ASA 5510 CLI Configuration

Hello

Is it possible to perform all the system configuration and management functions through the CLI at the Terminal?

I think specifically to aspects such as the management of firewall rule configuration of the DHCP Service, VPN configuration, log review. etc etc.

I have already done some configuration of the interface of base if the CLI, but want to know what depth, I can go.

Thanks in advance.

Paul

The main thing that I know will have to be made through ASDM is manage bookmarks SSL VPN client and other pages. All the other stuff you mentioned can be done through CLI. I like to use a hybrid of CLI & ASDM when I managed firewalls. I prefer to see the logs on the ASDM so, real-time log buffer is an excellent tool.

Tags: Cisco Support

Similar Questions

The ASA 5510 DMZ configuration

I currently have an ASA 5510 with which I am configuring a HTTP/FTP host on a demilitarized zone. Currently the DMZ host is accessible outside but the hosts on the internal network can not access. I have a dedicated IP address for the host (1.1.1.228) DMZ and another IP for the PAT interface for internal clients (1.1.1.238). I know I'm missing a piece, either a statement nat() or a static(), please advise.

interface Ethernet0/0

Description Interface Outside

nameif outside

security-level 0

IP 1.1.1.238 255.255.255.240

!

interface Ethernet0/1

Inside the Interface Description

nameif inside

security-level 100

the IP 10.0.0.1 255.255.0.0

!

interface Ethernet0/2

DMZ Interface Description

nameif dmz

security-level 50

the IP 192.168.0.1 255.255.255.0

-partial outside the inbound ACL.

outside_access_in list extended access permit tcp any host 1.1.1.228 eq www

outside_access_in list extended access permit tcp any host 1.1.1.228 eq https

-ACL DMZ-

DMZ list extended access permit icmp any one

access-list extended DMZ permit tcp host 192.168.0.11 eq www everything

access-list extended DMZ permit tcp host 192.168.0.11 eq https all

access-list extended DMZ permit tcp host 192.168.0.11 eq ftp - data all

DMZ list extended access permit tcp host 192.168.0.11 eq ftp everything

Global 1 interface (outside)

NAT (inside) 0-list of access inside_outbound_nat0_acl

NAT (inside) 1 0.0.0.0 0.0.0.0

public static 1.1.1.231 (Interior, exterior) 10.0.0.85 netmask 255.255.255.255

static (dmz, outside) 1.1.1.228 192.168.0.11 netmask 255.255.255.255

Access-group outside_access_in in interface outside

Access-group interface dmz DMZ

Add:

static (inside, dmz) 10.0.0.0 mask 10.0.0.0 subnet 255.255.0.0

The statement above will allow the host to access DMZ hosts inside using DMZ devices own IPs and vice versa.

And, if necessary, use the ACL to restrict access to inside the DMZ, or DMZ inside.

See you soon!

AK

VPN on ASA-5510 with Configure a dynamic encryption card

Hi all

My name is ping, I have ASA-5510 for site to site VPN configuration, but am not clear with a few conifguration on ASA-5510 series, not sure on poin than, when I install on other sets of cisco router I can use

ASA2 (config) #crypto card outside-card 10 ipsec-isakmp

% NOTE: this new map encryption will remain disabled until a peer

and a valid access list have been configured.

........

but, when I configure ASA 5510 it as below:

mtelcoASA2 (config) # crypto?

set up the mode commands/options:

CA Certification Authority

dynamic-map set up a dynamic encryption card

IPSec transform-set set, life of the IPSec Security Association and fragmentation

ISAKMP configure ISAKMP

main activities key long-term

card to configure an encryption card

ASA2 (config) # map outside-map 10 ipsec-isakmp crypto ?

set up the mode commands/options:

Entry dynamic is a dynamic map

"Set up a dynamic crypto map" which uses for and why I can't use only "map outside-map 10 ipsec-isakmp crypto" and if not can't, can I skip this command or tell me the other way with explanation with nicely,

Thank you very much

hot topic,

Ping,

Just use crypto card outside-map 10 match/set without ipsec-isakmp key word and it will be fine.

