CISCO ADAPTIVE SECURITY APPLIANCES ASA 5500 SERIES
Hello
I'm doing a comparison of the above with other offers from different providers.
Can someone tell me if the firewall feature of this device actually runs the full version of PIX OS 7.0.
Flipping through the manual, it does not mention PPTP with MPPE or L2TP with IPSEC support while I'm reasonably sure these two would be supported in a pix running OS 7.0
Thank you
Paddy
The PIX and ASA are running the same code, no difference. The reason why you don't see PPTP and L2TP/IPSec mentioned is that these functions have been removed from code of v7.0 PIX / ASA, mainly because they used very little and they need space for the more 50 new features that have been added. It is detailed here:
http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_70/70_rn/pix_70rn.htm#wp119169
The ASA actually gives you some extra with 7.0 features that works on a PIX is not, like WebVPN (SSL VPN), load balancing VPN and support the onboard SSM (IDS/IPS).
Tags: Cisco Security
Similar Questions
-
This version of Cisco Adaptive Security Appliance Software Version 9.6 (1) 5 is affected by Cisco Adaptive Security Appliance SNMP Remote Code execution vulnerability and Cisco Adaptive Security Appliance CLI Remote Code execution vulnerability of
Hi vrian_colaba,
You can take a look at cisco's Advisory here:
https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...
Fixed versions
Cisco ASA Major Release First version fixed 7.2 Affected; migrate to 9.1.7(9) or later 8.0 Affected; migrate to 9.1.7(9) or later 8.1 Affected; migrate to 9.1.7(9) or later 8.2 Affected; migrate to 9.1.7(9) or later 8.3 Affected; migrate to 9.1.7(9) or later 8.4 Affected; migrate to 9.1.7(9) or later 8.5 Affected; migrate to 9.1.7(9) or later 8.6 Affected; migrate to 9.1.7(9) or later 8.7 Affected; migrate to 9.1.7(9) or later 9.0 9.0.4 (40) 9.1 9.1.7(9) 9.2 9.2.4 (14) 9.3 9.3.3 (10) 9.4 9.4.3(8) ETA 26/08/2016 9.5 9.5 (3) ETA 30/08/2016 9.6 (DFT) 9.6.1 (11) / 6.0.1(2) FTD 9.6 (ASA) 9.6.2 5 9.6 (1) is not part of the fixed versions, this means that is assigned for the SNMP Remote Code execution vulnerability.
Cisco Adaptive Security Appliance CLI Remote Code vulnerability to run you can also take a look at cisco's Advisory here:
https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...
Fixed versions
The following table shows the first software versions that include fixes for this vulnerability (9.6 is not affected)
Cisco ASA Major Release First version fixed 7.2 Affected, migrate to 8.4 (3) or later 8.0 Affected, migrate to 8.4 (3) or later 8.1 Affected, migrate to 8.4 (3) or later 8.2 Affected, migrate to 8.4 (3) or later 8.3 Affected, migrate to 8.4 (3) or later 8.4 8.4 (3) 8.5 Affected, migrate to 9.0 (1) or later version 8.6 Affected, migrate to 9.0 (1) or later version 8.7 Affected, migrate to 9.0 (1) or later version 9.0 9.0 (1) 9.1 Not affected 9.2 Not affected 9.3 Not affected 9.4 Not affected 9.5 Not affected 9.6 Not affected Hope this info helps!
Note If you help!
-JP-
-
Cisco ASA 5500 Series 4-Port GE SSM
Currently, we have 2 asa 5510 firewall and need to add the
Cisco ASA 5500 Series 4 - Port GE SSM extension module. Can it be added when the device is turned on and running or the firewall must be turned off to install the plug-in?
Hello
You could try to ask this question of the team of firewall, as this page from the community for the physical security and video surveillance. The team of firewall is located here:
https://supportforums.Cisco.com/community/NetPro/security/firewall
-
Dear support,
I need to configure Security Services Module-10 (model: ASA-SSM-10) on my ASA 5510 firewall. Could you provide configuration step and how to connect to the module?
Here is the information on the module
ciscoasa (config) # sh Details of module 1
The details of the Service module, please wait...
