Solved

cisco asa5510

Posted on 2008-09-30
28
680 Views
Last Modified: 2012-05-05
we had this secuirty device from cisco but it implemented by a third party on our network... i need asdm software to configiure this device,,,unabke to get one from our implementers....is there any way i can get this software i checked from cisco site but no success...the only way i can connect to my ciswico device is through serial cabke directley attached to cisco device... help meout guys..
0
Comment
Question by:2015376
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 13
  • +1
28 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 22607689

You need a valid support contract to get the software from Csico, your implementors should be able to give that to you. If the contract has expired then you will have to purchase a new one.

harbor235 ;}
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22608373
That is right. If this is a business critical device I recommend SmartNET Premium (24x7). It will run you about $700 USD anually. A regular 8x5 contract is about $450 USD.
If you have purchased SmartNET in the past then your Cisco CCO account should still have access to downloads. Try this page for the software you need. If it won't let you in you need to purchase a support contract.
http://www.cisco.com/cgi-bin/tablebuild.pl/asa 
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22608415
If the implementers set this up with the asdm software, you can load it to your PC by browsing to the ASA using
https://<ip of the firewall>  

You should get a web page giving you the option to Install the ASDM launcher and/or Run ASDM.  

If your Implementers did not load this up on the firewall ahead of time, then you have to follow harbor's and Puggle's posts.    
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22608486
Regardless of needing the software it is still a good idea to keep your hardware under contract because of how expensive it is. The factory warranty on ASAs is only 90 days - after that if you don't have a contract you're screwed. Just letting you know! I'd hate to see you lose a $4000 ASA 5510 because you didn't spend like $400 USD on a contract.
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22611957
provide me show flash command
type http server enable
       http 0 0 inside
0
 
LVL 5

Accepted Solution

by:
devangshroff earned 500 total points
ID: 22611962
no need to buy , its available free with cisco , just provide show flash  command to me
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612033
Devangshroff - you are wrong again. Not only will your CCO account not have access to any downloads without an active or previous SmartNET contract, using or obtaining the software updates when you don't have one is illegal too.
Please verify your info before posting. Not being a butt, but please do so out of respect for others.
Also, the http server is enabled by default - they would have to manually disable it for it *not* to work (and be missing image files of course)
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612046
ASDM is free , it comes with cisco ASA
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612076
is u want to enable mumtiple isp on cisco ASA 5505 in base license configure following command
interface Vlan2

 no forward interface Vlan1

 nameif backup

 security-level 0

and for ASDM
asdm image disk0:/asdm521.bin(ypur image name in disfk 0)

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612085
Yes, the included version does come with the ASA hardware. HOWEVER, in direct contradiction to your post, ASDM is NOT free. It is licensed software that does not have a free license. For example if a Cisco device is sold to another person or organization, the license is not transferrable. The buyer MUST also buy a license to use the ASA software from Cisco if they want to be legal.
Additionally, to get the downloads, you MUST have a paid SmartNET contract or your CCO won't have download access to the software upgrades or any later versions.
Again, please check your info before posting. Not being mean - I already got busted for that this week. :-P
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612117
First off - base license on 5505 DOES NOT allow multiple ISP on 5505. Only Sec. Plus.
Please read the 5505 section. It lists just a few things about the licensing of features, but not everything.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html
 
Those commands don't to anything related to multiple ISPs... all you just did is tell the ASA not to let anything coming from the outside into the inside and then you changed the interface name to backup.
Again - PPLEEEAASSEE check your info! Would you want someone giving you bad advice?
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612161
what if i can provide you the configuration to do mutiple WAN link in base licencs,. And this work absolutlyu fine . I have done this.

See the command above i given.

If you are the tin cisco you would have not given this answers
see the configuration try iin base lisence ,


interface Vlan1
 nameif outside
 security-level 0
 ip address 10.10.10.163 255.255.255.0

interface Vlan2
 no forward interface Vlan1
 nameif backup

 security-level 0
 ip address 192.168.1.100 255.255.255.0

interface Vlan3

 nameif inside

 security-level 100

 ip address 172.16.0.1 255.255.255.0


             
interface Ethernet0/0



interface Ethernet0/1

 switchport access vlan 2



interface Ethernet0/2

 switchport access vlan 3



interface Ethernet0/3

shutdown



interface Ethernet0/4

 shutdown



interface Ethernet0/5

 shutdown


interface Ethernet0/6

 shutdown


interface Ethernet0/7

 shutdown

asdm image disk0:/asdm521.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

global (backup) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_out out interface inside

route outside 0.0.0.0 0.0.0.0 10.10.10.4 1 track 1

route backup 0.0.0.0 0.0.0.0 192.168.1.1 254

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sla monitor 123

 type echo protocol ipIcmpEcho 4.2.2.2 interface outside

 num-packets 3

 frequency 10


             
sla monitor schedule 123 life forever start-time now



track 1 rtr 123 reachability

telnet timeout 5

ssh timeout 5

console timeout 0

0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612164
you try this in base licens in cisco ASA 5505 , and do revrt .