Cisco's ASA 5510 VPN configuration suggestion

Hello

We have a cisco ASA5510 and our client has a device of Juniper. We already have a vpn tunnel between two locations and its working fine.

Now they have networks that are in a safer area, if we add these subnets of the current tunnel we are not able to access it.

so, what they suggest we can reconfigure the VPN to be a road based on VPN instead of policy based OR configure a second VPN tunnel.

not sure about cisco ASA supports route according to the tunnels? ... Can we create a 2nd tunnel between the same devices (asa5510 and thei Juniper device) as remainders IP that identical, only the internal remote networks will change for me. is this possible?

do I have to make changes to the current tunnel?

Thank you

Smail

Hello

Cisco ASA does not support database path tunnels.

You must add new networks to crypto ACL. They add new VPN policies.

Cisco ASA 5510 config with SSM

I was tasked to replace our old sonicwall tz170 firewall with an ASA 5510 and configure it (that I never did, only routers and switches) and I have a few questions. I'm inside the ASDM and I am trying to configure my external interface... The 5510 provided with a map of the SSM, and I assumed it would be my external interface, but I guess I'm wrong because it is not an option when running through the wizard. I know what the SSM card for, I do not understand why there is not an external interface. Whence this connect (just for my LAN?)?

Currently, I have implemented the management interface to our ip and the subnet and connected through that. I see the management interface and eth0 - eth 3.

It's as simple as it can get, I just need the external interface to our public ip address, configure access rules to match my sonicwall.

Also on the version, its operation ASA 8.2.1. Should I upgrade to 8.3.1? What is the ED after the version (not familiar with it).

Thank you!

These rules on the SAA are default rules, that is to say whatever it is initiated from the inside is allowed, but anything launched from outside is allowed in. Sorry, but I'm not familiar with SonicWall at all to give you advice on the rules, you will need installation. But what if all you have is an external interface and inside then will need you a nat.pat to ensure that internal addresses can go out and access list to restrict these internal if necessary networks. If you have incoming traffic is according to mail, web server, etc, then you will again be a nat and an access list to allow traffic.

The document attached (you can ignore the router configs) should hopefully give you a better idea of how incoming transport works and how to apply access lists to the interface.

Let me know if it helps.

ASA 5510 Configuration. How to set up 2 outside the interface.

Hello

I have Cisco ASA 5510 and the desktop, I want to create a new route to another (external) router to my ISP.

The workstation I can Ping ASA E0/2 interface but I cannot ping the router ISP B inside and outside of the interface.

I based my setup on the existing configuration. which so far is working

interface Ethernet0/0
Outside of the interface description
nameif outside
security-level 0
IP 122.55.71.138 address 255.255.255.2
!
interface Ethernet0/1
Inside the interface description
nameif inside
security-level 100
IP 10.34.63.252 255.255.240.0
!
interface Ethernet0/2
Outside of the interface description
nameif outside
security-level 0
IP 121.97.64.178 255.255.255.240
!

Global 1 interface (outside)

global (outside) 2 interface (I created this for E0/2)
NAT (inside) 0 access-list sheep

NAT (inside) 1 10.34.48.11 255.255.255.255 (work: router ISP inside and outside interface E0/0)

NAT (inside) 2 10.34.48.32 255.255.255.255 (work: E0/2 router ISP on the inside interface only but cant outside ping).

Route outside 0.0.0.0 0.0.0.0 122.55.71.139 1 (work)

Route outside 10.34.48.32 255.255.255.255 121.97.64.179 1 (the new Road Test)

Router ISP, that a job can ping and I can access the internet

interface FastEthernet0/0
Description Connection to ASA5510
IP 122.55.71.139 255.255.255.248
no ip redirection
no ip proxy-arp
IP nat inside
automatic duplex
automatic speed
!
the interface S0/0
IP 111.54.29.122 255.255.255.252
no ip redirection
no ip proxy-arp
NAT outside IP
!
IP nat inside source static 122.55.71.139 111.54.29.122
IP http server
IP classless
IP route 0.0.0.0 0.0.0.0 Serial0/0