ASA 5500 Series Security Services Module-10
Model: ASA-SSM-10
Hardware version: 1.0
Serial number: JAF1115066U
Firmware version: 1.0 (11) 2
Software version: 1.0000 E1
MAC address range: 001a.e268.5aa9 to 001a.e268.5aa9
App name: IPS
App status. : to the top
App status. / / Desc:
App version: 1.0000 E1
Data of aircraft status: Up
Status: to the top
Mgmt IP addr: 133.1.9.144
Web to MGMT ports: 443
Mgmt TLS enabled: trueyour help is very appreciate.
Thank you
Best regards
Hi Sothengse,
Please find the samlpe on AIP SSM module configurations. You can go through this to begin with.
http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...
https://www.YouTube.com/watch?v=FgYU5ZXwk4g
Concerning
Knockaert
-
Cisco ASA 5500 Series end of life
Hello
I noticed that all 5500 series (5510,5520,5540,5550,5580) ASAs are all end-of-life announced in March 2013. However, I don't see ASA 5505 on the list. Can anyone confirm that 5505 EOL has not announced?
http://www.Cisco.com/c/en/us/support/security/ASA-5505-Adaptive-Security...
Thanks in advance
The 5505 is not yet announced EOS/EOL, but the announcement can * t be extreme as 5506-X will be available soon (well, I hope... ;-)).
-
Back on the cisco ASA 5500 series and PIX 500 series
Hello
I fund a site www http://www.searchsecurity.de/themenkanaele/plattformsicherheit/schwachstellenmanagement/allgemein/articles/106752/ (only in German). I have read that it is possible to make a denial of service on cisco PIX 500 series and series 5500 ASA, when the TTL value is enabled.
How can I check that? or solve the problem?
I thank you,
Mary
What version of the code you run the Pix or ASA. Refer to the "Products affected" section for more information on versions and the products concerned. This should point you in the right direction.
Also, listed in the URL is bypasses and fixed Versions that you may want to check.
Kind regards
Arul
-
site to site vpn with ASA 5500 series SSL?
We have routers DLink DIR - 130 5505 s ASA and PIXen, all work well with our PIX 515E, we need to replace.
We also have Internet satellite in two places. High latency makes IPsec VPN to DLinks on these very slow sites.
We were informed by HughesNet that a SSL VPN will mitigate some of the problems of latency.
However, we cannot use a VPN client for the biometric timeclocks in these places, the clocks need static IP addresses and are more or less "dumb terminals".
The machine of series 5000 ASA VPN site to site similar to OpenVPN or only the most comment client-server type SSL VPN connections?
Thank you, Tom
Hi Thomas,
The SSL VPN on ASAs feature is a client/server relationship where the remote computer can connect without client (browser) or clientbased (AnyConnect) to the ASA.
Federico.
-
ASA 5500 series as a customer VPN SSL
Hello.
ASA 5510 (or other products) usable as SSL VPN site to site VPN client?
Version 8.4.2 asdm 6.4.9
On the other end have certificate authentication and authorization through LDAP credentials
SSL on the SAA isn't only for remote access. For the Site to Site, you must use IPSec.
-
Cisco ASA 5500 CSC-SSM-20 Series
How many subscribers maximum, sessions, licenses are allowed using Cisco ASA 5500 Series CSC-SSM-20 on ASA5540 module
Use the following command 'See - activation key' to get maximum subscribers, sessions, details County licenses.
-
Hello
Can what ASA 5500 model I use to replace my PIX515E companies with 6 interfaces.
Hello o.oresotu,
Looks like the Pix 515E Flyway is the ASA 5510.
Take a look at the following links.
Cisco ASA 5500 Series Migration quick look
http://www.Cisco.com/application/PDF/en/us/guest/products/ps6120/c1031/cdccont_0900aecd80322caa.PDF
Licenses for features and specifications
http://www.Cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a00806b1c1c.html
Hope that helps! If Yes, please rate.
Thank you
-
ASA 5500 x new anyconnect VPN license structure
I wonder if anyone can give me some insight on the new ASA VPN (SSL VPN) structure of license. Currently, I have anyconnect premium license installed on the ASA 5500 series but want to buy the same type of license for x ASA 5500 series. I understand the premium license is required for SSL VPN and webvpn. Can someone find out if the premium anyconnect and anyconnect essentials license has been replaced by the Cisco Anyconnect Apex licence?
