ASA K8 to K9 upgrade

How I upgrade the ASA software from the 8.04-K8.bin to get the 8.04-K9.bin ?
Do I need to download the file ?

there is no seperate image. just verify that 3des/aes are enabled (show version).
If not, you can apply for the free license to enable them.

Similar Messages

  • ASA 5520 Software & Firmware Upgrades

    Is there a way to update the firmware / microcode on the ASA or SSM? I am planning on upgrading the ASA version from 7.2(2) to 8.0(4) and was wondering how, if at all, the firmware was ever upgraded too. The output from 'sh module' is below.
    ASA# sh module
    Mod Card Type Model Serial No.
    0 ASA 5520 Adaptive Security Appliance ASA5520-K8 JMX1044K1S9
    1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAF10370340
    Mod MAC Address Range Hw Version Fw Version Sw Version
    0 0018.19eb.ba7d to 0018.19eb.ba81 1.1 1.0(11)2 7.2(2)
    1 000a.b89c.d12c to 000a.b89c.d12c 1.0 1.0(11)2 6.0(1)E1
    Mod SSM Application Name Status SSM Application Version
    1 IPS Up 6.0(1)E1
    Mod Status Data Plane Status Compatibility
    0 Up Sys Not Applicable
    1 Up Up
    ASA#
    Thanks,
    Timothy

    I would not recommend upgrading - search the posts for 8.0(4) - you will find alot of people have had issues.
    If there is no specific reason for the upgrade i.e feature enhancments, I suggest you stay on 7.2(2)

  • ASA SSM IPS module upgrade won't work

    Hello all,
    I'm trying to upgrade the IPS sig's on an ASA5520 with a SSM IPS module. I'm trying to upgrade the system to 5.1.1 to further upgrade the device with no luck.
    I followed these steps provided by Cisco.com:
    1. Log in to the ASA.
    2. Enter enable mode:
    asa# enable
    3. Configure the recovery settings for ASA-SSM:
    asa (enable)# hw-module module 1 recover configure
    NOTE: If you make an error in the recovery configuration, use the
    hw-module module 1 recover stop command to stop the system reimaging
    and then you can correct the configuration.
    4. Specify the TFTP URL for the system image:
    Image URL [tftp://0.0.0.0/]:
    Example:
    Image URL [tftp://0.0.0.0/]: tftp://10.20.30.40/IPS-SSM-K9-sys-1.1-a-5.1-1.img
    5. Specify the command and control interface of ASA-SSM:
    Port IP Address [0.0.0.0]:
    Example:
    Port IP Address [0.0.0.0]: 11.21.31.41
    6. Leave the VLAN ID at 0.
    VLAN ID [0]:
    7. Specify the default gateway of the ASA-SSM:
    Gateway IP Address [0.0.0.0]:
    Example:
    Gateway IP Address [0.0.0.0]: 11.22.33.44
    8. Execute the recovery:
    asa# hw-module module 1 recover boot
    9. Periodically check the recovery until it is complete.
    NOTE: The status reads "Recovery" during recovery and reads "Up" when
    reimaging is complete.
    AFter #8 it just goes back to the enable prompt. A 'sh module' lists the device as 'recover' and hangs FOREVER.... I tested the TFTP server which the new image resides on, and the TFTP is working fine. I don't see any attempts or downloads from the TFTP server for over an hour.
    I opened a Ciscop TAC on this and not receiving alot of help...
    Please help!!!:)
    Thanks
    Chris Serafin
    [email protected]

