CISCO ADAPTIVE SECURITY APPLIANCES ASA 5500 SERIES

Hello

I'm doing a comparison of the above with other offers from different providers.

Can someone tell me if the firewall feature of this device actually runs the full version of PIX OS 7.0.

Flipping through the manual, it does not mention PPTP with MPPE or L2TP with IPSEC support while I'm reasonably sure these two would be supported in a pix running OS 7.0

Thank you

Paddy

The PIX and ASA are running the same code, no difference. The reason why you don't see PPTP and L2TP/IPSec mentioned is that these functions have been removed from code of v7.0 PIX / ASA, mainly because they used very little and they need space for the more 50 new features that have been added. It is detailed here:

http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_70/70_rn/pix_70rn.htm#wp119169

The ASA actually gives you some extra with 7.0 features that works on a PIX is not, like WebVPN (SSL VPN), load balancing VPN and support the onboard SSM (IDS/IPS).

Tags: Cisco Security

Similar Questions

  • This version of Cisco Adaptive Security Appliance Software Version 9.6 (1) 5 is affected by Cisco Adaptive Security Appliance SNMP Remote Code execution vulnerability and Cisco Adaptive Security Appliance CLI Remote Code execution vulnerability of

    This version of Cisco Adaptive Security Appliance Software Version 9.6 (1) 5 is affected by Cisco Adaptive Security Appliance SNMP Remote Code execution vulnerability and Cisco Adaptive Security Appliance CLI Remote Code execution vulnerability of

    Hi vrian_colaba,

    You can take a look at cisco's Advisory here:

    https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...

    Fixed versions

    Cisco ASA Major Release  First version fixed
    7.2 Affected; migrate to 9.1.7(9) or later
    8.0 Affected; migrate to 9.1.7(9) or later
    8.1 Affected; migrate to 9.1.7(9) or later
    8.2 Affected; migrate to 9.1.7(9) or later
    8.3 Affected; migrate to 9.1.7(9) or later
    8.4 Affected; migrate to 9.1.7(9) or later
    8.5 Affected; migrate to 9.1.7(9) or later
    8.6 Affected; migrate to 9.1.7(9) or later
    8.7 Affected; migrate to 9.1.7(9) or later
    9.0 9.0.4 (40)
    9.1 9.1.7(9)
    9.2 9.2.4 (14)
    9.3 9.3.3 (10)
    9.4 9.4.3(8) ETA 26/08/2016
    9.5 9.5 (3) ETA 30/08/2016
    9.6 (DFT) 9.6.1 (11) / 6.0.1(2) FTD
    9.6 (ASA) 9.6.2

    5 9.6 (1) is not part of the fixed versions, this means that is assigned for the SNMP Remote Code execution vulnerability.

    Cisco Adaptive Security Appliance CLI Remote Code vulnerability to run you can also take a look at cisco's Advisory here:

    https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...

    Fixed versions

    The following table shows the first software versions that include fixes for this vulnerability (9.6 is not affected)

    Cisco ASA Major Release First version fixed
    7.2 Affected, migrate to 8.4 (3) or later
    8.0 Affected, migrate to 8.4 (3) or later
    8.1 Affected, migrate to 8.4 (3) or later
    8.2 Affected, migrate to 8.4 (3) or later
    8.3 Affected, migrate to 8.4 (3) or later
    8.4 8.4 (3)
    8.5 Affected, migrate to 9.0 (1) or later version
    8.6 Affected, migrate to 9.0 (1) or later version
    8.7 Affected, migrate to 9.0 (1) or later version
    9.0 9.0 (1)
    9.1 Not affected
    9.2 Not affected
    9.3 Not affected
    9.4 Not affected
    9.5 Not affected
    9.6 Not affected

    Hope this info helps!

    Note If you help!

    -JP-

  • Cisco ASA 5500 Series 4-Port GE SSM

    Currently, we have 2 asa 5510 firewall and need to add the

    Cisco ASA 5500 Series 4 - Port GE SSM extension module. Can it be added when the device is turned on and running or the firewall must be turned off to install the plug-in?

