Update to 7.2 ASA5510

ASDM Version: 7.1 (2)

ASA Version: 5.1 (2)

I have three questions that I was not able to get solid answers for and I was hoping that the experienced here could offer help:

1. What is the safest way to upgrade an ASA 5510 to 7.2. For example, saving config to file, new upgrade/boot image, copy config running back? Please provide a procedure proven because I saw no any exact procedure in one of the books I have CISCO. What are the pitfalls?

2. when monitoring of the Properties tab (after control by clicking-> real estate in ASDM GUI) via a VPN, at the bottom of the screen, it says "communicating with device for recent monitoring data. However, the progress bar is never above 72%, then a warning not to get a response from ASDM in 60 seconds-error. Why is this?

3. None of the books that I discuss the configuration for the dns in the config file keyword, for example, in my config I have:

DNS lookup dmain inside

DNS server-group DefaultDNS

name server xxx.xxx.xxx.xxx

name - serveur.yyy

That the device of the SAA actually uses this information for? Customers questioning not the router for DNS information, so how is it used?

Support any with any of these questions would be appreciated.

The following document link will guide you to your first question,

http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008067e9f9.shtml

For the 2nd question - probably, the error is due to timeout problems.

For the 3rd issue, refernce command will give you the idea.

http://www.Cisco.com/en/us/products/ps6120/products_command_reference_chapter09186a008063f12e.html#wp1777563

Tags: Cisco Security

Similar Questions

ASA5510 software update

Hi all

I don't have much information about ASA but now I want to learn as much as possible as I can.

I have an ASA5510 on which I can practice... but first, I have to do the up-gradation of 7.0 software (6) 8.2 (5)

need a document to

Yes, you can do it.

Copy the image to the internal flash memory card (disk0 :) and change (or add) a ' system boot disk0: /'command in config'. ") Write mem"and"reload"and watch it start (console will you show the auto test market and, in case of problem, give you an indicator of the problem).

You must also copy an update of ASDM image and set it as the image to be used in the config. The last ASDM (7.1 (6)) is recommended and compatible with ASA 8.2 (5)

ASA5510 CSC Bundle blocking updates Microsoft and Symantec

After a few days of operation, noticed that my automatic updates, Microsoft and Symantec had no place. I added the IP address of the respective servers to my ACL containing the global pop3, smtp, ftp, and http to not match IP to those before the pop3, etc... Then, I ran my liveupdate and handled everything very well. When I look at the logs for the SAA, I notice that it treats the file from Symantec as spyware and shows it as a damaged zip file not scanned. I'm not blocking any type of downloadable file. If it's a problem of URL filtering, I would simply add symantec as authorized site. But since it is seen as spyware, there is no management for this except to turn on or off. Any ideas or insight? Running the latest code of any which is downloadable and CSC is also updated to def just fine.

It looks like bug for me, check the bug id:CSCse67660. Try the "delayed scan" on the SCC module

Analysis of traffic do not work after update v6.7

Hi all

I got SFlow installation on a Force10 S50 and Netflow on a Cisco ASA5510 facility and has been successfully collecting data for both devices. Friday morning around 12 h 40, Foglight updated itself to the version 6.7.24321 and since then I have not received the data stream of each device and traffic analysis tab no longer appears on each object. I rebooted the Foglight Server, checked the Windows Firewall settings and verified that the configuration of the flow on the network devices have not changed, but nothing has solved the problem. I tried the reactivation of analysis of traffic on the two aircraft in Foglight but still not received the data stream.

Anyone else who upgraded to v6.7 has similar problems?

Thank you!

Dave

We found that our DB server was running out of space, that's what caused the problem. Once we have added that his works once again more space.

Question about IPS signature updates.

I installed ASA5510 (with AIP10) on our customer site. But I can't find out how to upgrade the IPS signature. Automatic update is possible? i.e. through CCE id.

Our client is not MC IDS. What should we do? Let me know, please.

Without MC there are no automatic updates directly from CEC. However, you can configure a local server (SSH or FTP) and copy packages to update signature for this EAC server. Then, you can run a manual upgrade of IDM (https://1.2.3.4) or the CLI (session in the ASA SSM card) or set up a schedule of automatic upgrade that will modernize the sensor on the local server periodically. To configure the auto updates, IDM would be the easiest to use. If you want to do a manual upgrade here is an example for the CLI:

session # 1

# conf t

# ssh host 1.2.3.4

# upgrade scp:[email protected]/ * ///home/user/upgrades/ IPS-sig-S192-minreq-5.0-1.pkg

Question about ASA5510 with AIP10

I installed ASA5510-AIP10 with on our customer site. But I have 2 problems.