    The recovery using this method can takes upwards of 30 minutes, and in some cases even longer.
    How long have you left the SSM in the "recovery" state?
    There may be something wrong in the config you entered. when that happens the SSM can go into a continuous reboot cycle trying to do the recovery.
    Execute "debug module-boot" on the console of the ASA.
    The debug output will show you the ROMMON output of the SSM itself. (The SSM has it's own ROMMON. The recovery boot command sends the settings made during the recover configure command to the SSM's ROMMON).
    If the ROMMON is experiencing a problem in trying to download the tftp image you should now see that ROMMON error message.
    Some typical problems I have seen:
    1) Wrong IP given for the sensor.
    2) Wrong IP given for the gateway (the gateway must exist on the same network as the sensor) this problem usually happens when using a non-standard netmasked network.
    3) Not having the sensor's command and control port plugged into the right network. The external port of the SSM itself is where the IP is being applied. You need to ensure that the extenral port of the SSM is plugged into the right network for that IP.
    4) The tftp server is not reachable from the network where the sensor's command and control port is attached. Some users think that if the ASA itself can reach the tftp server that the SSM will also be able to. This is not always the case. It is best to use a tftp server on the same network as the IP provided to the SSM. Or to test the tftp server from another machine on the same network as the SSM.
    5) The file name is wrong. Check the captialization especially.
    6) The file is not in the default directory on the tftp server. If the file is in a subdirectory you will need to add that subdirectory to the URL:
    tftp://10.20.30.40/subdirectoryname/filename
    7) The tftp is timing out.
    There are 2 things that can cause this:
    a) The tftp server is remote, and it takes too long to download the file. The ROMMON does have limits on the number of retries and per packet timeouts (but they are not user configurable). Try using a tftp server local to the SSM.
    b) The switch that the SSM connects to has spanning-tree running and spanning-tree does not complete before the SSM ROMMON times out for the tftp attempt. The tftp attempt happens immediately upon ROMMON startup and link up. But with a switch the switch port may be in a "Listen" or "Learn" state for 40 seconds before the box can actually talk on the network. In some cases the tftp download attempts started as soon as link up, and may timeout even before the spanning-tree completes. To work around this configure "spanning-tree portfast" on the switchport. Spanning-tree will connect the port into the vlan immediately rather than 40 seconds later.
    If it was a config problem when configuring the recovery settings, then there is a "recover stop" command on the ASA.
    It will stop the reboot cycle from happening.
    Let the module come up with the old image.
    Then correct your "recover configure" settings, and try the "recover boot" again.
    Another alternative:
    Stop the recovery "recover stop"
    Let it boot into the old image.
    If it was a 5.0 version, then you can actually upgrade to 5.1 using the sensor's own CLI "upgrade" command. It is actually the preferred method.
    The "recover" from the ASA will wipe the box clean and load a fresh image.
    The "upgrade" from the sensor will convert your 5.0 config into a 5.1 config while installing 5.1.
    5.1 upgrade file:
    IPS-K9-min-5.1-1g.pkg
    http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
    It can be applied through the sensor's CLI upgrade command, or pushed directly through IDM, or applied by CSM.
    The "recover" should be limited to disaster recovery. When you can't access the SSM at all, or the files on the SSM have been corrupted.
    For normal upgrades you want to use "upgrade" files done through the sensor itelf (CLI, IDM, or CSM).

  • Cisco ASA non zero downtime upgrade

    Hello,
    with a NON zero downtime procedure upgrade all connections are lost, even nat and arp table ? here, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ha_overview.html#wp1078922, on Table 61-2 State Information I think it is only for plain failover but not for upgrade with a non zero downtime upgrade procedure.

    Assuming you have a working HA pair with stateful failover, the Cisco supported answer is that you cannot skip minor releases (i.e. going from 9.1 directly to 9.3).
    You CAN upgrade directly from 9.1(2) to 9.1(5) as that third ordinal (the number in parentheses) is known as the maintenance release level.
    See table 1-6 in the Release notes for confirmation, excerpted here:
    "You can upgrade from any maintenance release to any other maintenance release within a minor release.
    For example, you can upgrade from 8.4(1) to 8.4(6) without first installing the maintenance releases in between."
    Note that 9.1(3) or later have some restrictions that are unique to those more recent code levels as some file system changes were put in place that requires certain prerequisites for a successful upgrade. Given that you are on 9.1(2) already that doesn't affect you in this case but it may be a consideration for other readers. Those requirements are noted just above Table 1-6 in those release notes.

