ASA5510 Security Plus + Anyconnect Essentials = BASE?

Similar Messages

• ASA5510 Security plus Licence - Need Gigabit interface

  Hi,
  i am using asa 5510 version 8.2 and i want to upgrade my licence with the security plus licence because I need one interface ( eth0/1) to be in Gigabit.
  Whats the process to install this licence and can we choose on which interface will be the gigabit function or is it only on eth0/0 and eth0/1?
  Thank you

  In addition to Rudy's correct answer, the process for installing it is to use your PAK which you will receive when you purchase the license to get an activation key issued (via the self-service Cisco licensing portal or by calling the TAC and asking for licensing).
  You enter the PAK code plus your serial number and get an activation key specific to your hardware. A simple one line command then activates it. No service interruption is required to activate the license (at least not directly) but it's generally recommeded to shcedule a reload (service-affecting of course) to make sure the license stays put after cycling the firewall.
  Hope this helps. Please rate helpful answers.

• Can I traffic shape to 200Mbps on ASA5510 inculde security plus license ?

  Hello Expert,
  I have ASA5510. It's include security plus license.
  I want to traffic shape to 200Mbps. But , I checked a CCO.
  CCO said that  a shaping limit is 154400000.
  "Enables traffic shaping, where the average rate argument sets  
      the average rate of traffic in bits per second over a given fixed
      time period, between 64000 and 154400000. "
  It's mean shaping limit 154400000 ?
  Can I shape to 200Mbps ?
  regards,
  takuro.

  Takuro,
  Yes what you found is correct.
  http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s1.html#wp1451099
  you can do upto 154.40 Mbps
  -Kureli

• AnyConnect Essentials lincensing on ASA5510 in HA

  Hi guys,
  Can someone help me with info regarding licensing.
  Got 2 pairs of HA  ASAs and didn't manage to find the answer - 2(per pair) or 4(for each one) licenses are needed.
  The ASAs are in Active/Standby mode.
  Just don't want to be in position if one of the ASAs fail the Anyconnect clients to lose functionality.
  Also is reboot required after entering the licenses?
  Thank you very much in advance.
  Regards,
  Nikolay

  Starting with ASA v8.3 the ASAs in HA don't need the same licenses. So you only need one AnyConnect Essentials per Cluster. But if you are running v8.2 or lower, you need one license per ASA.
  For the activation of AnyConnect Essentials, no reboot is required.
  Sent from Cisco Technical Support iPad App

• 5505 Anyconnect essentials license clarification please

  Have a "base" 5505 with the upgrade to 50 inside hosts.
  I just added the ASA-AC-E-5505  25 Anyconnecr Essentials license key to that unit.
  The show version now shows Anyconnect Essentials enabled, but the "total VPN Peers" is still at 10.
  Do I have the ability to have 25 Anyconnect clients connect to my network? or am I limited to 10?
  I have read many threads, but just get more and more confused.
  Thanks
  DWNewman

  Hi Dennis,
  Just to add to what Naresh said, the other VPN is for IPsec VPN (Site to Site or Remote Access).
  After adding the key if you check the show version you would see something like this:
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : 25            perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Enabled        perpetual
  AnyConnect Essentials             : Enabled
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 100            perpetual
  Total UC Proxy Sessions           : 100            perpetual
  YOu can also check the same by  show vpn-sessiondb summary
  Thanks
  Jeet Kumar

• Upgradation of cisco ASA5505 IOS to Security plus license

  Hi Team,
  I do have Base license IOS (asa805-k8.bin) in my ASA5505 & i want to upgrade it to Security plus IOS.
  Can you please guide me about the same?
  Can you tell me the procedure for the same?
  Thanks & Regards
  Manish Sarolkar

  You should purchase the Security plus license through Cisco partner, and once you purchase it, you will need to obtain the activation key from [email protected] The activation key then can be entered to the ASA via the "activation-key" command as follows:
  http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a2.html#wp1623546
  Hope that helps.