First of all, I don't see no giga0/1(backplane interface) AIP10 traffic.

Can I configure ASA5510 configuration? I already configured configuration associated AIP10 group virtual sensor and interface of remote sensing. Unfortunately, I can not all traffic.

When I entered 'show int gi0/1' 10 AIP, it displays a number of the traffic count is zero.

Secondly, AIP10 cannot do update of signature on automatic ftp server. When I inspected the package through tool Ethereal, disconnected AIP10 Server ftp after ftp 'LIST' command session is submitted to the ftp server. Maybe, I think that AIP10 didn't present 'Get sig.pkg' after her present "LIST".

What should I do? Is - this hardware problem of the AIP? I would like to know about the above.

Kind regards

Get monitored traffic requires two configuration on the ASA and the SSM.

It seems that you have completed the configuration of DFS.

Now you need the corresponding configuration of ASA.

http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids11/cliguide/clissm.htm#wp1033926

This is more easily by adding the lines of configuration "ips" in your policy map existing on the SAA itself.

Once the ASA is configured, then the package counts on gig0/1 interface of the MSS should begin to increase.

With regard to the problems of FTP server with automatic upgrade:

The first thing to do is use the command 'upgrade' to the CLI to do a manual upgrade from the FTP server. This will ensure the name of user and password and directory settings are all correct for what you're trying.

Once the manual works, then use the same settings for the automatic update.

If the automatic update does not work, then check that this directory Unix style listing is used. The automatic update does not work when the style of the output of the Windows directory list is used. It is usually configurable on most Windows FTP servers.

Also check out the "events to see the" while the sensor is to check the ftp server. The sensor will report on its findings. If he says that no updates have been found, check that you have a new update on the ftp server and ALSO make sure that the updated name is exactly as it appears on the ORC. Some users have inadvertently changed the name or the ftp client changed file names. The biggest problems we have seen is that capital letters are made lowercase.

Software update ASA

Hi all

I have an ASA5510 with version 9.2, but due to the vulnerability of IKE CVE-2016-1287, I have to ask.

An update is really necessary?

I have not any ralated VPN configuration, am I still vulnerable?

Thanks for your replies.

If you have not configured on the SAA crypto card, you are not affected.

You can check this by running the command:
See the crypto run map

If you do not have card crypto maps to interface then you are not affected.

Ref:
https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...

Kind regards
Dinesh Moudgil

PS Please rate helpful messages.

Get a Smartnet contract also gives you updated signature IDS/IPS?

One of my clients is looking into getting an ASA5510 with module AIP - SSM. I realize that with IDS/IPS systems, it is * essential * to keep files up-to-date signatures. Buying me the Smartnet contract for the bundle gives updates signature files, or is there another package that I need to buy?

I see references to the "Cisco Services for IPS", but this seems to be mainly for routers/IOS firewall/IDS packages.

There is not a Smartnet contract for the ASA/AIP-SSM bundle.

The only contract SmartNET SSM packages with the CSC - SSM and not the AIP - SSM.

When buying a bundle ASA/AIP-SSM, you'll need to buy a package maintenance contract. Package maintenance contracts are Cisco Service for the IPS markets and include the support of signature for the AIP - SSM and the software and hardware in support of ASA and AIP - SSM (software and hardware support, is what it is normally part of SmartNET).

Packages you will need to purchase a maintenance contract Service Cisco IPS using one of the formats following part numbers:

CON-SUw-ASxAyKz

The 'w' will be 1,2,3 or 4 depending on the level of service.

The 'x' will be either 1 for the 5510, 2 for the 5520 or 4 for the 5540.

'Y' will be 10 for the AIP-SSM-10 or 20 for the AIP-SSM-20.

The z will be 8 or 9 depending on the level of encryption.

Thus, for example:

CON-SU2-AS2A20K9 - would be 8 X 5 X 4 support for the ASA 5520 bundled with the AIP-SSM-20 with the top encryption.

NOTE: There is also SP contracts for purchase by service providers who follow a slightly different format.

There are a few users who have purchased the ASA and the AIP - SSM separately.

When purcahsed separately you would need to purchase a contract SmartNET for the ASA and a separate Department of Cisco for IPS for the AIP - SSM maintenance contract.

