ASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
View 3 Replies
I have at the moment an ASA5510 pair in Multiple Context configured. Everything is ok, but we use til now only ACL features.Now I would be interested in configuring 2 contexts, with IPSec VPNs. One VPN per context. But I cannot find any information if it would be possible to use a shared interface for both contexts. My wish would only be to spare public IPs.If I have to configure 100 VPNs in 100 contexts, do I need 100 public IPs ?
View 5 Replies View RelatedI have an ASA5510-BUN-K9 in this version:
###
Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(2)
Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
###
The question is what i need to add the CSC10 SSM with content filtering and url filtering to this version of ASA? Do I need more ram? Do I need more flash? Is this version compatible with the CSCSSM hardware? What licenses i need for 100 users?
Last year i installed nortor 360 gold edition onto my laptop and now it is telling me that it is not automatically protected against viruses and spyware, even though it has the latest update and no problems have been found on my laptop.
View 1 Replies View RelatedI can't seem to figure out which one I should go for. I'm thinking Kaspersky would have greater security but I'm not familiar with AVG's server level security.I don't need all the bells and whistles such as file encryption or password storage. I'm simply after a really strong AV for the server. Another one is VIPRE although I've heard it can take a while to configure it unlike Kaspersky which is pretty straight forward.
View 1 Replies View RelatedWhat are the new features added or going to be available on the 8.5 release on the ASA. Would this release "finally" support VPN on multi security context mode.
By the sounds of things looks like every other major vendor supports this feature except Cisco.
I have a ASA 5510 and planning to implement multiple context in a 2 tier security level and vrf-lite. meaning I have 2xASA facing the internet and below that a 2x3560 switch for our extranet and below that is another 2xASA for intranet. See diagram below. In this kind of network I want to know how it would impact the total throughput and resources of the ASA using multiple context?
INTERNET
| |
| |
2811A 2811B
| |
| | (OUTSIDE)
ASA_A-------ASA_B
| | (INSIDE)
| |
3560A---------3560B
| |
| | (INSIDE)
ASA_C--------ASA_D
| |
| | (OUTSIDE)
3560C----------3560B
| |
INTERNAL NETWORK
I need your support for upgrading the Security context license on 5550, at present we have 5 Security context license installed in ASA but we want it to increased till 10 conctexts. I want to understand if we need to get addtional 5 Security context license or 10.
View 5 Replies View RelatedI have a active-active setup with 2 cisco asa 5585x running 8.4 - the boxes ahve each 2 sec context's build-in - which gives 4 sec context in the cluster. I have 2 x 5 extra licenses (2 x ASA5500-SC-5) which I haven't applied yet - will this give me a total of 10 or 14 security contextes? I am a bit in doubt because if I only get 10 sec contextes in this cluster then could I instead get a single 10 security context license (1 x ASA5500-SC-10) and add this - hereby I would get 12 then.
View 1 Replies View RelatedA simple question - I have ASA 5520s and was wondering what license is required to create multiple (more than default 2) security contexts.
The ASA already have ASA 5520 VPN Plus license.
Software Version 8.4(1)
Is it possivble to have 10 security licenses, license to a Cisco 5510 and have them transfeered to a Cisco5520?
View 1 Replies View RelatedMy corporate internal network is currently fire walled by an FWSM module on a 6513 switch. We have each security zone (we have eight) assigned to a FWSM context and have ACLs set up between the contexts and the enterprise LAN/WAN. Is it possible to support fire walling between these zones within a single security context? The reason I am asking is that we would like to purchase a second FWSM for use as a standby, but do not want to cough up the ~ $12K for the context license. We will ultimately be transitioning to ASAs for internal security, so do not want to spend more than we need to.
View 3 Replies View RelatedQuote from the RV180 manual; 'By default, all access from the insecure WAN side is blocked from accessing the secure LAN, except in response to requests from the LAN or DMZ.'
Does this mean a general access-rule for the firewall blocking all inbound (WAN --> LAN) data is not required?