    Hello

    You could try to ask this question of the team of firewall, as this page from the community for the physical security and video surveillance.  The team of firewall is located here:

    https://supportforums.Cisco.com/community/NetPro/security/firewall

  • Step how to configure ASA 5500 Series Security Services Module-10 (model: ASA-SSM-10)

    Dear support,

    I need to configure Security Services Module-10 (model: ASA-SSM-10) on my ASA 5510 firewall. Could you provide configuration step and how to connect to the module?

    Here is the information on the module

    ciscoasa (config) # sh Details of module 1
    The details of the Service module, please wait...
    ASA 5500 Series Security Services Module-10
    Model: ASA-SSM-10
    Hardware version: 1.0
    Serial number: JAF1115066U
    Firmware version: 1.0 (11) 2
    Software version: 1.0000 E1
    MAC address range: 001a.e268.5aa9 to 001a.e268.5aa9
    App name: IPS
    App status. : to the top
    App status. / / Desc:
    App version: 1.0000 E1
    Data of aircraft status: Up
    Status: to the top
    Mgmt IP addr: 133.1.9.144
    Web to MGMT ports: 443
    Mgmt TLS enabled: true

    your help is very appreciate.

    Thank you

    Best regards

    Hi Sothengse,

    Please find the samlpe on AIP SSM module configurations. You can go through this to begin with.

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

    https://www.YouTube.com/watch?v=FgYU5ZXwk4g

    Concerning

    Knockaert

  • Cisco ASA 5500 Series end of life

    Hello

    I noticed that all 5500 series (5510,5520,5540,5550,5580) ASAs are all end-of-life announced in March 2013. However, I don't see ASA 5505 on the list. Can anyone confirm that 5505 EOL has not announced?

    http://www.Cisco.com/c/en/us/support/security/ASA-5505-Adaptive-Security...

    Thanks in advance

    The 5505 is not yet announced EOS/EOL, but the announcement can * t be extreme as 5506-X will be available soon (well, I hope... ;-)).

  • Back on the cisco ASA 5500 series and PIX 500 series

    Hello

    I fund a site www http://www.searchsecurity.de/themenkanaele/plattformsicherheit/schwachstellenmanagement/allgemein/articles/106752/ (only in German). I have read that it is possible to make a denial of service on cisco PIX 500 series and series 5500 ASA, when the TTL value is enabled.

    How can I check that? or solve the problem?

    I thank you,

    Mary

    What version of the code you run the Pix or ASA. Refer to the "Products affected" section for more information on versions and the products concerned. This should point you in the right direction.

    Also, listed in the URL is bypasses and fixed Versions that you may want to check.

    Kind regards

    Arul

  • site to site vpn with ASA 5500 series SSL?

    We have routers DLink DIR - 130 5505 s ASA and PIXen, all work well with our PIX 515E, we need to replace.

    We also have Internet satellite in two places. High latency makes IPsec VPN to DLinks on these very slow sites.

    We were informed by HughesNet that a SSL VPN will mitigate some of the problems of latency.

    However, we cannot use a VPN client for the biometric timeclocks in these places, the clocks need static IP addresses and are more or less "dumb terminals".

    The machine of series 5000 ASA VPN site to site similar to OpenVPN or only the most comment client-server type SSL VPN connections?

    Thank you, Tom

    Hi Thomas,

    The SSL VPN on ASAs feature is a client/server relationship where the remote computer can connect without client (browser) or clientbased (AnyConnect) to the ASA.

    Federico.

  • ASA 5500 series as a customer VPN SSL

    Hello.

    ASA 5510 (or other products) usable as SSL VPN site to site VPN client?

    Version 8.4.2 asdm 6.4.9

    On the other end have certificate authentication and authorization through LDAP credentials

    SSL on the SAA isn't only for remote access. For the Site to Site, you must use IPSec.

  • Cisco ASA 5500 CSC-SSM-20 Series

    How many subscribers maximum, sessions, licenses are allowed using Cisco ASA 5500 Series CSC-SSM-20 on ASA5540 module

    Use the following command 'See - activation key' to get maximum subscribers, sessions, details County licenses.

  • ASA 5500 model

    Hello

    Can what ASA 5500 model I use to replace my PIX515E companies with 6 interfaces.