  • ASA 5520 Upgrade From 8.2 to 9.1

    To All Pro's Out There,
    I have 2 x ASA 5520 in Active/Standby state (Routed, Single context) running 8.2(3) image. They are working great and everybody is happy. Now it's time for us to upgrade to the latest and greatest version: 9.1 and as you know there are some architectural changes Cisco made to NAT statements and Access Lists. As one can tell, we have a monster environment in terms of NAT statements and access list that are currently configured on the appliances.
    In order to make the upgrade process "less" painful, I was able to find a loaner ASA 5520 device so I can practice the upgrade process offline and if needed, I use it in production (in conjunction with existing Primary and Secondary devices) should it be helpful. I currently don't have any plans on how to move forward with these 3 devices and put together an smooth upgrade. I am asking advice from experts that perhaps have done this in the past and know some Do's and Don’ts and can provide me some options toward getting best result: Minimum downtime and Smooth upgrade.
    I appreciate all the help in advance.

    Hi,
    My personal approach from the start has been to learn the new NAT configuration format on the ASA CLI and manually convert the configurations for the new ASA software. I am under the impression that the automatic conversion that the ASA does by rebooting straight into a new software level causes quite a lot of configurations and they arent really optimal.
    In your case it seems that you have a pretty much better situation than most people that dont have the chance to use a test device to test out the setup before actually putting it in production.
    What you can basically do is
    Insert the 8.2 configuration to the test ASA and boot it straight to the higher software levels and see what the conversion has done to the ASA configurations.
    You can use "packet-tracer" command to test if correct NAT rules are still hit after the conversion
    So far I have been lucky in the sense that most of the upgrades I have done have involved new hardware which has basically let me configure everything ready and just switch devices for the customer. So far everything has went really well and there has been only a 1-2 mistakes in NAT configurations because of misstyping some IP address or interface name which basically resulted from a lot of copy/paste when building the configurations. And these couple of mistakes have been from around 150 firewall migrations (of which most from FWSM Security Context to a ASA Security Context)
    If you have time to put into this then I would suggest you try to learn the new NAT format and write your NAT configurations yourself. Converting the existing configurations should essentially give you the tools to then maintain that firewall configuration easily in the future and apply that knowledge elsewhere.
    If you want to read a bit about the new NAT configuration format then I would suggest having a look at the NAT 8.3+ document I made:
    https://supportforums.cisco.com/docs/DOC-31116
    My personal approach when starting to convert NAT configurations for the upgrade is
    Collect all NAT configurations from the current ASA including any ACLs associated with the Policy type NATs and NAT0 configurations
    Divide NAT configurations based on type   
    Dynamic NAT/PAT
    Static NAT
    Static PAT
    NAT0
    All Policy Dynamic/Static NAT/PAT
    Learn the basic configuration format for each type of NAT configuration
    Start by converting the easiest NAT configurations   
    Dynamic NAT/PAT
    Static NAT/PAT
    Next convert the NAT0 configurations
    And finally go through the Policy NAT/PAT configurations
    Finally go through the interface ACLs and change them to use the real IP address as the destination in all cases since the NAT IP address is not used anymore. In most common screnarios this basically usually only involves modifying the "outside" interfaces ACL but depending if the customer has some other links to external resourses then its highly likely that same type of ACL changes are required on those interfaces also.
    The most important thing is to understand how the NAT is currently working and then configure the new NAT configuration to match that. Again, the "packet-tracer" command is a great tool to confirm that everything is working as expected.
    One very important thing to notice also is that you might have a very large number of Identity NAT configurations between your local networks interfaces of the ASA.
    For example
    static (inside,dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
    In the new software you can pretty much leave all of these out. If you dont need to perform NAT between your local interfaces then you simply leave out all NAT configurations.
    Naturally you can also use these forums to ask help with NAT configuration conversions. Even though its a very common topic, I dont personally mind helping out with those.
    So to summarize
    Try out the ASAs automatic configuration conversion when simply booting to new software levels on the test ASA you have
    Learn the new NAT configuration format
    Ask for help here on CSC about NAT configuration formats and help with converting old to new configurations.
    Personally if I was looking at a samekind of upgrade (which I will probably be looking at again soon) I would personally do the following
    Convert the configurations manually
    Lab/test the configurations on an test ASA
    During Failover pairs upgrade I would remove the Standby device from network, erase its configurations, reboot it to new software, insert manually written configurations.
    Put the upgraded ASA to the device rack and have cables ready connected to the customer devices if possible (or use existing ones)
    Disconnect currently active ASA running 8.2 and connect the new ASA to the network while clearing ARP on the connected routers to avoid any problems with traffic forwarding.
    Test connectivity and monitor ASAs connection and xlate tables to confirm everything is working
    Will add more later if anything comes to mind as its getting quite late here
    Hope this helps
    - Jouni

