA 5520 - NAT Reverse Path Failure After Upgrading From 8.4(1) To 8.4(4.1)
Jul 2, 2012After upgrading an ASA5520 from 8.4(1) to 8.4(4.1) I ran into the following trouble:
Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:192.168.149.21/53 dst inside:192.168.37.123/53 [code].....
All the subnets mentioned above are connected via VPN.
Cisco Firewall :: After Upgrading ASA 5520 To 8.4.2-8 VPN Clients Traffic Not Passing Destinations?
Dec 26, 2011after upgrading an ASA 5520 to 8.4.2-8 VPN clients traffic is not passing destinations other then destinations behind the inside interface. the log shows routing failure for the vpn client on the inside interface.it was working fine with 8.4.1 but the traffic is originated from the outside interface. confirm the the interface for VPN clients changed from outside to the inside interface.
View 5 Replies View RelatedCisco Firewall :: ASA 5510 Model Selection
May 4, 2011Our company is in the process of replacing our old firewall with a Cisco ASA since our old firewall can handle only 170 concurrent users and we are expanding fast. Can I know what are the considerations when selecting from the different models of ASA currently we are debating if we should buy a 5510 or a 5520 also can I know if cisco ASA also have a limitations on concurrent users online in a lan like our old firewall. By the way we are a Call Center company(going 500 seats) so we are using VOIP(Asterisk using SIP and IAX).
View 1 Replies View RelatedCisco Firewall :: Which Model Is Equivalent To Fortigate 310B
Sep 10, 2011My customer is looking for cisco firewall which is equivalent to Fortigate 310B.
View 2 Replies View RelatedCisco Firewall :: Can ASA5510 2GE+3FE Configure Failover With Older 5FE Model
Aug 28, 2011My customer had a spare ASA5510 bought a few years before with 5 x FE and security plus license with HA. Now they would like to buy a new ASA5510 to configure HA with the spare one, but now the ASA5510 comes with 2GE+3FE. Can the two FW work in HA?
View 4 Replies View RelatedCisco Firewall :: Connecting Flash Of Previous ASA Model 5510
Oct 29, 2012I was handed a firewall ASA 5520 but without external flash, I want to confirm that the ASA at least boot from rommon mode boot must have the external flash connected? I connected to power and I connect it by the console port it did not show any boot.Additionally I can confirm it is possible that you can connect a flash of a previous ASA model, say a 5510?
View 4 Replies View RelatedCisco Wireless :: Associate Non-root Bridge Model 1310 To Root Bridge Model 1400?
Apr 24, 2012Can I associate the non-root bridge model 1310 to the root bridge model 1400? Is there any problems on the configuration I need to be aware of?
View 7 Replies View RelatedCisco Firewall :: Upgrading From PIX To ASA 5512X
Mar 12, 2013We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below.
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
!
ASA Version 8.6(1)2
[Code].....
Cisco Firewall :: Upgrading ASA5550 From 8.2(2) To 8.4(2)
Sep 20, 2011I are currently implementing a new patching schedule (when I say new i mean a company first!!!) and I have identified that the firewalls are all running 8.2(2). I would like to bring these up to the latest version but am a little worried about impact!!! I have setup a test firewall with the config from our live asa's and run the upgrade but have received multiple lines.
View 9 Replies View RelatedCisco Firewall :: Upgrading PIX 525 With ASA 5585-X / SSP-10
Jun 24, 2012We are working for a client move from PIX 525 to ASA 5585-X, SSP10. This is a production environment and very critical migration. What are the gotchas which we should be aware off?
View 1 Replies View RelatedCisco Firewall :: Upgrading Pix 515E To ASA
May 15, 2012I need ot upgrade a Cisco PIX 515 E to A Cisco ASA (not sure what type and modle yet!). the PIX currently has about 80 lines of ACLs and no VPNs. So only inside and outside interfaces and 80 lines of ACLs to be transferred over to the ASA.I was wondering if the ACLs can be transferred over to ASA as is?is there anything that I need ot watch for?
View 1 Replies View RelatedCisco Firewall :: Upgrading Fwsm From 3.1(11) To 4.x?
