Solved

cisco asa5510

Posted on 2008-09-30
28
674 Views
Last Modified: 2012-05-05
we had this secuirty device from cisco but it implemented by a third party on our network... i need asdm software to configiure this device,,,unabke to get one from our implementers....is there any way i can get this software i checked from cisco site but no success...the only way i can connect to my ciswico device is through serial cabke directley attached to cisco device... help meout guys..
0
Comment
Question by:2015376
  • 13
  • 13
  • +1
28 Comments
 
LVL 32

Expert Comment

by:harbor235
Comment Utility

You need a valid support contract to get the software from Csico, your implementors should be able to give that to you. If the contract has expired then you will have to purchase a new one.

harbor235 ;}
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
That is right. If this is a business critical device I recommend SmartNET Premium (24x7). It will run you about $700 USD anually. A regular 8x5 contract is about $450 USD.
If you have purchased SmartNET in the past then your Cisco CCO account should still have access to downloads. Try this page for the software you need. If it won't let you in you need to purchase a support contract.
http://www.cisco.com/cgi-bin/tablebuild.pl/asa
0
 
LVL 33

Expert Comment

by:MikeKane
Comment Utility
If the implementers set this up with the asdm software, you can load it to your PC by browsing to the ASA using
https://<ip of the firewall>  

You should get a web page giving you the option to Install the ASDM launcher and/or Run ASDM.  

If your Implementers did not load this up on the firewall ahead of time, then you have to follow harbor's and Puggle's posts.    
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Regardless of needing the software it is still a good idea to keep your hardware under contract because of how expensive it is. The factory warranty on ASAs is only 90 days - after that if you don't have a contract you're screwed. Just letting you know! I'd hate to see you lose a $4000 ASA 5510 because you didn't spend like $400 USD on a contract.
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
provide me show flash command
type http server enable
       http 0 0 inside
0
 
LVL 5

Accepted Solution

by:
devangshroff earned 500 total points
Comment Utility
no need to buy , its available free with cisco , just provide show flash  command to me
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Devangshroff - you are wrong again. Not only will your CCO account not have access to any downloads without an active or previous SmartNET contract, using or obtaining the software updates when you don't have one is illegal too.
Please verify your info before posting. Not being a butt, but please do so out of respect for others.
Also, the http server is enabled by default - they would have to manually disable it for it *not* to work (and be missing image files of course)
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
ASDM is free , it comes with cisco ASA
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
is u want to enable mumtiple isp on cisco ASA 5505 in base license configure following command
interface Vlan2

 no forward interface Vlan1

 nameif backup

 security-level 0

and for ASDM
asdm image disk0:/asdm521.bin(ypur image name in disfk 0)

0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Yes, the included version does come with the ASA hardware. HOWEVER, in direct contradiction to your post, ASDM is NOT free. It is licensed software that does not have a free license. For example if a Cisco device is sold to another person or organization, the license is not transferrable. The buyer MUST also buy a license to use the ASA software from Cisco if they want to be legal.
Additionally, to get the downloads, you MUST have a paid SmartNET contract or your CCO won't have download access to the software upgrades or any later versions.
Again, please check your info before posting. Not being mean - I already got busted for that this week. :-P
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
First off - base license on 5505 DOES NOT allow multiple ISP on 5505. Only Sec. Plus.
Please read the 5505 section. It lists just a few things about the licensing of features, but not everything.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html
 
Those commands don't to anything related to multiple ISPs... all you just did is tell the ASA not to let anything coming from the outside into the inside and then you changed the interface name to backup.
Again - PPLEEEAASSEE check your info! Would you want someone giving you bad advice?
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
what if i can provide you the configuration to do mutiple WAN link in base licencs,. And this work absolutlyu fine . I have done this.

See the command above i given.

If you are the tin cisco you would have not given this answers
see the configuration try iin base lisence ,


interface Vlan1
 nameif outside
 security-level 0
 ip address 10.10.10.163 255.255.255.0

interface Vlan2
 no forward interface Vlan1
 nameif backup

 security-level 0
 ip address 192.168.1.100 255.255.255.0

interface Vlan3

 nameif inside

 security-level 100

 ip address 172.16.0.1 255.255.255.0


             
interface Ethernet0/0



interface Ethernet0/1

 switchport access vlan 2



interface Ethernet0/2

 switchport access vlan 3



interface Ethernet0/3

shutdown



interface Ethernet0/4

 shutdown



interface Ethernet0/5

 shutdown


interface Ethernet0/6

 shutdown


interface Ethernet0/7

 shutdown

asdm image disk0:/asdm521.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

global (backup) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_out out interface inside

route outside 0.0.0.0 0.0.0.0 10.10.10.4 1 track 1

route backup 0.0.0.0 0.0.0.0 192.168.1.1 254

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sla monitor 123

 type echo protocol ipIcmpEcho 4.2.2.2 interface outside

 num-packets 3

 frequency 10


             
sla monitor schedule 123 life forever start-time now



track 1 rtr 123 reachability

telnet timeout 5

ssh timeout 5

console timeout 0

0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
you try this in base licens in cisco ASA 5505 , and do revrt .

