Can you upgrade an ASA5505 remotely and can you add Anyconnect support (for mobile VPN access) in conjunction with a pre-existing VPN config (so not to interupt the Cisco VPN Client users)?
View 1 RepliesI have a ASA5505 with the Sec Plus license on it. This allows 25 VPN peers at any time according to the show version output:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5505 Security Plus license.
1.)As far as I understand this means RA users and peer2peer combined?
2.)I need additional RA clients to be able to connect in at any time, as far as I know there is no way to allow more IPSEC clients then this due to hardware limitations?
3.)If I go for the Anyconnect option (10 users license), does this then mean that I can use the 25 IPSEC VPNs and at the same time have users using the 10 SSL Anyconnect VPNs at the same time?
4.)Which Anyconnect license am I supposed to buy if this is the route I go, the clients will all be connecting from their desktops most of the time?
5.)Is it difficult to set up?
Anyconnect to asa5505 can't connect.
View 1 Replies View Relatedwhen it comes to IOS based SSL VPN setup, so have run into an issue which I can't seem to find an answer for.
What i'm after is a way to restrict access to an AnyConnect authenticated and connected client, on a specific profile, to a list of specific websites (all on the Intranet). Everything else must be blocked.
On the IOS device, I had it fudged to pretty much retstrict access to a certain IP and port, and used a mod rewrite in Apache to re-write a URL from that IP to the host the site actually resided on. It's cludged together and working, but it's not ideal (and it's not going to allow for scaling up to what I need).
I can find plenty of references here and on the net to using regex to create block lists based on a global policy to disallow specific URLS, but I need the inverse of that, and, only applied to a specific policy group.
Is this possible on an ASA5505? Is it possible on *any* ASA?
how to configure AnyConnect on an ASA5505, but I wanted to check before to make sure I was going the right direction.
Setup: I have a very simple setup and basic goal. I currently just have one laptop on E0/1 of my ASA5505 and then the ASA configured with a static IP plugged to the Internet. I have the ASA correctly configured and can browse the web through the laptop. I also have the AnyConnect and AnyConnect Mobile licenses as well.
Goal: I want to set up AnyConnect on the ASA5505 and just establish a successful connection from an android mobile device running the necessary AnyConnect software from the market.
There are lots of guides for specifc set ups, but as described, I want to keep this as simple as possible.
[URL]
Also, I'm more comfortable with the CLI. Is it simpler to use the ASDM wizard for this?
Does changing the device certificate for AnyConnect Connection Profiles break any established AnyConnect connections, or is it transparent to the users?
View 1 Replies View RelatedWhen remote workers - working say from home connect into the company's LAN via an ASA5505, is it then possiable to then go back out to the internet using the ASA as the gateway to the internet.It works if I point towards an internal proxy server.
View 4 Replies View RelatedI am setting up an ASA5505 to allow a VPN with certificate from AnyConnect Secure Mobility Client (iPad)However I get a "No License" message back from the ASA, on the iPad - Anyconnect.I remember reading the ASA5505 came with two licenses.
View 8 Replies View RelatedI have just purchased an ASA 5505 for my remote users to access our internal network. I have followed all the setup instructions I can find. I am able to establish a VPN connection using the Anyconnect client and can see some of my internal network. (Basically, only the subnet of the internal interface) However, I have several subnets inside my LAN which are routed by another switch inside my LAN. I have built in the correct static routes so that the ASA will send traffic to that intenal routing switch for any subnets not part of it's inside interface subnet. I can see and ping those subnets from the ASA itself but the AnyConnect clients cannot.
View 9 Replies View RelatedI am able to successfully connect to my ASA5505 via AnyConnect via a mobile device. Upon doing so, I lose internet connectivity. My access list appear to be correct to I'm sort of at a loss.
[code]....
I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie - what rules or configs do i miss?
View 3 Replies View RelatedI have 2 ASA5505's connected through a site-to-site using IKEv1 and IKEv2.Recently, I ran through the wizard to configure the AnyConnect software. [code]Now, my site-to-site connection will only come up using IKEv1.Is there a way to have both the Site-to-Site and the AnyConnect VPN connections use IKEv2?
View 1 Replies View Relatedupgrading from our current WCS version to 7.0.230.0 (not going for NCS at the moment).
View 4 Replies View RelatedI'm trying to upgrade my WCS from 7.0.164.0 to 7.0.172.0 but it keeps throwing me into the manual process because it detects multiple versions. Seems a previous upgrade from 6.0.132 to 7.0.164 did dot remove the 6.0.132 directory or files.
Am I safe to delete the 6.0.132 directory/files and trying again?
I need to upgrade our Wireless Lan Controller to support new APs. I was able to get the new code due to a security advisory on the code we are running now. I am upgrading from 6.0.196.0 to 7.0.220.0 (MD). I have read in some of the technical docs that the WCS has to match the WLC. I cannot find any documentation as to what this entails on the WCS.
WCS version is 6.0.132.0 running on Windows.
What are the prerequisites before doing this? I have to upgrade a router this week if there is an opportunity to move it to a code that is more current that the one the client is currently running which is 12.2(33)SRD4. I see on the Cisco Support site that after this code, everything moves to 15.