Jun 26, 2011I wanna upgrade FWSM Version 3.1(11) to latest 4.x version is this possible or i have to upgrade first to 3.2 and then to 4.x?
Is there any changes in configuration commands that i need to know? The version that 6500 running is s72033-advipservicesk9_wan-mz.122-18.SXF14.bin,an upgrade to 6500 is needed also?And if so what ios version will i put?Also which is the asdm supported version?
Cisco Firewall :: ASA 5510 Upgrading IOS
May 1, 2012I have recently come upon a ticket that requires functionality from a later version of the ASA 5510 IOS Firmware, upon researching how to do this upgrade I got caught in a catch 22 where I am unable to download ASDM or the ASA software.
Apparently I need a service account? I'm looking at Cisco software download page and searching ASDM which then brings up links to two pages which are ASA and ASDM.
Cisco Firewall :: Migration Error Upgrading To ASA 8.4.4
Oct 25, 2012I was trying to upgrade an ASA to from 8.2.4 to 8.4.4, and I began receiving the following migration errors (the IP addresses have been changed to protect the innocent):
ERROR: MIGRATION: The following ACE is partially/not migrated to Real IP, as it could result in more permissive policy. Please manually migrate this ACE. permit esp host 1.1.1.1 host 2.2.2.2
I got a TON of these, in fact the migration, and these errors ran for over 24 hours before I gave up, powercycled the unit and forced 8.2.4 to boot through ROMMON. This was a secondary unit, that's why I let it go this long.
What I don't understand is that we do not have anything in the configuration for ESP.
Cisco Firewall :: 5505 When Upgrading To Use Anyconnect
Jun 29, 2011I have a ASA5505 with the Sec Plus license on it. This allows 25 VPN peers at any time according to the show version output:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5505 Security Plus license.
1.)As far as I understand this means RA users and peer2peer combined?
2.)I need additional RA clients to be able to connect in at any time, as far as I know there is no way to allow more IPSEC clients then this due to hardware limitations?
3.)If I go for the Anyconnect option (10 users license), does this then mean that I can use the 25 IPSEC VPNs and at the same time have users using the 10 SSL Anyconnect VPNs at the same time?
4.)Which Anyconnect license am I supposed to buy if this is the route I go, the clients will all be connecting from their desktops most of the time?
5.)Is it difficult to set up?
Cisco Firewall :: Upgrading ASA 5580 Cluster From 7.2 To 8.2
Aug 19, 2012we are going to upgrade our 5580 ASA Cluster from 7.2 to 8.2 and want to do it like this way ( which worked for all 7.x upgrades ) :download asa8.2 Image to primary + secondary Firewallreboot primary ( message come up " mate version ...)reboot secondary.Does it works any experience? Does it work if both firewall can see each other during the boot process ?
Do I have to bring the secondary into the monitor mode so the fw is not visible for the primary ?
Cisco Firewall :: WS-SVC-FWM-1-K9 Upgrading Or Downgrading Firmware?
Dec 12, 2011I've got a used WS-SVC-FWM-1-K9 on the way and I'd like to standardize it to the Firewall Module Software Version 4.0. I'm not positive if the current software on it is newer or older than Version 4.0. Is this possible to perform or is the Software as is on these modules?
View 2 Replies View RelatedCisco Firewall :: ASA 5510 - SIP Stops When Upgrading
Dec 9, 2011I have to be missing something small in my config. If I upgrade my ASA 5510 which I am routing and Na Ting off of, from 8.4.1 to 8.4.2.8, SIP stops. All phones go dead.
If I roll back to 8.4.1, SIP comes up.,... Go back to 8.4(2)8 and SIP goes down.....
This is without making any config changes. I have looked at it so long, I must be overlooking something simple.
Cisco Firewall :: Upgrading ASA 5505 License
Oct 8, 2012One of our clients has recently purchased upgrade licenses for their cisco asa as follows
L-ASA5505-10-50=
and
L-ASA5505-SEC-PL=
after retrieving the activation key from the cisco website we tried entering the activation key to the asa both via ASDM and telnet when entering the command on telnet the shell becomes unresponsive when entering the command on ASDM we receive a "success" message followed by a request to restart ASDM and save the configuration after a minute or so i get an error screen saying "write mem" the asdm restarts and nothing changes.
