SSL VPN ASA 5505

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SSL/Anyconnect support on that version was sketchy at best! If I were you Id upgrade to at least 8.2(2)

Cisco ASA5500 Update System and ASDM

Then you can deploy AnyConnect and its pretty straightforward :)

Cisco ASA5500 AnyConnect SSL VPN

Pete

ASKER

i want to go to 8.2 but i can't find the IOS without having smartnet

Unfortunately you need a valid support contract (or a CD that came with a firewall that has the version on you want).

ASKER

I found 8.4(3) and ADSM 6.4(7) will those be compatible?

Only if you have 512MB Ram in there otherwise this will happen http://www.petenetlive.com/KB/Article/0000553.htm

unless it's a 10 or 50 user model then you will be OK :) ("show version" will tell you).

ASKER

hmmm..can i put 8.2 on it ok?

yes :) if you have a copy

ASKER

i do..i have 622f and 625 adsm, which one should i use?

8.2(1) runs happily wih ASDM 6.2(1)
8.2(2) also runs with ASDM 6.2(1)

ASKER

I've already blown out the config for this asa, is upgrading just like a router ios?

ASKER

so i should try to get 6.2(1) instead of 6.2(2)

what runs with what http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html

ASKER

will i have to upload anyconnect to it as well? if so what ver?

ASKER

any clue on the anyconnect?

AnyConnect v2.0 onwards will work. You should run the latest version as previous versions have known security vulnerabilities.

These are the latest versions available from the Cisco Website:

Package enables FIPS on Windows platforms.  
anyconnect-EnableFIPS-win-2.5.3055.exe	 27-SEP-2011	 0.16 MB	

Package enables FIPS on Windows platforms.  
anyconnect-EnableFIPS-win-2.5.3055.mst	 27-SEP-2011	 0.02 MB	

Standalone tarball package for 64-bit Linux platforms.  
anyconnect-Linux_64-2.5.3055-k9.tar.gz	 27-SEP-2011	 4.63 MB	

Web deployment package with DART for Windows platforms.  
anyconnect-dart-win-2.5.3055-k9.pkg	 27-SEP-2011	 5.16 MB	

Language localization transform files for Windows Start Before Login.  
anyconnect-gina-win-2.5.3055-pre-deploy-k9-lang.zip	 27-SEP-2011	 0.50 MB	

Start Before Login GINA module for Windows 2k/XP/Vista.  
anyconnect-gina-win-2.5.3055-pre-deploy-k9.msi	 27-SEP-2011	 0.85 MB	

Language localization transform files for web-deploy for Windows Start Before.  
anyconnect-gina-win-2.5.3055-web-deploy-k9-lang.zip	 27-SEP-2011	 0.50 MB	

Standalone tarball package enables FIPS for for Linux platforms.  
anyconnect-linux-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.20 MB	

Web deployment package for Linux platforms.  
anyconnect-linux-2.5.3055-k9.pkg	 27-SEP-2011	 6.66 MB	

Standalone tarball package for Linux platforms.  
anyconnect-linux-2.5.3055-k9.tar.gz	 27-SEP-2011	 4.59 MB	

File containing API for this release version.  
anyconnect-linux-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 3.78 MB	

Web deployment package for 64-bit Linux platforms.  
anyconnect-linux-64-2.5.3055-k9.pkg	 27-SEP-2011	 6.71 MB	

Package enables FIPS for MacOSX Intel platforms.  
anyconnect-macosx-i386-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.06 MB	

Standalone DMG package for Mac OS X "Intel" platforms.  
anyconnect-macosx-i386-2.5.3055-k9.dmg	 27-SEP-2011	 4.18 MB	

Web deployment package for Mac OS X "Intel" platforms.  
anyconnect-macosx-i386-2.5.3055-k9.pkg	 27-SEP-2011	 6.01 MB	

File containing API for this release version.  
anyconnect-macosx-i386-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 2.54 MB	

Package enables FIPS for Mac OS X PowerPC platforms.  
anyconnect-macosx-powerpc-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.06 MB	

Standalone DMG package for Mac OS X "PowerPC" platforms.  
anyconnect-macosx-powerpc-2.5.3055-k9.dmg	 27-SEP-2011	 3.98 MB	

Web deployment package for Mac OS X "PowerPC" platforms.  
anyconnect-macosx-powerpc-2.5.3055-k9.pkg	 27-SEP-2011	 5.77 MB	

File containing API for this release version.  
anyconnect-macosx-powerpc-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 2.78 MB	

Web deployment package without DART for Windows platforms.  
anyconnect-win-2.5.3055-k9.pkg	 27-SEP-2011	 4.59 MB	

Language localization transform files for pre-deploy package for Windows platforms.  
anyconnect-win-2.5.3055-pre-deploy-k9-lang.zip	 27-SEP-2011	 0.51 MB	

Standalone MSI package for Windows platforms.  
anyconnect-win-2.5.3055-pre-deploy-k9.msi	 27-SEP-2011	 2.38 MB	

Language localization transform files for web-deploy package for Windows platforms.  
anyconnect-win-2.5.3055-web-deploy-k9-lang.zip	 27-SEP-2011	 0.51 MB	

Zip file containing API for this release version.  
anyconnect-win-vpnapi-2.5.3055.zip

Open in new window

ASKER

so i have to upload anyconnect to flash first? its not included in 8.2 IOS?

Yes, you have to put the appropriate images of AnyConnect on the Flash. The client will download these when connecting via SSL if they don;t already have the necessary package installed on their terminal.

They are not needed when running the ASA as a Firewall, they are only needed when configuring the SSL Service. So you can install the IOS and the ASDM without these.

ASKER

is there any licensing involved? does the 5505 come with any?

Yes. You can look at your license in the ASDM:

Configuration -> Device Management -> Licensing

Or a "sh version" at the CLI.

SOLUTION