FAI 2

interface FastEthernet0/0 (SAA can ping this interface)
Description Connection to ASA5510
IP 121.97.64.179 255.255.255.248
no ip redirection
no ip proxy-arp
IP nat inside
automatic duplex
automatic speed
!
interface E0/0 (ASA Can not ping this interface)
IP 121.97.69.122 255.255.255.252
no ip redirection
no ip proxy-arp
NAT outside IP
!
IP nat inside source static 121.97.64.179 121.97.69.122
IP http server
IP classless
IP route 0.0.0.0 0.0.0.0 E0/0

CABLES

ASA to router ISP B (straight cable)

Router ISP in the UDI (straight cable)

Hope you could give some advice and the solution for this kind of problem please

Hello

Are you able to ping the router IP of the interface of the device of the ASA? If so, try a trace of package on the device of the SAA for traffic to the IP address of the router.

Thank you and best regards,

Maryse Amrodia

How to configure ASA 5510 - my first time HA! Help!

I need to connect 2 ASA 5510 in an HA configuration. I don't know about the types of cable (x - ovr or straight) for the connection of the State, heartbeat connection and where they must be connected. Also, I was told that the connection of the State must be on a switch or VLAN separate... Is it true...?

We use a x-over for the failover of an int on the SAA primary to secondary ASA and it works very well.

ASA 5510 can be configured as bridge mode and always send Netflow information to a collector

ASA 5510 can be configured as bridge mode and always send Netflow information to a collector?

We have a PIX connect internal network to the internet. Because PIX does not support NetFlow, as temporary solution, we thought to a 5510 ASA between the PIX and the internet gateway and configure as a bridge so that there will be no problem routing, and the SAA can always send Netflow information to a collector.

Can someone please advise if this is possible?

Thank you.

I have not tried, but as a Netflow service policy should work in routed and transparent mode. Reference.

Why don't you just replace the Pix with the ASA in routed mode?

Updated AIP-SSM-10 on ASA 5510

Hello

I want to upgrade the IPS module in an ASA 5510, and I have a few questions. The AIP - SSM is running E3 479.0 1.0000 and I have a valid account of the ORC etc for this.
1. What is the version of the software on the question of the ASA?
2. When I look in the software downloads< ips="" there="" are="" .pkg="" and="" .img="" files.="" i="" want="" to="" upgrade="" to="" 6.3(3)e4.="" do="" i="" have="" to="" re-image="" the="" ips="">
3. AFAIK redefinition to wipe the device so I just reload the config after, right?
4. I guess I can apply any update after going to E4?
5. Can you give me links for this upgrade?
see you soon

Let me give some clarification on a few points:

2. There is no need to recreate the image on the device using the .img file. You can improve the mechanism of maintenance of your existing configuration using the .pkg file. It is the recommended method for upgrading to Cisco IPS devices/modules. The .img file to recreate the image should only be used to restore the default device.

5 here are links for the upgrade of the probe using a .pkg file. For updates through the IDM user interface:

http://www.Cisco.com/en/us/docs/security/IPS/6.2/configuration/guide/IDM/idm_sensor_management.html#wp2126670

For upgrades via the CLI:

http://www.Cisco.com/en/us/docs/security/IPS/6.2/configuration/guide/CLI/cli_system_images.html#wp1142504

Another point of clarification; current releases of IPS software supported on the AIP-SSM-10 are (taking into account you are currently running 6.2 (1) E3):

6.2 (3) E4

7.0 (4) E4

You can go directly to each output.

Scott

ASA 5510 with AIP SSM-10

I'm new to network administration and our company has an ASA 5510 with and map AIP SSM-10. On the interface ASA when I try to load Intrusion detection, he said the following:

"For IPS 5.1 (1) S205.0, use the link below to access the IPS Device Manager." (If the SSM management IP address or the port is translated, replace them accordingly in the below URL). IPS 6.0.1 or above will be fully interated ASDM. »

Unfortunately, no URL is displayed below this message and there is no documentation in the company that owns this configuration. Is there a way to reset the AIP without resetting the ASA? How can I find the IP address to be able to configure it?

The ASA CLI, you will be able to check the IP address of the AIP module:

view the details of the module

It will show you the ip address of mgmt of the module, and you can https to the IP address of your PC.