View 2 Replies View RelatedI'm planning on upgrading our wireless lan controllers and WCS. I would like to upgrade the controllers to 4.2.209 as our 1020 APs will not be supported by any later version, I think. And, I would like to upgrade our WCS to 6.0.181.0 so it's ready for when we upgrade our controllers to 6.x.x.x after we get some APs that can support it. Is the 6.0.181.0 on the WCS going to give me any problems monitoring or administering the controlllers if they are only 4.2.209?
The Cisco WCS release must be the same or more recent than the controller software release. Upgrade the Cisco WCS first to prevent any unexpected problems. Cisco WCS supports database upgrades only from the following official Cisco WCS releases: [code]
If I upgrade MSE with WCS, do I need only the file : Cisco-MSE-L-K9-7.0.201.204-64bit.bin. Or do I need to upload all the 4 database-installer files also ?
View 1 Replies View RelatedWhat are the prerequisites before doing this? I have to upgrade a router this Wednesday evening if there is an opportunity to move it to a code that is more current that the one the client is currently running which is 12.4(25b). I see on the Cisco Support site that after this code, everything moves to 15.
View 5 Replies View RelatedI am in the process of upgrading my 4402 to version 7.0.230.0 and am confused on the premise of the firmware and the bootloader. From what I currently understand, I can upgrade directly to the 7.0.230.0 firmware from my current 4.2.176.0, then I should upgrade to the latest bootloader image. But I have also seen posts where I should update the bootloader software to the latest version, then put on the latest firmware.
I have seen conflicting reports where I must step through each bootloader version, 4.x to 5.x to 6.x to 7.x to make sure I have all the fixes, but I have also seen instructions, where you can jump to the very latest and the fixes are cumulative.
I am currently running NCS 1.1.1.24 and trying to upgrade to prime 1.3, but running into some issues, i applied the patch ncs_patch-1.1.1.24-upgrade-12.tar.gz, but when i try to acutally upgrade i get the following...
admin# application upgrade PI-upgrade-bundle-1.3.0.20.tar.gz defaultRepo
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully (code)
Looking for simple doc to follow for upgrade iOS image for Cisco Asr 1000. Not worried about downtime. New hardware not in production yet.
View 4 Replies View RelatedI am managing a Cisco 881 with Adv Ip Services ( CISCO881-SEC-K9). It has IOS 15.0(1) M8 on it. I see that there is a new IOS version 15.2M&T that (I think is applicable), and I have read the upgrade procedures for upgrade via USB and TFT.
If I install it will my license for Adv Ip Services be preserved or overwritten. And if the latter, do I need to export it and reapply it? If so, what is the process?
Purchased a new server. Want to carry over DHCP/DNS/DC/SHARES roles from current domain controller to new 2008 it's a small <20 users server. Is there a solid way to transfer Active Directory and Shares and such?maybe image over 2k3 to the 2008 server, and upgrade to 2008?
View 9 Replies View RelatedAm I able to legally download and upgrade software versions still on ASA firewalls?I have not had an issue in the past as this has not effected the license.I cant find anything online saying that you cant due to Cisco's new Software license policy changes.
View 1 Replies View RelatedI have cluster of firewalls which inclueds AIP module and are in production. Due to some issue modules could not be activated. Now I need to activate and udate signature of them. So whether I can do all this activity without effecting my production (Zero downtime).
View 5 Replies View RelatedI am upgrading from 7.0.116.0 to 7.2.110.0 to support the 3602 APs. Is it a different license to upgrade to 7.2.110.0 or can I directly upgrade to 7.2.110.0 without a new license?We currently have a 5508 base license.
View 1 Replies View RelatedI have a wlc 5508 running version 7.0.116.0 that I need to uppgrade to use the CAP2602I AP. I understand that I need to upgrade it to version 7.0.240 before 7.4.100 to avoid loosing HREAP VLAN mappings, and I have also read that i need to install the FUS image [URL]. In what order should this be done? Shlod the FUS image be installed before new firmware ore after firmware or after 7.0.240 but before 7.4?
View 1 Replies View Relatedi recently upgraded our Ciscoworks LMS from 4.0 to 4.1. after i installed the upgrade the admin login doesnt work, neither does any other account. i have tried resetting the password but it doesnt work.
View 3 Replies View RelatedWe are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below.
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
!
ASA Version 8.6(1)2
[Code].....
I have 100 nos of cisco 1130AG access points and I upgraded the ios for one of the access point.
the existing image is c1130-k9w7-tar.124-21a.JA1
upgraded image c1130-k9w7-tar.124-25d.JA.
what is the advantage of upgrading the ios.and i want to upgrade the image to all the access points at time?
We are about to upgrade Cisco Load Balancer CSS 11501 firmware from current ver, 8.10.4.01 to 8.10.6.02,this is a production line device (a running 24x7 network), upgrading will create unpredictable results even worst the network will go down.
View 1 Replies View RelatedI are currently implementing a new patching schedule (when I say new i mean a company first!!!) and I have identified that the firewalls are all running 8.2(2). I would like to bring these up to the latest version but am a little worried about impact!!! I have setup a test firewall with the config from our live asa's and run the upgrade but have received multiple lines.
View 9 Replies View Related