ASA5510 Security Plus + Anyconnect Essentials = BASE?
Recently upgraded a 5510 to Anyconnect Essentials and Anyconnect Mobile, the device was Security Plus and is now Base. Is it supposed to work this way? I lost my Gigabit interfaces. Is it possible to have Security Plus + Anyconnect Essentials?
I'm sure this should be OK.
I had a similar problem with an ASA 5505 that had been upgraded to Sec Plus and subsequently Anyconnect Mobile. TAC were able to sort it out very rapidly and issue the correct license file.
Similar Messages
-
ASA5510 Security plus Licence - Need Gigabit interface
Hi,
i am using asa 5510 version 8.2 and i want to upgrade my licence with the security plus licence because I need one interface ( eth0/1) to be in Gigabit.
Whats the process to install this licence and can we choose on which interface will be the gigabit function or is it only on eth0/0 and eth0/1?
Thank youIn addition to Rudy's correct answer, the process for installing it is to use your PAK which you will receive when you purchase the license to get an activation key issued (via the self-service Cisco licensing portal or by calling the TAC and asking for licensing).
You enter the PAK code plus your serial number and get an activation key specific to your hardware. A simple one line command then activates it. No service interruption is required to activate the license (at least not directly) but it's generally recommeded to shcedule a reload (service-affecting of course) to make sure the license stays put after cycling the firewall.
Hope this helps. Please rate helpful answers. -
Can I traffic shape to 200Mbps on ASA5510 inculde security plus license ?
Hello Expert,
I have ASA5510. It's include security plus license.
I want to traffic shape to 200Mbps. But , I checked a CCO.
CCO said that a shaping limit is 154400000.
"Enables traffic shaping, where the average rate argument sets
the average rate of traffic in bits per second over a given fixed
time period, between 64000 and 154400000. "
It's mean shaping limit 154400000 ?
Can I shape to 200Mbps ?
regards,
takuro.Takuro,
Yes what you found is correct.
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s1.html#wp1451099
you can do upto 154.40 Mbps
-Kureli -
AnyConnect Essentials lincensing on ASA5510 in HA
Hi guys,
Can someone help me with info regarding licensing.
Got 2 pairs of HA ASAs and didn't manage to find the answer - 2(per pair) or 4(for each one) licenses are needed.
The ASAs are in Active/Standby mode.
Just don't want to be in position if one of the ASAs fail the Anyconnect clients to lose functionality.
Also is reboot required after entering the licenses?
Thank you very much in advance.
Regards,
NikolayStarting with ASA v8.3 the ASAs in HA don't need the same licenses. So you only need one AnyConnect Essentials per Cluster. But if you are running v8.2 or lower, you need one license per ASA.
For the activation of AnyConnect Essentials, no reboot is required.
Sent from Cisco Technical Support iPad App -
5505 Anyconnect essentials license clarification please
Have a "base" 5505 with the upgrade to 50 inside hosts.
I just added the ASA-AC-E-5505 25 Anyconnecr Essentials license key to that unit.
The show version now shows Anyconnect Essentials enabled, but the "total VPN Peers" is still at 10.
Do I have the ability to have 25 Anyconnect clients connect to my network? or am I limited to 10?
I have read many threads, but just get more and more confused.
Thanks
DWNewmanHi Dennis,
Just to add to what Naresh said, the other VPN is for IPsec VPN (Site to Site or Remote Access).
After adding the key if you check the show version you would see something like this:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect Essentials : Enabled
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 100 perpetual
Total UC Proxy Sessions : 100 perpetual
YOu can also check the same by show vpn-sessiondb summary
Thanks
Jeet Kumar -
Upgradation of cisco ASA5505 IOS to Security plus license
Hi Team,
I do have Base license IOS (asa805-k8.bin) in my ASA5505 & i want to upgrade it to Security plus IOS.
Can you please guide me about the same?
Can you tell me the procedure for the same?
Thanks & Regards
Manish SarolkarYou should purchase the Security plus license through Cisco partner, and once you purchase it, you will need to obtain the activation key from [email protected] The activation key then can be entered to the ASA via the "activation-key" command as follows:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a2.html#wp1623546
Hope that helps. -
Sorry if this question has been asked, i couldnt find an answer anywhere.
I have an ASA5520 with Anyconnect Essentials enabled, I want to replace this FW with an ASA5540 can I migrate the Anyconnect Essentials license?
ThanksIn general the license of an ASA is tied to the serial number of the ASA. This means that there is not an easy way to migrate a license from one ASA to another. In the case of an RMA there is a way that TAC can move the license.