  • After upgrading from ASA 8.2 to 9.1(2) not able to get web site

    Dears,
    ASA Version has been upgraded from 8.2 to 9.1(2). Since then, website is not accessible from outside.
    Diagnosis:
    Many web sites are deployed behind the ASA. When anyone accesses website from outside, the following error is reported: The page cannot be displayed. No issues have been reported with any other websites.
    In the ASA, two different public subnets are in use in order to allow accessing the website from the public domain. No issues have been reported so far with the first subnet. The website is mapped to a public address in the second subnet. When the website is mapped to an IP address in the working subnet, the website is accessible from outside. As a workaround, this is applied and the website is up and running.
    As the website is working fine with the second subnet, NAT and ACL configuration is fine. We have turned on logging in the ASDM, but no traffic was observed on the ASA for the non-working subnet. On the other hand, the traffic was noticed on the ASDM for the working subnet.
    The working subnet is XX.YY.XX.X
    Non working subnet is XX.YY.YY.X
    The outside interface ip is XX.YY.XX.X (Working Subnet)
    Tried to assign one ip address to the PC from non working subnet and connected to the Switch , its pinging from outside

    Hi
    Have you tried using packet tracer?

  • Upgrade IPS moudle on ASA to 6.0.3

    I upgraded the ips module ASA-SSM-20 on the ASA from 5.x to 6.0.3 lately. The ASA are setup as active/standby. i upgraded both modules successfully on each ASA. After the upgrade, i notice the ASA failover to the other partner about 10 times for the past day, particularly when traffic was high. Before the upgrade, i don't have this problem. Anyone run into this problem before, and any idea? thanks.

    Hi, I have the same problem by one our customer. I would like to compare my and your sw versions? We are using Cisco ASA ver 7.0.7GD, I tested it also on versions 7.2.2 and 7.2.3 the result is the same! Do you use also the IPS Firmware version: 1.0(11)2, Software version: 6.0(3)E1? Please could you write out from configuration "show failover state", do you see there also in the field "Last Failure Reason" = IPS Card Failure in both unit? I thing there should be some problem with the new IPS software! If you wish contact me!
    Best regards
    Jakub Chytracek
    [email protected]

  • Multiple Vulnerabilities in Cisco ASA Software Upgrade

    Hello,
    Has anyone upgraded their ASA's IOS to the recommended version as mentioned in this link -->
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa?
    I have upgrade my 8.2 & 8.6 softwares to the new release versions (as recommended by Cisco), but whenever I use the reload command, my I get the following error:
    *** --- START GRACEFUL SHUTDOWN ---
    Shutting down isakmp
    Shutting down webvpn
    Shutting down sw-module
    Shutting down File system
    *** --- SHUTDOWN NOW ---
    Write failed: Broken pipe
    Any ideas  as to why this is happening and any suggestions to answer this issue?
    Thanks,
    Arun