How to enable routing on a subnet in ASA 5510

Dear Sir

We use cisco ASA 5510, and we provide access to external users through cisco anyconnect VPN. When users connect, they can access a single subnet. How can afford to drive to another subnet CLI or ASDM?

Thank you best regards &,.

Hello

Seems to me that you have not at least have a NAT0 configuration for traffic between the LAN subnet and VPN pool

This is your current NAT0 ACL configuration

 access-list nonat extended permit ip 172.16.0.0 255.255.254.0 172.16.2.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 host 10.212.61.32 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.192 255.255.255.192 access-list nonat extended permit ip 172.16.0.0 255.255.254.0 10.1.12.0 255.255.255.0 access-list nonat extended permit ip 10.1.12.0 255.255.255.0 10.1.12.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 10.1.12.0 255.255.255.0

Pool of VPN you seems to be 172.16.240.0/24, so you must add the following line of ACL

 access-list nonat extended permit ip 10.1.12.0 255.255.255.0 172.16.240.0 255.255.255.0

Hope this helps :)

-Jouni

Review of the ASA 5510 Config

Hi all, I'm about to replace an existing a new ASA 5510 firewall. The environment is pretty simple, just an external and internal interface. I put in correspondence configs as much as possible, but I'd like to see if there are obvious problems. I am concerned mainly with my NAT statements. Nothing in the following config (sterilized) seems out of place? Thank you!!

------------------------------------------------------------

ASA 4,0000 Version 5

!

ciscoasa hostname

enable the encrypted password xxxxxxxxxx

XXXXXXXXXX encrypted passwd

names of

!

interface Ethernet0/0

nameif outside

security-level 0

IP 40.100.2.2 255.255.255.252

!

interface Ethernet0/1

nameif inside

security-level 100

IP 10.30.0.100 255.255.255.0

!

interface Ethernet0/2

Shutdown

No nameif

no level of security

no ip address

!

interface Ethernet0/3

Shutdown

No nameif

no level of security

no ip address

!

interface Management0/0

Shutdown

nameif management

security-level 100

IP 192.168.1.1 255.255.255.0

management only

!