Maintenane AIP - SSM contract will be in the following format:

CON-SUw-ASIPyK9

The 'w' will be 1,2,3 or 4 depending on the level of service.

'Y' will be 10 for the AIP-SSM-10 or 20 for the AIP-SSM-20.

Thus, for example:

CON-SU2-ASIP20K9 would be 8 X 5 X 4 support for the AIP-SSM-20.

What you find is that buying a separate SmartNET for the ASA and Service Cisco IPS for the AIP - SSM will be more expensive than buying a single Cisco IPS's Service to the ASA/AIP-SSM bundle. This is because there is a discount when buying by the beam.

Update image ASA

Need to improve my image of Cisco ASA 5510 of asa821 - k8.bin to asa903 - k8.bin with the following license. Do I have to purchase a new license with upgrade of the image?

#sh version

Cisco Adaptive Security Appliance Version 8.2 software (1)

Version 6.2 Device Manager (1)

Updated Wednesday, 5 May 09 22:45 by manufacturers

System image file is "disk0: / asa821 - k8.bin.

The configuration file to the startup was "startup-config '.

TMN-5510 294 days 2 hours

Material: ASA5510, 256 MB of RAM, processor Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256 MB

BIOS Flash M50FW080 @ 0xffe00000, 1024 KB

Hardware encryption device: edge Cisco ASA - 55 x 0 Accelerator (revision 0 x 0)

Start firmware: CN1000-MC-BOOT - 2.00

SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03

Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.04

0: Ext: Ethernet0/0: the address is *.

1: Ext: Ethernet0/1: address is *.

2: Ext: Ethernet0/2: address is *.

3: Ext: Ethernet0/3: address is *.

4: Ext: Management0/0: address *.

5: Int: internal-Data0/0: the address is *.

6: Int: internal-Control0/0: the address is *.

The devices allowed for this platform:

The maximum physical Interfaces: unlimited

VLAN maximum: 100

Internal hosts: unlimited

Failover: Active/active

VPN - A: enabled

VPN-3DES-AES: enabled

Security contexts: 2

GTP/GPRS: disabled

SSL VPN peers: 2

The VPN peers total: 250

Sharing license: disabled

AnyConnect for Mobile: disabled

AnyConnect for Linksys phone: disabled

AnyConnect Essentials: disabled

Assessment of Advanced endpoint: disabled

Proxy sessions for the UC phone: 2

Total number of Sessions of Proxy UC: 2

Botnet traffic filter: disabled

This platform includes an ASA 5510 Security Plus license.

Series number:

Running Activation Key: ****************************************************************************

Registry configuration is 0x1

Last modified by enable_15 to the configuration 22:29:35.255 * Friday, April 4, 2014

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Need help

> Do I need to purchase a new license with upgrade of the image?

NO.

But check the:

1)

https://supportforums.Cisco.com/document/48646/ASA-83-upgrade-what-you-n...

(2) to migrate the configuration of 8.21 to 9.03 asking TAC cisco help

ASA5510 requirement of flash internal IOS 8.2 (5) upgrade

Currently, my ASA5510 has a 64 MB internal flash. The ASA requires a flash of ability for a 7.2 IOS update (x) to 8.2 (x)? The Release Notes for Cisco does not say any condition of flash internal, but I just wanted to double check.

Hello

It seems to me that the 8.2 (5) takes approximately 15MB of space. ASA 7.2 (5) is about 8 MB if I'm not mistaken. ASDM for 7.2 IOS seems to be about 6 MB. So I guess that the IOS/ASDM images alone at least would not prevent you from getting the new IOS to Flash as there should be plenty of space. To my knowledge, there is no requirement related to Flash other than in the general sense that you shouldn't keep it in a situation where its almost full.

What your situation on the Flash at the moment? How much space do you have? You have additional pictures on the Flash, which can be removed safely?

Personally, I try to keep current on the Flash IOS at least until you have confirmed that everything is ok with the new.

If you want you could list 'show version' and ' dir flash: "exit here to see your situation.

I got the habit so to have enough memory Flash on new models that I almost forgot the time with the old models PIX where you had 16MB Flash and you had essentially remove the ASDM image whenever you want to update the IOS

Fundamental way was then to
- Remove the existing ASDM
- Load the new IOS to Flash
- Firewall update and confirm normal operation
- Delete the old IOS of Flash
- Download previous or new ASDM software to Flash
I had never get addiotional Flash memory so far when I've updated ASAs.