Home Network :: Upgrading - Will It Need Firewall
Oct 8, 2011I am upgrading my home network, I am running cat 5 cables all around my house. currently I have a comcast cable modem and a netgear router. I will have about 20 cables coming in to my office (all the network equipment is already there) I know I will need a switch but I am not sure what kind. I will be upgrading my wireless router to a much better one, should I have the router get its internet connection from the switch or have the switch get the connection from the router. Will I need a firewall? I also have a web and ftp server running behind the router? how should I connect my server?
View 4 Replies View RelatedCisco Firewall :: Memory Required When Upgrading To 8.3 On ASA5520?
Aug 17, 2011I am looking at upgrading an HA pair of ASA5520's from 8.2(2) to 8.3(1), and am just wondering why the huge upgrade in memory is needed. How are Cisco justifying where the additional memory is going to? Are there supposed to be some massive improvements in performance?
View 2 Replies View RelatedCisco Firewall :: Since Upgrading To 8.4(4)1 From 8.3 VPN Users Cannot Access Resources
Nov 7, 2012Since we upgraded our ASA from 8.3 to 8.4(4), VPN users cannot access resources. This worked fine until the appliances were upgraded. We get the message:
[code]....
Cisco Firewall :: Upgrading License For More Context ASA 5580?
Sep 13, 2011This is the situation I got to firewalls with failover and I need to upgrade the license so I can get more context (right now I have 5 context and I need 10) so I was looking at the procedure and I'm not sure If I need to restart the device or not. I was looking at this procedure:
Upgrading the License for a Failover using ASDM (No Reload Required) Use the following procedure using ASDM if your new license does not require you to reload. This procedure ensures that there is no downtime.
•1. On the active unit, choose Configuration > Device Management > High Availability > Failover > Setup, and uncheck the Enable Failover check box. Now click Apply. The standby unit remains in a pseudo-standby state. Deactivating failover on the active unit prevents the standby unit from attempting to become active during the period when the licenses do not match. •
2. Choose Configuration > Device Management > Licensing > Activation Key, and enter the new activation key that you obtained with the active unit serial number. Now click Update Activation Key.•
3. Log into the standby unit by double-clicking its address in the Device List. If the device is not in the Device List, click Add to add the device. You might be prompted for credentials to log in.
4. Choose Configuration > Device Management > Licensing > Activation Key, and enter the new activation key that you obtained with the standby unit serial number. Now click Update Activation Key.
5. Log into the active unit again by double-clicking its address in the Device List. Choose Configuration > Device Management > High Availability > Failover > Setup, and re-check the Enable Failover check box.
6. Click Apply. This completes the procedure.link: [URL]
But then I checked on the cisco web page that there are some license that need to reload I see this:
All models
#Downgrading any license (for example, going from 10 contexts to 2 contexts).#Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
[URL]
So I just want to know if I'm UPGRADING from 5 to 10 context the reload applies to my situation or not?
Cisco Firewall :: When Upgrading Fail-over Pair Last Week Had To Upgrade ASA5510
Aug 14, 2012[code] I would like to the ASA5510 Base license upgrade to Security Plus license. But after the upgrade is still the license of the Base.I think I was wrong option selected in the process of upgrading, how should I do to be successful upgrade
View 2 Replies View RelatedCisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8
Nov 2, 2012We were using ASA-5520-K9 with ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.
View 1 Replies View RelatedCisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput
Feb 27, 2013I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?
May 5, 2013I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies View RelatedCisco Firewall :: 5520 Identity Based Firewall Doesn't Work Using Citric Published
Jul 26, 2012We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.
Cisco Firewall :: Launch LAND Attack Against Firewall ASA 5520
Apr 15, 2013I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
View 1 Replies View RelatedCisco Firewall :: 5520 Single Firewall With 2 Core Switches
Jan 4, 2012Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.
View 8 Replies View Related