Solved

SSL VPN ASA 5505

Posted on 2012-03-12
22
1,642 Views
Last Modified: 2012-03-27
Got my hands on a Cisco ASA 5505 running  asa724-k8 IOS, I have a very very basic config on it.  My plan was to use it for SSL-VPN clients like anyconnect.  But I'm thinking I have to be on 8.2 atleast for that????   I look at the flash and I see:

Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
  6 8515584    Sep 03 2009 06:59:54 asa724-k8.bin
  7 4181246    Sep 03 2009 07:01:08 securedesktop-asa-3.2.1.103-k9.pkg
  8 398305     Sep 03 2009 07:01:26 sslclient-win-1.1.0.154.pkg
  9 6514852    Sep 03 2009 07:03:38 asdm-524.bin
 12 0          Sep 03 2009 07:06:36 crypto_archive

Can I configure any time of SSL-VPN on it? I don't have smartnet on it so i can't go download 8.2,

Thanks in advance
0
Comment
Question by:jasonmichel
  • 10
  • 8
  • 4
22 Comments
 
LVL 11

Accepted Solution

by:
rowansmith earned 250 total points
ID: 37713003
Yes you can.  But you do not have a client-less option.  You need to install the sslvpn client.

This document should give you all the information you require: http://www.cisco.com/image/gif/paws/70632/thin-clientwebvpnasa.pdf
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 37718742
SSL/Anyconnect support on that version was sketchy at best! If I were you Id upgrade to at least 8.2(2)

Cisco ASA5500 Update System and ASDM

Then you can deploy AnyConnect and its pretty straightforward :)


Cisco ASA5500 AnyConnect SSL VPN

Pete
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37719605
i want to go to 8.2 but i can't find the IOS without having smartnet
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Expert Comment

by:Pete Long
ID: 37719831
Unfortunately you need a valid support contract (or a CD that came with a firewall that has the version on you want).
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37720762
I found 8.4(3) and ADSM  6.4(7)  will those be compatible?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 37721137
Only if you have 512MB Ram in there otherwise this will happen http://www.petenetlive.com/KB/Article/0000553.htm
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 37721148
unless it's a 10 or 50 user model then you will be OK :) ("show version" will tell you).
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37721369
hmmm..can i put 8.2 on it ok?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 37721404
yes :) if you have a copy
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37721416
i do..i have 622f and 625 adsm, which one should i use?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 37721418
8.2(1) runs happily wih ASDM 6.2(1)
8.2(2) also runs with ASDM 6.2(1)
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37721419
I've already blown out the config for this asa, is upgrading just like a router ios?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37721426
so i should try to get 6.2(1) instead of 6.2(2)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 37721429
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37721434
will i have to upload anyconnect to it as well? if so what ver?
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37726431
any clue on the anyconnect?
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37736694
AnyConnect v2.0 onwards will work.  You should run the latest version as previous versions have known security vulnerabilities.

These are the latest versions available from the Cisco Website:

Package enables FIPS on Windows platforms.  
anyconnect-EnableFIPS-win-2.5.3055.exe	 27-SEP-2011	 0.16 MB	

Package enables FIPS on Windows platforms.  
anyconnect-EnableFIPS-win-2.5.3055.mst	 27-SEP-2011	 0.02 MB	

Standalone tarball package for 64-bit Linux platforms.  
anyconnect-Linux_64-2.5.3055-k9.tar.gz	 27-SEP-2011	 4.63 MB	

Web deployment package with DART for Windows platforms.  
anyconnect-dart-win-2.5.3055-k9.pkg	 27-SEP-2011	 5.16 MB	

Language localization transform files for Windows Start Before Login.  
anyconnect-gina-win-2.5.3055-pre-deploy-k9-lang.zip	 27-SEP-2011	 0.50 MB	

Start Before Login GINA module for Windows 2k/XP/Vista.  
anyconnect-gina-win-2.5.3055-pre-deploy-k9.msi	 27-SEP-2011	 0.85 MB	