It might be worth asking whoever is providing the ASA5540 if they can work out anything about the license. In the case of a purchase there might be some possible concession on license provisioning. But in general when you get a new ASA you need to get a new license.
HTH
Rick -
Cisco Anyconnect Essentials License - what does this
Hello Communtiy.
I have successfully installed an ASA with Anyconnect. The Anyconnect client on my laptop works great.
But why should i now buy an Cisco Anyconnect Essentials License, for what exact is that license ?
Anyconnect works great without that license.
But i cant connnect with my IPhone with the Cisco Anyconnect for Iphone app. Should i buy the Anyconnect for Mobile license, and is this license just for one device or for all devices. Because that license is really cheap. Normaly Cisco licenses are expensiv.
Thanks and kind regards patrickIf you don't have any AnyConnect Premium licenses, then you are restricted to two simultanious connections if you don't have the anyConnect Essentials license. And you are right, for i-devices (and Android and ...) you need the AnyConnect Mobile license.
Both AnyConnect Essentials and AnyConnect Mobile are licensed per ASA and not per concurrent user/connection. And AnyConnect Mobile needs an AnyConnect Essential or an AnyConnect Preimium License to be activated.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Strange Behavior for web deployment of Anyconnect essentials
We've got a weird problem that has popped up and we've been unable to figure out what's going on.
We have instructed our user community to start their VPN sessions by connecting to our ASA 5520 with a browser to download (if necessary) and initiate the Anyconnect essentials VPN client. Everything was working fine until a few days ago.
We have had several people report the same problem. They connect with the browser, enter their login information and are greeted with our "authorized use only" message by the ASA. Then, instead of downloading (if necessary) and starting the VPN client software, the web page just goes back to the login prompt without displaying any error message. The client software is never downloaded or started.
We've been able to work around this by installing the client software manually (where necessary) and starting the VPN client from the start menu. However, this isn't our preferred solution because this method won't have them automatically picking up updated versions of the VPN client.
We have seen this behavior before when there was a pending Java update that had not been applied. However, that doesn't seem to be the case this time. Clients have recently updated to IE9, but I have personnally been running the Anyconnect client and launching through IE9 for months.
Any ideas about what's wrong or how to debug this?
Thanks
PatrickHi Patrick,
Ideally, when you have Anyconnect Essentials enabled on the ASA, you cannot get access to the Clientless VPN (Web Portal access to the internal resources) however the Web Launch of the Anyconnect client does work with it.
I see that you have implemented this a different way (workaround) by manually installing the Anyconnect VPN clients on the machines and then trying to connect it to the ASA, which works and this means that configuration on the ASA for allowing the Anyconnect connection is correct. Now it is not allowing you to launch it from the web portal on machines which means the download access has been restricted somewhere on the ASA.
Could you please follow these two steps and let me know if you see something different.
1. Get access to the ASDM and follow this: Configuration>>Remote Access>>Anyconnect>>Edit the tunnel-group on which you connection is landing>>Login setting. Please check if it says go to the clientless portal or launch Anyconnect. It has to be Download Anyconnect automatically.
2. If you are not getting the prompt for the username and password on the webportal then go to Configuration>>Remote Access>>Clientless (not sure if it is under Anyconnect or clientless, please check both) where you get option: shut down portal login on the main page. Please make sure that it is unchecked.
In your case I see that the users are getting prompt for the username and password however when you authenticate yourself you are getting error message: authorized use only then it could be something to do with the DAP Policies (dynamic access policy).
Go to the dynamic access policies and you will get an option named as Anyconnect (please check if the correct option is checked under the same). If multiple dap policies are configured then please check the dap policy which gets pushed when the user logs in and make changes to that specific dap policy.
Please let me know if this help else I would request you to open a TAC request and we will look into this issue. If you find something different then please share here.
Thanks,
Vishnu Sharma -
Securing multiple AnyConnect connection profiles
Hello,
Here is our scenario. We have three (3) separate AnyConnect connection profiles each with different levels of access enforced through ACL filters. We have aliases configured for each connection profile in order for each group member to be able to choose his group when logging in to AnyConnect. Authentication is done via LDAP to one single server/domain instance on which all users have accounts. Given our scenario and without using multi factor authentication, is there any way to keep a user from logging in to a connection profile in the AnyConnect client which he shouldn't have access to?
Thanks,
-MikeDear Marvin,
I have a similar situation where i have diferent connection profile and group policies where i apply acl where each profile
has access to different resources.
My question would be. Is there any possibility to allow only specific real IP addresses to initiate VPN session to the firewall.
regards
Nehat -
Anyconnect Secure Mobilty Client
Hi team,
Now I just Purchase Identical Anyconnect License for my ACtive and Passive ASA 5540 run with the version of 8.2(5).Can you please assist,How to install the license in my firewall.I know the configuration But I need to know which one I need to install first.After installing the license, How I configure anyconnect?