The new AnyConnect Apex maps old Premium licenses. They are now focused on the term (1, 3-5 years) and have been approved by a single user (regardless of the number of devices) vs. concurrent users on the old regime.
Apex (or the old premium) is required for clientless SSL VPN. Regular-based on the SSL VPN client AnyConnect requires no Apex but can be done by using only more licenses.
The new AnyConnect Plus is the old Essentials plus mobile licenses. There is an option of perpetual and based on the duration.
By single user licensing is a terms and conditions / EULA stuff and not enforced by technical means at the moment.
-
I hope someone can help me to answer this question:
Currently, we have redundant FWSM and consider a migration of standalone ASA 5500 series firewalls. However, we have a complete VMWare environment and look at the Nexus 1000V. I understand the Nexus 1000V and ESR architecture and implementation, and I don't understand that the ASA 1000V is designed for cloud environments. But I have a question about the ASA 1000V.
Is it possible that a firewall series ASA 5500 be replaced by ASA 1000V? Basically, can an ASA 1000V to be a single firewall solution, or are that ASA 5500 is always necessary?
Is there a datasheet anywhere that compares the ASA 1000V and ASA 5500 series?
Thanks for your help.
-Joe
Depending on what you are using the ASA5500 series for now. If you use the ASA5500 for the remote access vpn and AnyConnect VPN, he will not rely on the first version of the ASA1000V yet.
Here's the Q & A on ASA1000V which includes more information:
http://www.Cisco.com/en/us/partner/prod/collateral/vpndevc/ps6032/ps6094/ps12233/qa_c67-688050.html
Hope that answers your question.
-
ASA 5500 series safety devices does support 10 GB?
Hello
10 GB is currently not an option:
http://www.Cisco.com/en/us/products/ps6120/prod_models_comparison.html
HTH
Andrew.
-
Version 7.0 of the PIX and ASA 5500
Hi all
Is ASA 5500 series identical a PIX 515 or 525 or 535 with version 7.0... I still see some areas where it confused between version 7.0 of the PIX and ASA 5500 series... If not, what are the benefits of ASA 5500 on the PIX 7.0?
ASA is not the same as PIX, ASA is different hardware architecture. Although both can run the same code. One of the benefits of the SAA is that you can have an IPS module in it to make the prevention of intrusions.
Search for comprarison on CCO.
-
Upgrade path 5500 series ASA-SSM-10
Can anyone provide the proper for the 5500 series ASA-SSM-10 upgrade path of
6.0 (5) E2
TO
7.1 (10) E4
The release notes state that you must run just least 6,0000 e4 could so I just spend 6,0000 E4 5,0000 E2 then directly to 7.1 (10) E4?
Also, the SSM-10 is able to effectively run the 7.1 (10) E4?
Hello
Yes, you can directly upgrade 6.0.5E2 to 6.0.6 E4 and then directly to version 7.1. (10) E4. After the upgrade for the latter, you might even go to latest available patch as well.
-Yes, SSM1 - is able to effectively execute the 7.1.0E4.
Kind regards
Akshay Rouanet
Maybe you are looking for
-
I still have the iPhone 4S. What is the best IOS version for my iPhone?
I want to reuse my iPhone 4S. What is the best IOS for 4S? Where can I find and how to install in my 4S?
-
What memory you choose for Satellite P10-304
HelloI have Toshiba Satellite SP10-304http://UK.computers.Toshiba-Europe.com/cgi-bin/ToshibaCSG/JSP/productPage.do?service=UK&PRODUCT_ID=75423 I want to express the memory, but I don't know what should be the number of the memory model. Could you exp
-
ABN amro e.dentifier stuurprogramma
Kan mijn stuurprogramma voor abn amro e.dentifier niet vinden
-
Cannot install updates of security (NET Framework 1.1, 3.5)
Already tried to reinstall VISTA 32 - bit Sewrvice Packs 1 & 2. Nothing helps. Always comes back to condition prte-implementation to date.
-
original title: When I try to log in to my admin user, a screen appears and says ' the user profile service has no logon. User profile cannot be loaded. "I can't spend anything for users of our families because they ask for approval from the admin an