    We will need to investigate this further.
    Allow me sometime or if it is urgent please open a TAC case.
    Mike

  • ASA firmware upgrade from console - tftp error

    Have an asa 5510, trying to upgrade the firmware via console.
    I have a tftp program installed on my PC but get an error running the command, any idea what I'm doing wrong?                  
    asa# copy tftp flash
    Address or name of remote host [142.xx.xx.xx]?  ------------> IP of my PC
    Source filename [asa912-k8.bin]?
    Destination filename [asa912-k8.bin]?
    Accessing tftp://142.xx.xx.xx/asa912-k8.bin...
    %Error opening tftp://142.xx.xx.xx/asa912-k8.bin (No such device)

    Hi,
    You really cant upload files through the Console connection. Its not a network connection.
    Your PC might have an IP address configured but that would be configured in its network interface card which has nothing to do with the console cable connection.
    So you will have to configure one of the ASAs network interfaces with IP address and other basic settings. Then you need to configure the PCs network interface cards settings to match the IP address/subnet configured on the ASA. Then you will have an connection between the ASA and the PC and should be able to load the software to ASA.
    For example
    interface Management0/0
    nameif management
    security-level 100
    ip address 10.10.10.1 255.255.255.0
    no shutdown
    and the configure the PC with IP address 10.10.10.100 and mask 255.255.255.0 for example and then load the software from the PCs IP address of 10.10.10.100.
    - Jouni

  • ASA 5505 Failed to unzip the Anyconenct Package

    There is ASA 5505:
    - 8.4(2) IOS
    - FLASH: 128 Mb
    - DRAM: 256 Mb
    Requirements for 8.4(2) are acomplished:
    For the ASA 5505, only the Unlimited Hosts license and the Security Plus license with failover enabled require 512 MB; other licenses can use 256 MB.
    Are installed latest AnyConnect packeges for linux, some smatphones (each 4-5 MB). But for Windoes it's 21 MB and we got error "Failed to unzip the Anyconenct Package". In prior IOS version there was command cache-fs limit, by default it was 20 Mb. As i understand ASA now dinamically determines amount of cache memory and it's not enough.
    Because of the increased size of the AnyConnect package from 4MB in AnyConnect 2.5 to 21 MB in AnyConnect 3.0, you may need to upgrade the ASA flash and memory card first.
    If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory) you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package files, the ASA could run out of cache memory when it unzips and loads the client images.
    So there is a question, after DRAM upgrade to 512 MB will be there enough cache memory for Anyconnect packeges with total size 35-40 Mb?

    I have having the same issue on an ASA-5510 with 256MB DRAM 256MB Flash.  I do not have this issue on an ASA-5550 with 4GB DRAM 256MB Flash, so I'm guessing the issue is with the memory size.
    Also, from:  http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html
    Flash and DRAM Requirements for Upgrade
    Check for the space available before proceeding with the AnyConnect 3.0 upgrade. You can use one of the following methods to do so:
    •CLI—Enter the show memory command.
    asa3# show memory     
    Free memory:       304701712 bytes (57%)
    Used memory:       232169200 bytes (43%)
    Total memory:      536870912 bytes (100%)
    •ASDM—Choose Tools > File Management. The File Management window displays flash space.
    Because of the increased size of the AnyConnect package from 4MB in AnyConnect 2.5 to 21 MB in AnyConnect 3.0, you may need to upgrade the ASA flash and memory card first.
    Caution The minimum flash memory required is 128MB for an ASA 5505; however, we strongly recommend 256 or preferably 512 MB. To support multiple endpoint operating systems and enable logging and debugging on the ASA, you will most likely need 512 MB of flash memory.
    If your ASA has only the default internal flash memory size or the default DRAM size (for cache memory) you could have problems storing and loading multiple AnyConnect client packages on the ASA. Even if you have enough space on the flash to hold the package files, the ASA could run out of cache memory when it unzips and loads the client images. For internal memory requirements for each ASA model, see Memory Requirements for the Cisco ASA Adaptive Security Appliances Software Version 8.3 and Later. For additional information about the ASA memory requirements and upgrading ASA memory, see the latest release notes for the Cisco ASA 5500 series.