boot system Disk0: / asa844-5 - k8.bin

passive FTP mode

permit same-security-traffic inter-interface

network of the 10.10.0.78 object

Home 10.10.0.78

Nospam description

network of the 10.10.0.39 object

Home 10.10.0.39

Description exch

network of the 55.100.20.109 object

Home 55.100.20.109

Description mail.oursite.com

network of the 10.10.0.156 object

Home 10.10.0.156

Description

www.oursite.com-Internal

network of the 55.100.20.101 object

Home 55.100.20.101

Description

www.oursite.com-External

network of the 10.10.0.155 object

Home 10.10.0.155

Ftp description

network of the 10.10.0.190 object

Home 10.10.0.190

farm www Description

network of the 10.10.0.191 object

Home 10.10.0.191

farm svc Description

network of the 10.10.0.28 object

Home 10.10.0.28

Vpn description

network of the 10.10.0.57 object

Home 10.10.0.57

Description cust.oursite.com

network of the 10.10.0.66 object

Home 10.10.0.66

Description spoint.oursite.com

network of the 55.100.20.102 object

Home 55.100.20.102

Description cust.oursite.com

network of the 55.100.20.103 object

Home 55.100.20.103

Ftp description

network of the 55.100.20.104 object

Home 55.100.20.104

Vpn description

network of the 55.100.20.105 object

Home 55.100.20.105

app www description

network of the 55.100.20.106 object

Home 55.100.20.106

app svc description

network of the 55.100.20.107 object

Home 55.100.20.107

Description spoint.oursite.com

network of the 55.100.20.108 object

Home 55.100.20.108

Description exchange.oursite.com

ICMP-type of object-group DM_INLINE_ICMP_1

response to echo ICMP-object

ICMP-object has exceeded the time

ICMP-unreachable object

Exchange_Inbound tcp service object-group

EQ port 587 object

port-object eq 993

port-object eq www

EQ object of the https port

port-object eq imap4

DM_INLINE_TCP_1 tcp service object-group

port-object eq www

EQ object of the https port

object-group service DM_INLINE_SERVICE_1

will the service object

the purpose of the tcp destination eq pptp service

the DM_INLINE_NETWORK_1 object-group network

network-object, object 10.10.0.190

network-object, object 10.10.0.191

the DM_INLINE_NETWORK_2 object-group network

network-object, object 10.10.0.156

network-object, object 10.10.0.57

DM_INLINE_TCP_2 tcp service object-group

port-object eq www

EQ object of the https port

object-group service sharepoint tcp

port-object eq 9255

port-object eq www

EQ object of the https port

outside_access_in list extended access permit icmp any any DM_INLINE_ICMP_1 object-group

outside_access_in list extended access permit tcp any object 10.10.0.78 eq smtp

outside_access_in list extended access permit tcp any object object 10.10.0.39 - Exchange_Inbound group

outside_access_in list extended access permit tcp any object-group DM_INLINE_NETWORK_2-group of objects DM_INLINE_TCP_1

outside_access_in list extended access permit tcp any object 10.10.0.155 eq ftp

outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_1 any object 10.10.0.28

outside_access_in list extended access permit tcp any object-group DM_INLINE_NETWORK_1-group of objects DM_INLINE_TCP_2

outside_access_in list extended access permit tcp any object 10.10.0.66 object-group Sharepoint

pager lines 24

Enable logging

asdm of logging of information

Outside 1500 MTU

Within 1500 MTU

management of MTU 1500

ICMP unreachable rate-limit 1 burst-size 1

ASDM image disk0: / asdm-649 - 103.bin

don't allow no asdm history

ARP timeout 14400

no permit-nonconnected arp

NAT (exterior, Interior) static source everything any static destination 55.100.20.109 10.10.0.78

NAT (exterior, Interior) static source everything any static destination 55.100.20.108 one-way 10.10.0.39

NAT (inside, outside) static source 10.10.0.39 one-way 55.100.20.109

NAT (exterior, Interior) static source everything any static destination 55.100.20.101 10.10.0.156

NAT (exterior, Interior) static source everything any static destination 55.100.20.102 10.10.0.57

NAT (exterior, Interior) static source everything any static destination 55.100.20.103 10.10.0.155

NAT (exterior, Interior) static source everything any static destination 55.100.20.104 10.10.0.28

NAT (exterior, Interior) static source everything any static destination 55.100.20.105 10.10.0.190

NAT (exterior, Interior) static source everything any static destination 55.100.20.106 10.10.0.191

NAT (exterior, Interior) static source everything any static destination 55.100.20.107 10.10.0.66

Access-group outside_access_in in interface outside

Route outside 0.0.0.0 0.0.0.0 40.100.2.1 1

Route inside 10.10.0.0 255.255.255.0 10.30.0.1 1

Timeout xlate 03:00

Pat-xlate timeout 0:00:30

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

Floating conn timeout 0:00:00

dynamic-access-policy-registration DfltAccessPolicy

identity of the user by default-domain LOCAL

Enable http server

http 192.168.1.0 255.255.255.0 management

http 10.10.0.0 255.255.255.0 inside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Telnet timeout 5

SSH 10.10.0.0 255.255.255.0 inside

SSH timeout 5

SSH group dh-Group1-sha1 key exchange

Console timeout 0

!

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

source of NTP server outside xxxxxxxxxx

WebVPN

!

class-map inspection_default

match default-inspection-traffic

!

!

type of policy-card inspect dns preset_dns_map

parameters

maximum message length automatic of customer

message-length maximum 512

Policy-map global_policy

class inspection_default

inspect the preset_dns_map dns

inspect the ftp

inspect h323 h225

inspect the h323 ras

inspect the rsh

inspect the rtsp

inspect esmtp

inspect sqlnet

inspect the skinny

inspect sunrpc

inspect xdmcp

inspect the sip

inspect the netbios

inspect the tftp

Review the ip options

inspect the pptp

!

global service-policy global_policy

context of prompt hostname

no remote anonymous reporting call

Cryptochecksum:40cee3a773d380834b10195ffc63a02f

: end

Hello

You do nat (exterior, Interior), I'm going to do inside, outside but the configuration is always good.