• Anyconnect Essentials License

  Sorry if this question has been asked, i couldnt find an answer anywhere.
  I have an ASA5520 with Anyconnect Essentials enabled, I want to replace this FW with an ASA5540 can I migrate the Anyconnect Essentials license?
  Thanks                  

  In general the license of an ASA is tied to the serial number of the ASA. This means that there is not an easy way to migrate a license from one ASA to another. In the case of an RMA there is a way that TAC can move the license.
  It might be worth asking whoever is providing the ASA5540 if they can work out anything about the license. In the case of a purchase there might be some possible concession on license provisioning. But in general when you get a new ASA you need to get a new license.
  HTH
  Rick

• Cisco Anyconnect Essentials License - what does this

  Hello Communtiy.
  I have successfully installed an ASA with Anyconnect. The Anyconnect client on my laptop works great.
  But why should i now buy an Cisco Anyconnect Essentials License, for what exact is that license ?
  Anyconnect works great without that license.
  But i cant connnect with my IPhone with the Cisco Anyconnect for Iphone app. Should i buy the Anyconnect for Mobile license, and is this license just for one device or for all devices. Because that license is really cheap. Normaly Cisco licenses are expensiv.     
  Thanks and kind regards patrick         

  If you don't have any AnyConnect Premium licenses, then you are restricted to two simultanious connections if you don't have the anyConnect Essentials license. And you are right, for i-devices (and Android and ...) you need the AnyConnect Mobile license.
  Both AnyConnect Essentials and AnyConnect Mobile are licensed per ASA and not per concurrent user/connection. And AnyConnect Mobile needs an AnyConnect Essential or an AnyConnect Preimium License to be activated.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Strange Behavior for web deployment of Anyconnect essentials

  We've got a weird problem that has popped up and we've been unable to figure out what's going on.
  We have instructed our user community to start their VPN sessions by connecting to our ASA 5520 with a browser to download (if necessary) and initiate the Anyconnect essentials VPN client.  Everything was working fine until a few days ago.
  We have had several people report the same problem.  They connect with the browser, enter their login information and are greeted with our "authorized use only" message by the ASA.  Then, instead of downloading (if necessary) and starting the VPN client software, the web page just goes back to the login prompt without displaying any error message.  The client software is never downloaded or started.
  We've been able to work around this by installing the client software manually (where necessary) and starting the VPN client from the start menu.  However, this isn't our preferred solution because this method won't have them automatically picking up updated versions of the VPN client. 
  We have seen this behavior before when there was a pending Java update that had not been applied.  However, that doesn't seem to be the case this time.  Clients have recently updated to IE9, but I have personnally been running the Anyconnect client and launching through IE9 for months.
  Any ideas about what's wrong or how to debug this?
  Thanks
  Patrick

  Hi Patrick,
  Ideally, when you have Anyconnect Essentials enabled on the ASA, you cannot get access to the Clientless VPN (Web Portal access to the internal resources) however the Web Launch of the Anyconnect client does work with it.
  I see that you have implemented this a different way (workaround) by manually installing the Anyconnect VPN clients on the machines and then trying to connect it to the ASA, which works and this means that configuration on the ASA for allowing the Anyconnect connection is correct. Now it is not allowing you to launch it from the web portal on machines which means the download access has been restricted somewhere on the ASA.
  Could you please follow these two steps and let me know if you see something different.
  1. Get access to the ASDM and follow this: Configuration>>Remote Access>>Anyconnect>>Edit the tunnel-group on which you connection is landing>>Login setting. Please check if it says go to the clientless portal or launch Anyconnect. It has to be Download Anyconnect automatically.
  2. If you are not getting the prompt for the username and password on the webportal then go to Configuration>>Remote Access>>Clientless (not sure if it is under Anyconnect or clientless, please check both) where you get option: shut down portal login on the main page. Please make sure that it is unchecked.
  In your case I see that the users are getting prompt for the username and password however when you authenticate yourself you are getting error message: authorized use only then it could be something to do with the DAP Policies (dynamic access policy).
  Go to the dynamic access policies and you will get an option named as Anyconnect (please check if the correct option is checked under the same). If multiple dap policies are configured then please check the dap policy which gets pushed when the user logs in and make changes to that specific dap policy.
  Please let me know if this help else I would request you to open a TAC request and we will look into this issue. If you find something different then please share here.
  Thanks,
  Vishnu Sharma