  • Which interface are gig on the 5510

    I have 2 asa 5510 that I upgraded to security plus license. Im suppose to have 3 10/100 and 2 10/100/1000 interfaces. which one are the gig interfaces. not of the ethernet or management can be set faster then 100Mbps

    Please find the reference below:
    http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn723.html#wp272663
    "ASA 5510 Security Plus License Allows Gigabit Ethernet for Port 0 and 1
    The ASA 5510 adaptive security appliance now has the security plus license to enable GE (Gigabit Ethernet) for port 0 and 1. If you upgrade the license from base to security plus, the capacity of the external port Ethernet0/0 and Ethernet0/1 increases from the original FE (Fast Ethernet) (100 Mbps) to GE (1000 Mbps). The interface names will remain Ethernet 0/0 and Ethernet 0/1. Use the speed command to change the speed on the interface and use the show interface command to see what speed is currently configured for each interface"

  • Logging for a specific ACL line

    Hello, I'm currently evaluating rules on ASA.
    There are some rules applied, but some of the traffic does not match those rules. I created a rule allowing everything and I need to see what traffic is hitting this especific rule on line 3.
    Example:
    access-list OUTSIDE_IN line 1 extended permit tcp 10.1.16.0 255.255.255.0 10.153.224.0 255.255.240.0 eq 88
    access-list OUTSIDE_IN line 2 extended permit udp 10.1.16.0 255.255.255.0 10.153.224.0 255.255.240.0 eq domain
    access-list OUTSIDE_IN line 3 extended permit ip 10.1.16.0 255.255.255.0 10.153.224.0 255.255.240.0 log informational
    When I enable log, I see all the traffic, not the only one I wanted. There's a way to see only traffic coming on line 3?
    Regards

    Hi Marcos,
    You see all traffic because for lines for which no "log" keyword at ACL line end is added, it will still be logged, see:
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa81/command/ref/refgd/a1.html#wp1564948
    ... If you enter the log keyword without any arguments, you enable system log message 106100 at the default level (6) and for the default interval (300 seconds). If you do not enter the log keyword, then the default system log message 106023 is generated...
    So what you can do is instead of "log informatioanl", put "log warnings" to log this ACL line 3 at syslog level 4 (warnings), and in addition to that decrease logging level that is visible for the method how you monitor logs, for example some of following lines (depending whether you monitor logs at syslog server, terminal, or from local buffer (show logg command):
    hostname(config)# logging trap warnings
    hostname(config)# logging enable
    hostname(config)# logging monitor warnings
    hostname(config)# terminal monitor
    hostname(config)# logging buffered warnings
    Also, before any significant changes to ASA configuration, migrations, software upgrades, etc., I always recommend testing the configuration with fw123test:
    http://www.networksea.com/fw123test/
    BR,
    Milan

  • Anyconnect 2.5.3051 Mac OS X 10.6.8 issue

    Hello Everyone,
    I have a problem with connection to ASA via anyconnect after upgrade (annyconnect).
    When I trying to connect to ASA see as below:
    [08/05/11 12:37] Checking for customization updates...
    [08/05/11 12:37] State:: Connecting
    [08/05/11 12:37] Checking for localization updates...
    [08/05/11 12:37] Establishing VPN session...
    [08/05/11 12:37] Establishing VPN - Initiating connection...
    [08/05/11 12:37] State:: Connected
    [08/05/11 12:37] Establishing VPN - Examining system...
    [08/05/11 12:37] Establishing VPN - Activating VPN adapter...
    [08/05/11 12:37] Establishing VPN - Configuring system...
    [08/05/11 12:37] Establishing VPN...
    [08/05/11 12:37] VPN session established to xxx.xxxxnet.pl.
    [08/05/11 12:38] State:: Reconnecting
    [08/05/11 12:38] Reestablishing VPN session to xxx.xxxnet.pl...
    Do You have some troubles with thees software version as above?
    Regards.
    Karol