I'm trying to implement some best practices for ASA running on Software Release 8.2 and had a question about the default security-level behavior. Let's say I have 3 interfaces...
-inside (security-level 100)
-dmz (security-level 50)
-outside (security-level 0)
I have an ACL on the inside interface allowing http access to anywhere. Because of the ACL, the implicit higher to lower security level access is nullified. Correct?
I do NOT have any ACL on the dmz interface applied. So, would the servers in the dmz be allowed outbound access to the Internet due to the default higher to lower security level behavior?
I have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
View 1 Replies View RelatedI´m trying to configure a subinterface named Inside with vlan 1 but the interface stops work with this vlan.My switch is a Cisco and use the lan with vlan 1 too.If I change de vlan for other i.e vlan13 works fine. And all others vlans works fine too.Is there a problem to use the vlan 1?
My configuration is:
Cisco ASA:
interface gig0/3
no ip address
no security
no nameif
Interface gig0/3.1
vlan 1
nameif Inside
Securirity-level 100
ip address 10.x.y.x 255.255.224.0
The giga port of the swtich is configure to trunk model.
Can we set ips 4260 into factory default settings with a single command?
View 0 Replies View RelatedI want to ask for the possibility of configuration below? 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover1 Cisco ASA 5510 (ASA 1) has AIP-SSM1 Cisco ASA 5510 (ASA 2) has CSC-SSMThere are 2 contexts, context A and context BASA 1 is the primary firewall for context A, and secondary firewall for context BASA 2 is the primary firewall for context B, and secondary firewall for context A
Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?
I'm studying for CCNA Sec exam and looking for any security labs for GNS3 or Packet Tracer.
View 3 Replies View RelatedMy company ordered NAC and ACS 1120 My question is Can i configure 802.1X security through ACS server and NAC in layer 2 Inband Virtual Gateway.for campus switches.Is it the good design to have double security for switch ports. 1st is 802.1X and 2nd is NAC in layer 2 INBAND VG?
View 1 Replies View RelatedI want to upgrade my ASA 5510 from version 7.0(6) to 8.2(5). Reading the release notes for 8.2(5) it says the DRAM requirement is 256MB unless you have high CPU usage. Also it says I need to upgrade through the major releases, from 7.0(x) to 7.1(x) and 7.1(x) to 7.2(x) and then from 7.2(x) to 8.2(x). The questions are:
- My ASA has 256MB of RAM and 68% of free memory, would you think it will run the 8.2(5) version with no problem?
- When making the upgrades to the major releases, is there any consideration regarding the configuration file? Or the versions to use for the 7.1 and 7.2 versions?
- Would you recommend making all the upgrades in one maintenance window? How much time could it take?
We’ve ordered ASA 5510 with security plus license as below description:
ASA5510-K8
ASA 5510 Appliance with SW, 5FE, DES
L-ASA5510-SEC-PL=
ASA 5510 Security Plus License w/ HA, GE, more VLANs + conns
The license details on the appliance shows as the below,
Fail over : Enabled
Encryption-DES : Enabled
Encryption-3DES-AES : Disabled
Security Contexts : Default
GTP/GPRS : Disabled
Any Connect Premium Peers : Default
Other VPN Peers : Default
Advanced Endpoint Assessment : Disabled
Any Connect for Mobile : Disabled
Any Connect for Cisco VPN Phone : Disabled
Shared License : Disabled
UC Phone Proxy Sessions : Default
Total UC Proxy Sessions : Default
Any Connect Essentials : Disabled
Bot net Traffic Filter : Disabled
Inter company Media Engine : Disabled
I’ve noticed that the 3DES is disabled, do I need to order another license to use 3DES or not ?Also, I need 2 ~ 5 branches to connect simultaneously and have VPN access on their laptops to the main branch via vpn software, which VPN software I should use and is our license enough or I should order another license.
i have upgraded a PIX 525 lately to a 5510 ASA, but i have faced a problem after this.One of the DMZ's are connected to a switch that is not connected to my VTP domain on a DMZ port.
with access-list to permit from host to host with all ports opened.my problem is that the outside client is able to initiate a windows VPN to a server that i have in the DMZ, BUT it disconnects after almost 10minutes. What might be the reason of the disconnection.Note, a cisco remote access VPN is also configured on the FW, and it doesnt disconnect.
trying to TS a VPN device that is behind an ASA basic set up is IOS VPN<firewall/nat<internet>ASA/nat>IOS VPN
I do not have a lot of insight into the other side of the connection, although the tech on the other side claims all is good. so to the point.