I garantee you this will work.

I have studied cisco in depth .

this are the technical skills
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612187
What if you can call Cisco and ask "Can the ASA 5505 do this with base license," and they say "No, it cannot."?
You can configure it all you want, but the license restriction built into the software will not let it function nor will it allow you to create more than 3 VLANs - and 1 is restricted. Just try it yourself.
I've deployed about 20 of the things and have been working with them on a daily basis for over a year devangshroff... I think I know what I'm saying.

And wait just one second... how'd we even get into a discussion about 5505? The question title is "cisco asa5510"! lol
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612189
Pugglewuggle: you need ti learn logic and tech thing , plz go through this , i am sure you must have learn  tody great thing.

But plz do revet on this. No hard feeling , but i am just sharing the knowlede.
This will help all
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612191
yes true , cisco will never say . But this is technically possible .
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612200
i want you to try this . This is great way to solve .
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612233
My technical skills are in tip-top shape. :-)

FYI - I tried this before - doesn't work. :-P

Remember? You are licensed to one outside, one inside, and one restricted interface. It isn't just on paper - it's built into software. I would like you to try programming another VLAN into your 5505 with base license. It won't let you. Max is 3 VLANs. Then, I want you to take the main outside interface offline while both WAN lines are up and try to get the inside to talk to your backup interface (aka the internet) - it won't because that one is a restricted VLAN.

I would like you to try this. It is a great way to solve misconceptions indeed. :)
Please verify what license your ASA 5505 is running by doing a sh ver... I know this cannot possibly work on base license b/c I've tried it a few times in the past. You've gotta be on sec. plus if this is working for you.
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612241
no this is not sec pure base licence
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612249
Please post your sh ver - I'd like to see. No cheating either b/c I've got a base ASA next to me and I'm looking at the info.
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612261
sure.

But you promis me that you will try this.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612273
I just did on this base ASA sitting here to make sure 100% that I wasn't wrong. :) Didn't work.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612278
I of course change the outside and backup IPs and default routes/etc. though to private IPs on disparate networks because I tried it in the test lab here.
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612288
sh ver


Cisco Adaptive Security Appliance Software Version 7.2(2)

Device Manager Version 5.2(2)


Compiled on Wed 22-Nov-06 14:16 by builders

System image file is "disk0:/asa722-k8.bin"

Config file at boot was "startup-config"

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB


Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2

                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

 0: Int: Internal-Data0/0    : address is 001b.d4ac.cd61, irq 11

 1: Ext: Ethernet0/0         : address is 001b.d4ac.cd59, irq 255

 2: Ext: Ethernet0/1         : address is 001b.d4ac.cd5a, irq 255

 3: Ext: Ethernet0/2         : address is 001b.d4ac.cd5b, irq 255

 4: Ext: Ethernet0/3         : address is 001b.d4ac.cd5c, irq 255

 5: Ext: Ethernet0/4         : address is 001b.d4ac.cd5d, irq 255

 6: Ext: Ethernet0/5         : address is 001b.d4ac.cd5e, irq 255

<--- More --->
             
 7: Ext: Ethernet0/6         : address is 001b.d4ac.cd5f, irq 255

 8: Ext: Ethernet0/7         : address is 001b.d4ac.cd60, irq 255

 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255


Licensed features for this platform:

Maximum Physical Interfaces : 8        

VLANs                       : 3, DMZ Restricted

Inside Hosts                : Unlimited

Failover                    : Disabled

VPN-DES                     : Enabled  

VPN-3DES-AES                : Enabled  

VPN Peers                   : 10        

WebVPN Peers                : 2        

Dual ISPs                   : Disabled  

VLAN Trunk Ports            : 0        


This platform has a Base license.

Configuration register is 0x1

Configuration has not been modified since last system restart.


Plz check .

I have removed serial and activiation key
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612342
Yes, you are definitely running 5505 Base License. Did you actually try the config you posted? Did you unplug the cable from the main outside interface while both WAN lines were up like I said?
From your own ASA here is proof it won't work and isn't licensed:
Licensed features for this platform:

Maximum Physical Interfaces : 8        
VLANs                       : 3, DMZ Restricted
Inside Hosts                : Unlimited
Failover                    : Disabled
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
VPN Peers                   : 10        
WebVPN Peers                : 2        
Dual ISPs                   : Disabled  
VLAN Trunk Ports            : 0        
 
0
 
LVL 5

Expert Comment

by:devangshroff
ID: 22612380
only i can say if you really wnat to see , you can try this at your end with , then only you will belive .

I am only sharing thiing that i did . Now its up to you .

Just try same configuration in your lab.

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22612394
Like I said, I just did.
Won't work/isn't supported - that's all there is to say.
Back to the 5510 now. Tired of this 5505 stuff a bit.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22617593
Any responses from the asker? Questions?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question