I garantee you this will work.

I have studied cisco in depth .

this are the technical skills
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
What if you can call Cisco and ask "Can the ASA 5505 do this with base license," and they say "No, it cannot."?
You can configure it all you want, but the license restriction built into the software will not let it function nor will it allow you to create more than 3 VLANs - and 1 is restricted. Just try it yourself.
I've deployed about 20 of the things and have been working with them on a daily basis for over a year devangshroff... I think I know what I'm saying.

And wait just one second... how'd we even get into a discussion about 5505? The question title is "cisco asa5510"! lol
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
Pugglewuggle: you need ti learn logic and tech thing , plz go through this , i am sure you must have learn  tody great thing.

But plz do revet on this. No hard feeling , but i am just sharing the knowlede.
This will help all
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
yes true , cisco will never say . But this is technically possible .
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
i want you to try this . This is great way to solve .
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
My technical skills are in tip-top shape. :-)

FYI - I tried this before - doesn't work. :-P

Remember? You are licensed to one outside, one inside, and one restricted interface. It isn't just on paper - it's built into software. I would like you to try programming another VLAN into your 5505 with base license. It won't let you. Max is 3 VLANs. Then, I want you to take the main outside interface offline while both WAN lines are up and try to get the inside to talk to your backup interface (aka the internet) - it won't because that one is a restricted VLAN.

I would like you to try this. It is a great way to solve misconceptions indeed. :)
Please verify what license your ASA 5505 is running by doing a sh ver... I know this cannot possibly work on base license b/c I've tried it a few times in the past. You've gotta be on sec. plus if this is working for you.
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
no this is not sec pure base licence
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Please post your sh ver - I'd like to see. No cheating either b/c I've got a base ASA next to me and I'm looking at the info.
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
sure.

But you promis me that you will try this.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
I just did on this base ASA sitting here to make sure 100% that I wasn't wrong. :) Didn't work.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
I of course change the outside and backup IPs and default routes/etc. though to private IPs on disparate networks because I tried it in the test lab here.
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
sh ver


Cisco Adaptive Security Appliance Software Version 7.2(2)

Device Manager Version 5.2(2)


Compiled on Wed 22-Nov-06 14:16 by builders

System image file is "disk0:/asa722-k8.bin"

Config file at boot was "startup-config"

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB


Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2

                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

 0: Int: Internal-Data0/0    : address is 001b.d4ac.cd61, irq 11

 1: Ext: Ethernet0/0         : address is 001b.d4ac.cd59, irq 255

 2: Ext: Ethernet0/1         : address is 001b.d4ac.cd5a, irq 255

 3: Ext: Ethernet0/2         : address is 001b.d4ac.cd5b, irq 255

 4: Ext: Ethernet0/3         : address is 001b.d4ac.cd5c, irq 255

 5: Ext: Ethernet0/4         : address is 001b.d4ac.cd5d, irq 255

 6: Ext: Ethernet0/5         : address is 001b.d4ac.cd5e, irq 255

<--- More --->
             
 7: Ext: Ethernet0/6         : address is 001b.d4ac.cd5f, irq 255

 8: Ext: Ethernet0/7         : address is 001b.d4ac.cd60, irq 255

 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255


Licensed features for this platform:

Maximum Physical Interfaces : 8        

VLANs                       : 3, DMZ Restricted

Inside Hosts                : Unlimited

Failover                    : Disabled

VPN-DES                     : Enabled  

VPN-3DES-AES                : Enabled  

VPN Peers                   : 10        

WebVPN Peers                : 2        

Dual ISPs                   : Disabled  

VLAN Trunk Ports            : 0        


This platform has a Base license.

Configuration register is 0x1

Configuration has not been modified since last system restart.


Plz check .

I have removed serial and activiation key
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Yes, you are definitely running 5505 Base License. Did you actually try the config you posted? Did you unplug the cable from the main outside interface while both WAN lines were up like I said?
From your own ASA here is proof it won't work and isn't licensed:
Licensed features for this platform:

Maximum Physical Interfaces : 8        
VLANs                       : 3, DMZ Restricted
Inside Hosts                : Unlimited
Failover                    : Disabled
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
VPN Peers                   : 10        
WebVPN Peers                : 2        
Dual ISPs                   : Disabled  
VLAN Trunk Ports            : 0        
 
0
 
LVL 5

Expert Comment

by:devangshroff
Comment Utility
only i can say if you really wnat to see , you can try this at your end with , then only you will belive .

I am only sharing thiing that i did . Now its up to you .

Just try same configuration in your lab.

0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Like I said, I just did.
Won't work/isn't supported - that's all there is to say.
Back to the 5510 now. Tired of this 5505 stuff a bit.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
Any responses from the asker? Questions?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now