Solved

SSL VPN ASA 5505

Posted on 2012-03-12
22
1,622 Views
Last Modified: 2012-03-27
Got my hands on a Cisco ASA 5505 running  asa724-k8 IOS, I have a very very basic config on it.  My plan was to use it for SSL-VPN clients like anyconnect.  But I'm thinking I have to be on 8.2 atleast for that????   I look at the flash and I see:

Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
  6 8515584    Sep 03 2009 06:59:54 asa724-k8.bin
  7 4181246    Sep 03 2009 07:01:08 securedesktop-asa-3.2.1.103-k9.pkg
  8 398305     Sep 03 2009 07:01:26 sslclient-win-1.1.0.154.pkg
  9 6514852    Sep 03 2009 07:03:38 asdm-524.bin
 12 0          Sep 03 2009 07:06:36 crypto_archive

Can I configure any time of SSL-VPN on it? I don't have smartnet on it so i can't go download 8.2,

Thanks in advance
0
Comment
Question by:jasonmichel
  • 10
  • 8
  • 4
22 Comments
 
LVL 11

Accepted Solution

by:
rowansmith earned 250 total points
Comment Utility
Yes you can.  But you do not have a client-less option.  You need to install the sslvpn client.

This document should give you all the information you require: http://www.cisco.com/image/gif/paws/70632/thin-clientwebvpnasa.pdf
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
SSL/Anyconnect support on that version was sketchy at best! If I were you Id upgrade to at least 8.2(2)

Cisco ASA5500 Update System and ASDM

Then you can deploy AnyConnect and its pretty straightforward :)


Cisco ASA5500 AnyConnect SSL VPN

Pete
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
i want to go to 8.2 but i can't find the IOS without having smartnet
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Unfortunately you need a valid support contract (or a CD that came with a firewall that has the version on you want).
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
I found 8.4(3) and ADSM  6.4(7)  will those be compatible?
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
Only if you have 512MB Ram in there otherwise this will happen http://www.petenetlive.com/KB/Article/0000553.htm
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
unless it's a 10 or 50 user model then you will be OK :) ("show version" will tell you).
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
hmmm..can i put 8.2 on it ok?
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
yes :) if you have a copy
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
i do..i have 622f and 625 adsm, which one should i use?
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
8.2(1) runs happily wih ASDM 6.2(1)
8.2(2) also runs with ASDM 6.2(1)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
I've already blown out the config for this asa, is upgrading just like a router ios?
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
so i should try to get 6.2(1) instead of 6.2(2)
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
will i have to upload anyconnect to it as well? if so what ver?
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
any clue on the anyconnect?
0
 
LVL 11

Expert Comment

by:rowansmith
Comment Utility
AnyConnect v2.0 onwards will work.  You should run the latest version as previous versions have known security vulnerabilities.

These are the latest versions available from the Cisco Website:

Package enables FIPS on Windows platforms.  
anyconnect-EnableFIPS-win-2.5.3055.exe	 27-SEP-2011	 0.16 MB	

Package enables FIPS on Windows platforms.  
anyconnect-EnableFIPS-win-2.5.3055.mst	 27-SEP-2011	 0.02 MB	

Standalone tarball package for 64-bit Linux platforms.  
anyconnect-Linux_64-2.5.3055-k9.tar.gz	 27-SEP-2011	 4.63 MB	

Web deployment package with DART for Windows platforms.  
anyconnect-dart-win-2.5.3055-k9.pkg	 27-SEP-2011	 5.16 MB	

Language localization transform files for Windows Start Before Login.  
anyconnect-gina-win-2.5.3055-pre-deploy-k9-lang.zip	 27-SEP-2011	 0.50 MB	

Start Before Login GINA module for Windows 2k/XP/Vista.  
anyconnect-gina-win-2.5.3055-pre-deploy-k9.msi	 27-SEP-2011	 0.85 MB	

Language localization transform files for web-deploy for Windows Start Before.  
anyconnect-gina-win-2.5.3055-web-deploy-k9-lang.zip	 27-SEP-2011	 0.50 MB	

Standalone tarball package enables FIPS for for Linux platforms.  
anyconnect-linux-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.20 MB	

Web deployment package for Linux platforms.  
anyconnect-linux-2.5.3055-k9.pkg	 27-SEP-2011	 6.66 MB	

Standalone tarball package for Linux platforms.  
anyconnect-linux-2.5.3055-k9.tar.gz	 27-SEP-2011	 4.59 MB	

File containing API for this release version.  
anyconnect-linux-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 3.78 MB	

Web deployment package for 64-bit Linux platforms.  
anyconnect-linux-64-2.5.3055-k9.pkg	 27-SEP-2011	 6.71 MB	

Package enables FIPS for MacOSX Intel platforms.  
anyconnect-macosx-i386-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.06 MB	

Standalone DMG package for Mac OS X "Intel" platforms.  
anyconnect-macosx-i386-2.5.3055-k9.dmg	 27-SEP-2011	 4.18 MB	

Web deployment package for Mac OS X "Intel" platforms.  
anyconnect-macosx-i386-2.5.3055-k9.pkg	 27-SEP-2011	 6.01 MB	

File containing API for this release version.  
anyconnect-macosx-i386-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 2.54 MB	

Package enables FIPS for Mac OS X PowerPC platforms.  
anyconnect-macosx-powerpc-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.06 MB	

Standalone DMG package for Mac OS X "PowerPC" platforms.  
anyconnect-macosx-powerpc-2.5.3055-k9.dmg	 27-SEP-2011	 3.98 MB	

Web deployment package for Mac OS X "PowerPC" platforms.  
anyconnect-macosx-powerpc-2.5.3055-k9.pkg	 27-SEP-2011	 5.77 MB	

File containing API for this release version.  
anyconnect-macosx-powerpc-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 2.78 MB	

Web deployment package without DART for Windows platforms.  
anyconnect-win-2.5.3055-k9.pkg	 27-SEP-2011	 4.59 MB	

Language localization transform files for pre-deploy package for Windows platforms.  
anyconnect-win-2.5.3055-pre-deploy-k9-lang.zip	 27-SEP-2011	 0.51 MB	

Standalone MSI package for Windows platforms.  
anyconnect-win-2.5.3055-pre-deploy-k9.msi	 27-SEP-2011	 2.38 MB	

Language localization transform files for web-deploy package for Windows platforms.  
anyconnect-win-2.5.3055-web-deploy-k9-lang.zip	 27-SEP-2011	 0.51 MB	

Zip file containing API for this release version.  
anyconnect-win-vpnapi-2.5.3055.zip

Open in new window

0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
so i have to upload anyconnect to flash first? its not included in 8.2 IOS?
0
 
LVL 11

Expert Comment

by:rowansmith
Comment Utility
Yes, you have to put the appropriate images of AnyConnect on the Flash.  The client will download these when connecting via SSL if they don;t already have the necessary package installed on their terminal.

They are not needed when running the ASA as a Firewall, they are only needed when configuring the SSL Service.  So you can install the IOS and the ASDM without these.
0
 
LVL 1

Author Comment

by:jasonmichel
Comment Utility
is there any licensing involved?  does the 5505 come with any?
0
 
LVL 11

Expert Comment

by:rowansmith
Comment Utility
Yes.  You can look at your license in the ASDM:

Configuration -> Device Management -> Licensing

Or a "sh version" at the CLI.
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
Comment Utility
>>is there any licensing involved?  does the 5505 come with any?

te ASA comes with 2 AnyConnect/Web VPN licences, if you want more you can purchase them from a reseller :)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now