Thanks in advance for your understanding.
Regards,
Mohamed kabeer.SHi Kabeer,
In Version 8.3(1) and later, failover units do not require the same license on each unit.
Older versions of adaptive security appliance software required that the licenses match on each unit. Starting with Version 8.3(1), you no longer need to install identical licenses. Typically, you buy a license only for the primary unit; for Active/Standby failover, the secondary unit inherits the primary license when it becomes active. If you have licenses on both units, they combine into a single running failover cluster license.
In essence, if you are using 8.3 and above , just add the activation key on primary ASA and this will take care of activating anyconnect VPN on your failover pair.
FYI:-For the ASA 5505 and 5510 adaptive security appliances, both units require the Security Plus license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts. -
ASA5510 sla monitor does not fail back
I've been down this path before and never got a resolution to this issue.
ASA5510 Security Plus
Primary ISP conn is Comcast cable
Secondary ISP conn is fract T1
I duplicated the SLA code from http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
When I pull the conn from primary ISP the default route to the secondary comes up
When I reconnect the primary the default route to the secondary does not go away.
I must either reload the ASA or remove/readd the two default outside routes.
Anyone have this same experience and could lend a hand?
Are there any commands I might have in my config that break SLA?
If so I would have hoped either the Configuration Guide or Command Reference for 8.2 would say so, but I don't see any mentioned.
I'm working remotely with my customer so I can't play with this except on off-hours.
ASA running 8.2(2) so as to use AnyConnect Essentials.
Thx,
PhilPls. read and try the workaround.
CSCtc16148 SLA monitor fails to fail back when ip verify reverse is applied
Symptom:
Route Tracking may fail to fail back to the primary link/route when restored.
Conditions:
SLA monitor must configured along with ip verify reverse path on the tracked interface.
Workaround:
1. Remove ip verify reverse path off of the tracked interface
or
2. add a static route to the SLA target out the primary tracked interface.
[Wrap text] [Edit this enclosure]
Release-note: Added 09/23/2009 20:28:24 by kusankar
[Unwrap text] [Edit this enclosure]
Release-note: Added 09/23/2009 20:28:24 by kusankar
[Uwrap text] [Edit this enclosure]
fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforce
fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-8.3.1.1_interim-by-cl104097&ext=&type=FILE
fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-broadview-8.3.1.1_interim-by-cl104097: Added 03/23/2010 11:54:08 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforce
fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850&ext=&type=FILE
fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-broadview-8.3.1_fcs_throttle-by-cl103850: Added 03/22/2010 15:48:05 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforce
fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-bennu-by-cl101314&ext=&type=FILE
fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-broadview-bennu-by-cl101314: Added 02/18/2010 19:06:08 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforce
fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-idfw-by-cl101317&ext=&type=FILE
fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-broadview-idfw-by-cl101317: Added 02/18/2010 19:09:07 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforce
fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-logging-ng-by-cl101311&ext=&type=FILE
fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-broadview-logging-ng-by-cl101311: Added 02/18/2010 19:03:08 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforce
fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-broadview-main-by-cl101300&ext=&type=FILE
fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-broadview-main-by-cl101300: Added 02/18/2010 18:27:07 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforce
fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-sedona-64bit-by-cl101362&ext=&type=FILE
fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-sedona-64bit-by-cl101362: Added 02/19/2010 04:52:24 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforce
fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-sedona-bv64-by-cl101426&ext=&type=FILE
fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-sedona-bv64-by-cl101426: Added 02/19/2010 11:42:41 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforce
fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-sedona-main-by-cl101297&ext=&type=FILE
fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-sedona-main-by-cl101297: Added 02/18/2010 18:24:15 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforce
fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-titan-8.2.2_fcs_throttle-by-cl101307&ext=&type=FILE
fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-titan-8.2.2_fcs_throttle-by-cl101307: Added 02/18/2010 18:57:08 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforce
fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-titan-bennu-by-cl101294&ext=&type=FILE
fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-titan-bennu-by-cl101294: Added 02/18/2010 18:24:08 by perforce
[Uwrap text] [Edit this enclosure]
fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforce
fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=fixed-in-titan-main-by-cl101282&ext=&type=FILE
fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforce
[Wrap Text] [Edit this enclosure]
fixed-in-titan-main-by-cl101282: Added 02/18/2010 16:48:04 by perforce
[Uwrap text] [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankarCan not view this .log file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=sla-mon-sh-tech&ext=log&type=FILE
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankarCan not view this .log file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
[Wrap Text] [Edit this enclosure]
sla-mon-sh-tech: Added 09/23/2009 20:43:52 by kusankar
[Uwrap text] [Edit this enclosure]
static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforce
static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://cdetsweb-prd.cisco.com/apps/dumpcr_att?identifier=CSCtc16148&title=static-analysis-titan-main&ext=&type=FILE
static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforceCan not view this . file attachment inline, please click on the following link to view the attachment.