The ACL configuration is fine, Nat is fine, so you should have problems,

Kind regards

Julio

ASA 5510 - display block URL Page

Dear,

I have Cisco ASA 5510, I have already configured Block_Sites using regular expressions and it works fine. I need to display a Page blocked for any one trying to access blocked sites. Example: I need to display page contains our company Logo and less it shows that "the Site is blocked.

I can do it on Cisco ASA 5510?

Thank you

No, the ASA alone cannot do. To do this, you need a will end UP with appropriate license or a proxy (such as the WSA).

Allow specific access through the Interfaces ASA 5510

Hi all

In my quest to learn Cisco IOS and devices, I need help in smoothing traffic, or access lists, allowing traffic between internal interfaces on the SAA specifically.

I have an ASA 5510:

WAN/LAN/DMZ ports labled E0/0 (LAN), E0/1 (WAN), E0/2 (DMZ).

Connected to the port E0/0 is a 2811 router

Connected to the port E0/1 is the (external) Internet

Connected to the port E0/2 is a 2821

(I'll add a 3745 for VOIP) port E0/3, but it has not yet happened.

I want to allow traffic between the 2821 and the 2811 routers so that devices on the networks behind them can talk to each other.

I've specified specific subnets between the ASA and the routers because I want to learn how to shape traffic behind routers, as well as on the ASA. So behind the routers I have different VLANS, but I'm not restrict access between them, still, at least I don't think I am. But as it is, behind the 2821 devices cannot access the DNS / DOMAIN SERVER that is located behind the 2811. Right now I have the routers DHCP power, who works there. Currently devices behind the router 2821-3560 switch cannot access the domain server, primary dns server.

How can I set the ASA to allow traffic to flow between the two routers and their VLANS?

Here's the configs of each device and I have also included my switch configs, incase something should be set on them. I only removed the passwords and the parts of the external IP address. I appreciate the help in which States to create and on which devices.

I think it is best that I put the links to the files of text here.

Thank you!

You must remove the following statements on the two routers:
-# ip nat inside source... overload
-for each # ip nat inside/outside interface, if they have configured.

Remove ads rip of the networks that are not directly connected:
-2821: 172.16.0.0, 192.168.1.0, 199.195.xxx.0
-2811: 199.195.xxx.0
-ASA: 128.0.0.0

No way should be added to the routers, since he is the one by default, put in scene to ASA.

Check the tables of routing on routers and the ASA.

On ASA:

-Remove:
object-group network # PAT - SOURCE
# nat (indoor, outdoor) automatic interface after PAT-SOURCE dynamic source

-create objects of the networks behind the LAN router and enable dynamic NAT:
network object #.
subnet
NAT (inside, outside) dynamic interface

-review remains NAT rules.

-to set/adjust the lists access penetration on the interfaces. Do not forget to allow the rip on the LAN and DMZ interfaces.

-Disable rip on the outside interface.

Option of range & ASA 5510 - a group of objects

Hello

I have 3 ASA 5510 s; two of them are in production and the 3^rd is new. I inherited two in production and was trying to set up this 3^rd by using some of the existing network object-group statements. The problem is that when I try to create a range of IP addresses in one of the groups of object; the range command is not available. One of the extracted statements from one of the ASAs production: network of the REMOTE object
range 62.77.130.14 62.77.130.208

The two ASAs have the same image of worm (asa842-k8). Is there something I'm missing to enable the option in the range on the ASA News?

Thanks in advance,

~ sK

Hello

Are you sure that the ASA News started the new 8.4 (2) software?

There are
- object-group network
  - accepts networks and addresses of host under it
- network of the object
  - accept addresses from subnet, range and host under it
Configuring "network object" came available in 8.3 software. Before that in the software 8.2 and earlier than the 'object-group network' (and other types of groups of objects") exist.

Maybe you have several images start on the ASA News and its actually the old software still boot?

What does the ' running shoe see the?

If it lists both the command for old and new software then delete the old "system start" command, save the configuration and restart.

I hope that the above information was useful

-Jouni

ASA 5510 CLI Configuration

Similar Questions

Maybe you are looking for