-Jouni

Since update 10.0.2 at 6s "trash all ' in the Inbox.

Since I did the update (10.0.2) I can no longer just "trash all ' mail inbox (Verizon). Because I get emails 300 + a day, I need to be able to empty my Inbox easily without deleting all of them individually. It is very irritating and time consuming.

Anyway around this? Thank you...

sharikay wrote:

Anyway around this? Thank you...

Not at the moment. Tell Apple you want to come back.

http://www.Apple.com/feedback/iPhone.html

Uninstall software update Apple says error in seller contact package package unstaller

Try to get itunes working to make a backup of my faulty iphone before repair.

First-itunes does not start says error. I'm trying to fix it, who said success but same error when you try to start it.

Then uninstall completely worked. Then reinstall that seemed to be over except for a message "an older version of Apple software update already exists" then he went down and install itunes apparently had not been completed.

Then I try to remove the update from the apple software and executed by an error in the installation program - it says there is an error in the installation and contact the supplier of the installation package. Same error if I run the uninstall command line program.

Try to repair the Apple Software Update of programs & features Control Panel and then try to update iTunes again.

For general advice, see troubleshooting problems with iTunes for Windows updates.

The steps described in the second case are a guide to remove everything related to iTunes and then rebuild what is often a good starting point, unless the symptoms indicate a more specific approach.

Review the other boxes and other support documents list to the bottom of the page, in case one of them applies.

The more information box has direct links with the current and recent if you have problems to download, must revert to an older version or want to try the version of iTunes for Windows (64-bit - for older video cards) as a workaround for problems with installation or operation, or compatibility with third-party software.

Backups of your library and device should be affected by these measures but there are links to backup and recovery advice there.

TT2

Since the update for Sierra, contacts do not appear in Messages - just phone numbers.

Since the update for Sierra, Messages no longer displays Contact names - only phone numbers. No instructions on how to remedy this. Ideas?

Hello

Go into the Contacts application and ensure that it uses the same account synchronization like the iPhone and other devices you may be using.

Also check the part of the accounts of the Contacts application preferences and make sure that it's only using one account.

21:34 on Friday. 7 October 2016

 iMac 2.5 Ghz i5 2011 (El Capitan)
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro (Snow Leopard 10.6.8) 2 GB
 Mac OS X (10.6.8).
 iPhone and iPad (2)

Problem after update 10.0.2 iOS iPhone touchscreen

After I have updated to iOS 10.0.2, I noticed a problem with the touch screen. Using the position of the image on the right side, near the corner, the toushscreen does not work.
For example: when you use the keyboard, I can't type the letter 'P', have trouble typing BACKSPACE. Using the Contacts app, I can't scroll through using the alphabet bar.

Do what idea of the problem?

Kind regards!

Hi fabriciorela,

Thanks for the upgrade to iOS 10! I understand that the right of your screen is unresponsive to the touch. You can try the steps in this link to fix the problem. If the screen of your iPhone, iPad or iPod touch does not respond to touch

If it does not help the problem, try to restore the device to factory settings. I would like to backup your important data first.

The backup of your iPhone, iPad and iPod touch

Use iTunes on your Mac or PC to restore your iPhone, iPad or iPod to factory settings

Please use the Apple Support communities to post your question. Let us know how it turns out. Have a great day.

USB disabled after the update of the Sierra (a short circuit and a work)

Hi, when I bought my mbp 13 inches mid2012 (used, not new) I noticed that a USB port did not work. In the Yosemite sometimes I noticed that a USB port consumed too much energy and have been disabled. (I think because the usb port has been short-circuited. Year when it was time to update the mbp to El Capitan I had a few panic the kernel and the newspaper was shown as the last driver loaded the USB driver, so I kept the mbp with Yosemite. A few days ago, I updated for Sierra but only usb which used to work stopped working. It has enabled and turned on but Finder and disk utility does not see the drive. In an Apple dealer they said that could be established relationships with some oxide and next week will take it and see what the problem is.

If there is someone with the same problems, please tell me what to do! I don't want to put in the trash my mac just for a flash drive... but I need!

Hi Supermene,

Thank you for using communities of Apple Support. Based on what you said, it appears as a USB device is not recognized in one of the USB ports. There are a few things that can cause this. I recommend you read these articles, which may be able to help solve the problem.
macOS Sierra: If a USB device does not work

Reset the management system (SCM) controller on your Mac.

See you soon.

Update to 7.2 ASA5510

Similar Questions

Maybe you are looking for