    Hello o.oresotu,

    Looks like the Pix 515E Flyway is the ASA 5510.

    Take a look at the following links.

    Cisco ASA 5500 Series Migration quick look

    http://www.Cisco.com/application/PDF/en/us/guest/products/ps6120/c1031/cdccont_0900aecd80322caa.PDF

    Licenses for features and specifications

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a00806b1c1c.html

    Hope that helps! If Yes, please rate.

    Thank you

  • ASA 5500 x new anyconnect VPN license structure

    I wonder if anyone can give me some insight on the new ASA VPN (SSL VPN) structure of license.  Currently, I have anyconnect premium license installed on the ASA 5500 series but want to buy the same type of license for x ASA 5500 series.  I understand the premium license is required for SSL VPN and webvpn.  Can someone find out if the premium anyconnect and anyconnect essentials license has been replaced by the Cisco Anyconnect Apex licence?

    The new AnyConnect Apex maps old Premium licenses. They are now focused on the term (1, 3-5 years) and have been approved by a single user (regardless of the number of devices) vs. concurrent users on the old regime.

    Apex (or the old premium) is required for clientless SSL VPN. Regular-based on the SSL VPN client AnyConnect requires no Apex but can be done by using only more licenses.

    The new AnyConnect Plus is the old Essentials plus mobile licenses. There is an option of perpetual and based on the duration.

    By single user licensing is a terms and conditions / EULA stuff and not enforced by technical means at the moment.

  • ASA 1000V and ASA 5500

    I hope someone can help me to answer this question:

    Currently, we have redundant FWSM and consider a migration of standalone ASA 5500 series firewalls. However, we have a complete VMWare environment and look at the Nexus 1000V. I understand the Nexus 1000V and ESR architecture and implementation, and I don't understand that the ASA 1000V is designed for cloud environments. But I have a question about the ASA 1000V.

    Is it possible that a firewall series ASA 5500 be replaced by ASA 1000V? Basically, can an ASA 1000V to be a single firewall solution, or are that ASA 5500 is always necessary?

    Is there a datasheet anywhere that compares the ASA 1000V and ASA 5500 series?

    Thanks for your help.

    -Joe

    Depending on what you are using the ASA5500 series for now. If you use the ASA5500 for the remote access vpn and AnyConnect VPN, he will not rely on the first version of the ASA1000V yet.

    Here's the Q & A on ASA1000V which includes more information:

    http://www.Cisco.com/en/us/partner/prod/collateral/vpndevc/ps6032/ps6094/ps12233/qa_c67-688050.html

    Hope that answers your question.

  • ASA 5500 10 GB

    ASA 5500 series safety devices does support 10 GB?

    Hello

    10 GB is currently not an option:

    http://www.Cisco.com/en/us/products/ps6120/prod_models_comparison.html

    HTH

    Andrew.

  • Version 7.0 of the PIX and ASA 5500

    Hi all

    Is ASA 5500 series identical a PIX 515 or 525 or 535 with version 7.0... I still see some areas where it confused between version 7.0 of the PIX and ASA 5500 series... If not, what are the benefits of ASA 5500 on the PIX 7.0?

    ASA is not the same as PIX, ASA is different hardware architecture. Although both can run the same code. One of the benefits of the SAA is that you can have an IPS module in it to make the prevention of intrusions.

    Search for comprarison on CCO.

  • Upgrade path 5500 series ASA-SSM-10

    Can anyone provide the proper for the 5500 series ASA-SSM-10 upgrade path of

    6.0 (5) E2

    TO

    7.1 (10) E4

    The release notes state that you must run just least 6,0000 e4 could so I just spend 6,0000 E4 5,0000 E2 then directly to 7.1 (10) E4?

    Also, the SSM-10 is able to effectively run the 7.1 (10) E4?

    Hello

    Yes, you can directly upgrade 6.0.5E2 to 6.0.6 E4 and then directly to version 7.1. (10) E4. After the upgrade for the latter, you might even go to latest available patch as well.

    -Yes, SSM1 - is able to effectively execute the 7.1.0E4.

    Kind regards

    Akshay Rouanet

Maybe you are looking for