Language localization transform files for web-deploy for Windows Start Before.  
anyconnect-gina-win-2.5.3055-web-deploy-k9-lang.zip	 27-SEP-2011	 0.50 MB	

Standalone tarball package enables FIPS for for Linux platforms.  
anyconnect-linux-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.20 MB	

Web deployment package for Linux platforms.  
anyconnect-linux-2.5.3055-k9.pkg	 27-SEP-2011	 6.66 MB	

Standalone tarball package for Linux platforms.  
anyconnect-linux-2.5.3055-k9.tar.gz	 27-SEP-2011	 4.59 MB	

File containing API for this release version.  
anyconnect-linux-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 3.78 MB	

Web deployment package for 64-bit Linux platforms.  
anyconnect-linux-64-2.5.3055-k9.pkg	 27-SEP-2011	 6.71 MB	

Package enables FIPS for MacOSX Intel platforms.  
anyconnect-macosx-i386-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.06 MB	

Standalone DMG package for Mac OS X "Intel" platforms.  
anyconnect-macosx-i386-2.5.3055-k9.dmg	 27-SEP-2011	 4.18 MB	

Web deployment package for Mac OS X "Intel" platforms.  
anyconnect-macosx-i386-2.5.3055-k9.pkg	 27-SEP-2011	 6.01 MB	

File containing API for this release version.  
anyconnect-macosx-i386-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 2.54 MB	

Package enables FIPS for Mac OS X PowerPC platforms.  
anyconnect-macosx-powerpc-2.5.3055-EnableFIPS.tar.gz	 27-SEP-2011	 0.06 MB	

Standalone DMG package for Mac OS X "PowerPC" platforms.  
anyconnect-macosx-powerpc-2.5.3055-k9.dmg	 27-SEP-2011	 3.98 MB	

Web deployment package for Mac OS X "PowerPC" platforms.  
anyconnect-macosx-powerpc-2.5.3055-k9.pkg	 27-SEP-2011	 5.77 MB	

File containing API for this release version.  
anyconnect-macosx-powerpc-2.5.3055-vpnapi.tar.gz	 27-SEP-2011	 2.78 MB	

Web deployment package without DART for Windows platforms.  
anyconnect-win-2.5.3055-k9.pkg	 27-SEP-2011	 4.59 MB	

Language localization transform files for pre-deploy package for Windows platforms.  
anyconnect-win-2.5.3055-pre-deploy-k9-lang.zip	 27-SEP-2011	 0.51 MB	

Standalone MSI package for Windows platforms.  
anyconnect-win-2.5.3055-pre-deploy-k9.msi	 27-SEP-2011	 2.38 MB	

Language localization transform files for web-deploy package for Windows platforms.  
anyconnect-win-2.5.3055-web-deploy-k9-lang.zip	 27-SEP-2011	 0.51 MB	

Zip file containing API for this release version.  
anyconnect-win-vpnapi-2.5.3055.zip

Open in new window

0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37737501
so i have to upload anyconnect to flash first? its not included in 8.2 IOS?
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37739861
Yes, you have to put the appropriate images of AnyConnect on the Flash.  The client will download these when connecting via SSL if they don;t already have the necessary package installed on their terminal.

They are not needed when running the ASA as a Firewall, they are only needed when configuring the SSL Service.  So you can install the IOS and the ASDM without these.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 37754112
is there any licensing involved?  does the 5505 come with any?
0
 
LVL 11

Expert Comment

by:rowansmith
ID: 37759943
Yes.  You can look at your license in the ASDM:

Configuration -> Device Management -> Licensing

Or a "sh version" at the CLI.
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points
ID: 37770089
>>is there any licensing involved?  does the 5505 come with any?

te ASA comes with 2 AnyConnect/Web VPN licences, if you want more you can purchase them from a reseller :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question