• Securing multiple AnyConnect connection profiles

  Hello,
  Here is our scenario. We have three (3) separate AnyConnect connection profiles each with different levels of access enforced through ACL filters. We have aliases configured for each connection profile in order for each group member to be able to choose his group when logging in to AnyConnect. Authentication is done via LDAP to one single server/domain instance on which all users have accounts. Given our scenario and without using multi factor authentication, is there any way to keep a user from logging in to a connection profile in the AnyConnect client which he shouldn't have access to?
  Thanks,
  -Mike

  Dear Marvin,
  I have a similar situation where i have diferent connection profile and group policies where i apply acl where each profile
  has access to different resources.
  My question would be. Is there any possibility to allow only specific real IP addresses to initiate VPN session to the firewall.
  regards
  Nehat

• Anyconnect Secure Mobilty Client

  Hi team,
  Now I just Purchase Identical Anyconnect License for my ACtive and Passive ASA 5540 run with the version of 8.2(5).Can you please assist,How to install the license in my firewall.I know the configuration But I need to know which one I need to install first.After installing the license, How I configure anyconnect?
  Thanks in advance for your understanding.
  Regards,
  Mohamed kabeer.S 

  Hi Kabeer,
  In Version 8.3(1) and later, failover units do not require the same  license on each unit.
  Older versions of adaptive security appliance software required that the  licenses match on each unit. Starting with Version 8.3(1), you no  longer need to install identical licenses. Typically, you buy a license  only for the primary unit; for Active/Standby failover, the secondary  unit inherits the primary license when it becomes active. If you have  licenses on both units, they combine into a single running failover  cluster license.
  In essence, if you are using 8.3 and above , just add the activation key on primary ASA and this will take care of activating anyconnect VPN on your failover pair.
  FYI:-For  the ASA 5505 and 5510 adaptive security appliances, both units require  the Security Plus license; the Base license does not support failover,  so you cannot enable failover on a standby unit that only has the Base  license.
  Regards,
  Dinesh Moudgil
  P.S. Please rate helpful posts.

• ASA5510 sla monitor does not fail back

  I've been down this path before and never got a resolution to this issue.
  ASA5510 Security Plus
  Primary ISP conn is Comcast cable
  Secondary ISP conn is fract T1
  I duplicated the SLA code from http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
  When I pull the conn from primary ISP the default route to the secondary comes up
  When I reconnect the primary the default route to the secondary does not go away.
  I must either reload the ASA or remove/readd the two default outside routes.
  Anyone have this same experience and could lend a hand?
  Are there any commands I might have in my config that break SLA?
  If so I would have hoped either the Configuration Guide or Command Reference for 8.2 would say so, but I don't see any mentioned.
  I'm working remotely with my customer so I can't play with this except on off-hours.
  ASA running 8.2(2) so as to use AnyConnect Essentials.
  Thx,
  Phil