    I found in my logs such entries..
    Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
    Aug  5 16:06:46 gooroos vpnagent[19904]: Function: OnTransportInitiateComplete File: TlsProtocol.cpp Line: 481 Invoked Function: CSocketTransport::initiateTransport Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
    Aug  5 16:06:46 gooroos vpnagent[19904]: Function: OnTunnelInitiateComplete File: CstpProtocol.cpp Line: 1007 Invoked Function: initiateTunnel Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
    Somebody know what this "Code: -31522780" mean?
    Thanks for Your help
    Regards,

  • CSM 3.3.1 OS Management Issue

    Hello everyone,
    we are trying to use CSM 3.3.1 for central IOS Update on several ASA Firewalls. But wenn we try to go to "Tools --> Device OS Management --> Software Distribution" we get the following Error. (See attached File)
    My Question is, what else besides the CSM 3.3.1 do we need to distribute software over the CSM 3.3.1?
    Thanks for any advice.
    Best regards,
    Thomas

    CSM generally has RME built into its installation under the covers. Among other things, it's relied on for the software updating (Automated Update Server or AUS feature) and is a choice at installation time. It sounds as if yours might not have been setup with that option.
    Are you are aware that CSM 3.3.1 is an end of sales version and will not support current ASA firewall software? Upgrading to ASA 8.3 or later requires you to use CSM 4.x (4.4 is the current release). Reference.

  • Hight IOS level for 5520 with 512mb of ram?

    I'm looking at the recent Cisco Advisory and it indicates moving to 8.4 to fix the issues. What would be the highest code level that I would be able to go to?
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
    Thanks

    Hi,
    Although , the recommended RAM for the ASA 8.3+ is 2 GB , I understand that this vulnerability require upgrade to ASA 8.4 + to resolve this.
    http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/product_bulletin_c25-586414.html
    For this reason , i would recommend an upgrade to the ASA 8.4.7.23 to fix this issue.
    You can also monitor the memory utilization on the ASA device after the upgrade. If it is stable , you can plan an upgrade to ASA 9.x code in future.
    You would have to contact Cisco TAC to get this interim version.
    Thanks and Regards,
    Vibhor Amrodia

Maybe you are looking for

  • Converted Outlook to iCal - All day events messed up

    I converted Outlook calendar via O2M and imported it into iCal on iMac.  The all-day events are blocking up time from 12:00am to 12:00am rather than appearing in the all-day box at the top of the day.  When I click on the event, the "Make All-Day Eve

  • Multiple URLs for different sites created on iWeb?

    When I created a second site and went to publish it, the site was given the same URL (web address) as the first site I created. Does iWeb not identify new sites with unique URLs? Essentially my question is does each MobileMe account only support a si

  • Transaction Notification. How to include table Itemgroup in code

    Hi. I need to include some code in SP_TN that must be run at changing of values in the fields of the table ItemGroup (OITB). What will be the first  stroke in TN like: 1. If @object_type = N'XXX'   - in this case I need a number of object of this tab

  • Weird Export File Quality

    In a project that I am working on, I have talent in front of a green screen and keyed an all white *.psd in the background. In project mode it looks fine but when I export to any format with high-quality settings (either preset or custom) the whole v

  • Problem in Assignment in PROJECT or WBS

    Hi, PS experts I am creating project and WBS But when I create this in assignment tab it gives default controlling area and it is greyed, I am not able to change it and it affected my entire process, whenever i carry out any transaction system is giv