http://
[UnWrap text] [Edit this enclosure]
static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforce
[Wrap Text] [Edit this enclosure]
static-analysis-titan-main: Added 02/18/2010 16:48:07 by perforce
-KS -
Anyconnect/Webvpn different ip
Hi,
We have an ASA5510 with the Anyconnect Essentials license. I'm in the process of setting up Anyconnect and immediately run into a question. We have a /29 subnet setup and AFAIK i must use the outside interface address for Anyconnect. However i already have an https service PAT forward on this address. So, can i setup Anyconnect to listen on eg. the second ip in my public subnet?
Thanks,
Dennes
Sent from Cisco Technical Support iPhone AppYou have to use the outside IP address for the WebVPN and anyconnect VPN. However, if you are using port 443 for another pat you can specify the webvpn to use something like 8443 instead for the webvpn using the same outside IP address for both connections. Here is an example of how to change the webvpn port.
config t
webvpn
enable outside
port 8443
Sent from Cisco Technical Support iPad App -
ASA 5505 version 8.2 Base License - getting more anyconnect licensing
Is it possible to increase the number of IPSec VPN peers from 10 to 25 on an ASA 5505 version 8.2 with the base license, simply by adding
L-ASA-AC-E-5505= and not having to upgrade to the security plus license?
ASA 5505
Base License: 10 sessions (25 combined IPSec and SSL VPN1 ).
Security Plus License: 25 sessions (25 combined IPSec and SSL VPN1).
Thank YouI tried reloading the ASA but to no avail. The ISP cleared their ARP cache as well.While I had the ISP online and they didn't see the printers DHCP request.
Of course this is all remote but I can see the interface state change when I have the users turn the printer off then on. When I plug the printer into the local LAN it obtains a local DHCP address and I can access it.
So I'm thinking the printers DHCP request is being blocked at the ASA or somthing else is causing the issue. I am at a loss. -
AnyConnect 3.1 - removing Security Warning: Untrusted VPN Server Certificate!
Hi guys,
Is there a way to disable the warning generated from using self signed certs?
I would like to make the process as seamless as possible.
AnyConnect 3.1
ASA 8.4(2)
Thanks.Hi,
We had problem with the above error message with our certificate when we moved to AnyConnect 3.1
We were instructed to request a new one
Also here is the link to Cisco site we were provided that explains the changes in 3.1
IPSec and SSL connections require server certificates to contain Key Usage attributes of Digital Signature and Key Encipherment, as well as an Enhanced Key Usage attribute of Server Authentication or IKE Intermediate. Note that IPSec server certificates not containing a Key Usage are considered invalid for all Key Usages, and similarly an IPSec server certificate not containing an Enhanced Key Usage is considered invalid for all Enhanced Key Usages.
Link to document
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp1049936
Sadly I dont dable with certificates myself so I'm not really familiar with this.
- Jouni
Maybe you are looking for
-
PB G4 Battery only charges for 5 mins at a time
I am using a replacement battery for my PB (http://www.amazon.co.uk/Battery-PowerBook-15-inch-Aluminium-M9756GA/dp/B001EUSKC 0). It worked fine for about 1 month. Now the 'Full Charge Capacity' is reporting incorrectly (as 65,000 rather than 4,400) &
-
Received this error message when starting iTunes and reinstalling does not resolve it: The registry settings used by iTunes drivers for importing and burning CDs and DVDs is missing... Can I uninstall existing iTunes without losing my media library?
-
Moving Users looses their contacts
I am planning on moving all users to a new container. Last week I moved a user and she lost all her contacts. Is there any way to avoid this? We are running 2.0.4 on OES2 SP1. Thanks, John
-
Partitions problems installing solaris 8 2/04 on Sun v240
Hi all, I'm trying to install Solaris 8 on a v240 sun machine. The machine is new, and I think it comes with Solaris 10 installation files pre-loaded. I don't want them, I need Solaris 8. I'm starting installation booting from cd to use my Solaris 8
-
Hi Experts, Can someone provide me the step by step details of importing the Taxonomy data? Actually i am looking for some Material where i can have the Hands On experience of maintaing the Taxonomy Table starting from Creating fields and also with t