  Pls. read and try the workaround.
  CSCtc16148    SLA monitor fails to fail back when ip verify reverse is applied
  Symptom:
  Route Tracking may fail to fail back to the primary link/route when restored.
  Conditions:
  SLA monitor must configured along with ip verify reverse path on the tracked interface.
  Workaround:
  1. Remove ip verify reverse path off of the tracked interface
  or
  2. add a static route to the SLA target out the primary tracked interface.
  [Wrap text]  [Edit this enclosure]
  Release-note: Added 09/23/2009 20:28:24 by kusankar
  [Unwrap text]  [Edit this enclosure]
  Release-note: Added 09/23/2009 20:28:24 by kusankar
  [Uwrap text]  [Edit this enclosure]
  fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforce
  fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-8.3.1.1_interim-by-cl104097&ext=&type=FILE
  fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforce
  fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850&ext=&type=FILE
  fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforce
  fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-bennu-by-cl101314&ext=&type=FILE
  fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforce
  fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-idfw-by-cl101317&ext=&type=FILE
  fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforce
  fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-logging-ng-by-cl101311&ext=&type=FILE
  fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforce
  fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-main-by-cl101300&ext=&type=FILE
  fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforce
  fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-sedona-64bit-by-cl101362&ext=&type=FILE
  fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforce
  fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-sedona-bv64-by-cl101426&ext=&type=FILE
  fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforce
  fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-sedona-main-by-cl101297&ext=&type=FILE
  fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforce
  fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-titan-8.2.2_fcs_throttle-by-cl101307&ext=&type=FILE
  fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforce
  fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-titan-bennu-by-cl101294&ext=&type=FILE
  fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforce
  [Uwrap text]  [Edit this enclosure]
  fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforce
  fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-titan-main-by-cl101282&ext=&type=FILE
  fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforce
  [Wrap Text]  [Edit this enclosure]
  fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforce
  [Uwrap text]  [Edit this enclosure]
  sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
  sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankarCan not view this .log file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=sla-mon-sh-tech&ext=log&type=FILE
  sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankarCan not view this .log file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
  [Wrap Text]  [Edit this enclosure]
  sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
  [Uwrap text]  [Edit this enclosure]
  static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforce
  static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=static-analysis-titan-main&ext=&type=FILE
  static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
  http://
  [UnWrap text]  [Edit this enclosure]
  static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforce
  [Wrap Text]  [Edit this enclosure]
  static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforce
  -KS

• Anyconnect/Webvpn different ip

  Hi,
  We have an ASA5510 with the Anyconnect Essentials license. I'm in the process of setting up Anyconnect and immediately run into a question. We have a /29 subnet setup and AFAIK i must use the outside interface address for Anyconnect. However i already have an https service PAT forward on this address. So, can i setup Anyconnect to listen on eg. the second ip in my public subnet?
  Thanks,
  Dennes
  Sent from Cisco Technical Support iPhone App

  You have to use the outside IP address for the WebVPN and anyconnect VPN. However, if you are using port 443 for another pat you can specify the webvpn to use something like 8443 instead for the webvpn using the same outside IP address for both connections. Here is an example of how to change the webvpn port.
  config t
  webvpn
  enable outside
  port 8443
  Sent from Cisco Technical Support iPad App

• ASA 5505 version 8.2 Base License - getting more anyconnect licensing

  Is it possible to increase the number of IPSec VPN peers from 10 to 25 on an ASA 5505 version 8.2 with the base license, simply by adding
  L-ASA-AC-E-5505= and not having to upgrade to the security plus license?
  ASA 5505
  Base License: 10 sessions (25 combined IPSec and SSL VPN1 ).
  Security Plus License: 25 sessions (25 combined IPSec and SSL VPN1).
  Thank You

  I tried  reloading the ASA but to no avail. The ISP cleared their ARP cache as well.While I had the ISP online and they didn't see the printers DHCP request.
  Of course this is all remote but I can see the interface state change when I have the users turn the printer off then on. When I plug the printer into the local LAN it obtains a local DHCP address and I can access it.
  So I'm thinking the printers DHCP request is being blocked at the ASA or somthing else is causing the issue. I am at a loss.

• AnyConnect 3.1 - removing Security Warning: Untrusted VPN Server Certificate!

  Hi guys,
  Is there a way to disable the warning generated from using self signed certs?
  I would like to make the process as seamless as possible.
  AnyConnect 3.1
  ASA 8.4(2)
  Thanks.

  Hi,
  We had problem with the above error message with our certificate when we moved to AnyConnect 3.1
  We were instructed to request a new one
  Also here is the link to Cisco site we were provided that explains the changes in 3.1
  IPSec and SSL connections require server  certificates to contain Key Usage attributes of Digital Signature and  Key Encipherment, as well as an Enhanced Key Usage attribute of Server  Authentication or IKE Intermediate. Note that IPSec server certificates  not containing a Key Usage are considered invalid for all Key Usages,  and similarly an IPSec server certificate not containing an Enhanced Key  Usage is considered invalid for all Enhanced Key Usages.
  Link to document
  http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp1049936
  Sadly I dont dable with certificates myself so I'm not really familiar with this.
  - Jouni