Is the asa capable of allowing this tunnel to work? The configs and debug follow.
1.1.1.1 = my public ip
2.2.2.2 = peer public ip
The asa -
[Code]......
how to configure ASA 5510 anti X edition ? Can I have a link explaining the configuration step by step ?
View 2 Replies View RelatedI have a Linksys WRT610N wireless system with WPA-PSK security and this works fine with several computers but now one computer detects the wireless security as WEP and can thus not connect to the router. I have tried to manually connect to the router with correct security WPA-Personal (TKIP) and correct password but then the computer says "settings saved on this computer for the network do not match the requirements of the network".How can I get the computer to detect the correct security? The computer is running Windows 7 home premium.
View 7 Replies View RelatedIs it true that the FCC is investigating the Pogo game site because of poor security? Is Java the cause of this problem?I'm very leery of getting on the Pogo site because I've been told that my computer could get a virus and crash.
View 1 Replies View RelatedI'm new to IT, and have been put in charge of managing our servers hile my boss is on vacation.We currently have a Sonicwall Network Security Appliance that handles our Firewall/VPN and have web content filtering set in place.I have a user who belongs to 2 CFS policy groups that we have set up. I've double checked with Active Directory, and he is a member of both groups.
This person SHOULD have access to Job searches/ and Restaurants,but receives a "content blocked" message on his browser.It appears to me that the settings in Sonicwall are correct, as well with AD member groups.
I am trying to connect to a Security-enabled wireless netowork. I have the key. My problem is that I can't seem to figure out how to enter it. When I try to connect I open the "view available networks"window. I see the network name and it shows a strong signal (all 5 green bars).
View 3 Replies View RelatedI was under the impression that those global addresses that we used with NAT were from the outside IP addresses range?Lets say my outside IP address is idk 192.112.40.11 /30 and I only had two usable IPs (since you can't use network and broadcast IPs) so how would I set up NAT for a couple of Inside addresses with a shorting of addresses like this? Idk if that makes sense what I'm trying to say
View 3 Replies View RelatedI'm trying to monitor Tunnels activity. We want to gather statistics like bandwidth utilization per Tunnel and in the case of Remote Access also the user name associated with a tunnel. All this via SNMP
I've browse through the Cisco-IPSec-Flow MIB and found the TunnelTable, this seems to provide everything I need in Regards to Tunnels, I just need a tip in how to calculate or obtain the bytes Tx and Rx. I can obtain packets and Octets amounts but not actual bytes. Is there another OID I should be inquiring?
In regard to Remote Access I found the CRASSessionTable From here I can obtain the Group associated with the tunnel and I should be able to obtain the User name through the 1.3.6.1.4.1.9.9.392.1.3.21.1.1 OID, but I'm getting an UnSupported response when querying this particular OID.
What OID can provide the User name?
I know that Cisco Performance Monitor can in fact obtain all that info from the ASA so there must be an appropriate OID I can query to obtain this particular info.
I have a ASA 5510 that uses Radius for Authentication. What I am trying to do is assign each user that logs into VPN to have a specfic static IP based on userid. I have about 30 to 50 users. I don't want to complicate this by having them select a different profile when logging into the ASA. What is a clean and simply way to assign user static ip and not use local database for login?
View 1 Replies View RelatedI got a task to replace our current cisco 2800 series router which is used for easy vpn remote access with cisco asa 5510.I have a got a lot of users, i wish that user shall see no difference except of ip address they are going to use for remote login.
View 1 Replies View Related
