Cisco Asa 5505 Activation Key 67
Tamela Vandonsel
We have in our (small) office a CISCO ASA 5505 but it died and I have ordered a new ASA device. As we had a template for the 5505 Series I tried to order a 5505 and use the template. But I heard from our supplier that the 5505 is oudated and only a 5506-x can be ordered.
unfurtunately, because now my template isn't working. I dont have loads of cisco knowledge, and I have searched on the web for solutions. The port configuration has been changed and I found a usefull document to change it, but all the rest of my commands are not working to...
2. The new ASA only runs ASA software 9.1 or higher. If you had a configuration built with old software (8.2(x) or lower - such as your template appears to be built from) then you will have to convert several configuration bits - most notably NAT and access-lists.
Cisco has FINALLY heard us! The purveyors and Champions of the Small to medium business markets, and produced the first match to the Cisco ASA5505. First they gave us the 5506 and we were all upset about the fact that the ports were NOT switched. Well with this we can run ASA and FTD code, join it to FMC, and comming in 6.5 code we can get 650Mbps of IPS traffic throughput on this baby! This fills a HUGE hole in the market. I'm so happy to this this. What are your thoughts???
Rob, Thank you for your timely response. After looking at the link above, I don't think I had been descriptive enough as to what I am looking for. I have a Cisco ASA 5505 running Cisco Adaptive Security Appliance Software Version 8.4(2). I am looking to copy the startup-config file into the FPR1000 appliance. My concern is that they are not compatible or there may be deprecated commands not supported in the FPR1000. Can I just copy the ASA 5505 startup-config file into the FPR1000 and have the appliance run without issues?
@GlennJoseph the minimum ASA software version you can run on the FPR1000 is 9.14, there quite a big difference between 8.4 and 9.14. There will be depreciated SSL, IKE, IPSec ciphers to start with and from 9.17 Clientless VPN is depreciated.
@GlennJoseph no you cannot. You can copy most of it but there are a number of commands that don't map between the different platforms' hardware capabilities. If you look through it, many are obvious and some not so much.
You can however try it and then boot while connected to console and capturing the output. Anything you missed during a human review/edit will show up as a parsing error when the system load the configuration file.
With that said I still have a hard time undersatnding why Cisco decided 2.5 VLANs was the limit. In my experience it is barely enough and requires creative configuring to really meet the needs of even the smallest of enviornments. Even in my own home I have a hard time with the VLAN limitation.
You are reading it correctly, VLANs are still limited. It does limit you, but Cisco provisions the box slightly above a Linksys and makes it cost effective for SOHO environments. The 5510 is focused towards small enterprise/remote office type solutions. We never use and rarely sell the 5505 because of the limitations on it. We suggest to our clients to spend the extra cash and get a 'future proof' device.
The cost difference and feature difference between the 5505 and 5510 is huge. Overall its a difficult piece of equipment to deploy to even a SOHO. Even the smallest of organizations need 3 full non-trunked vlans. Generally it is a better value and price point to purchase a ASA5505, Moderaly priced router, and moderately priced switch. I just wish that Cisco would allow SOHO's to deploy with a firewall and switch and that is only possible from a 5510 or higher.
We always give the customer the option, but we push using a router more often than the ASA. A router has so many more features even though the performance of the firewall on a router is less than an ASA. There are some features that requires an ASA though. I will never (again) configure SSLVPN on a router. Smooth as silk on an ASA and nothing but trouble on a router!
I have a problem configuring ASA 5505 to connect to internet because the modem that connect to internet was tagged with vlan to the ISP. As i know that the ASA 5505 is in switch mode, so in order to connect to the modem, its need to be in the router mode. My question is, can ASA 5505 be configure as a router mode and did it require any license to do that? Thanks in advance.
Firstly, there is no switch mode. The two modes are transparent and router mode. Router mode means that you can use all the features such as VPN and transparent is a layer2 firewall which allows you to place in a network without changing the topology and inspect l2 packets etc, but some of the more traditional features (like VPN) are not available.
The router mode still looks like a switch in the normal sense as it uses SVI as the interfaces. Depending on license depends on how many you can configure. Standard is three - inside,outside and management.
Back your configs up also as they will change significantly. I cant remember if the prompt allows to you configure a management interface this way around or not (been some time), but I would recommend doing this via console so you can at least start from scratch.
I dont have the device with me right now to run that command but I managed to capture image of my firewall when i configure using ASDM. My firewall already in the router mode right? Another question, can I configure ASA 5505 port to be in trunk mode?
I have inherited a handful of Cisco ASA 5505s, I'm not sure what exact model they are but they are all 8 port models. I tried inputting serial numbers into the cisco coverage checker to see if it would give me model numbers and none of them are recognized by that particular utility, so unfortunately this is all the information I have to go on. I have a few questions below that I was wondering if anyone had an answer to.
1. I was curious, as they only have a 100MBPS indicator light whether these are actually only able to process at fast ethernet speeds, despite a reasonably recent production timeframe or whether that means that a link has been throttled down due to connection to older devices.
2. regardless of whether these are gig, or fast ports, does the ASA possess the ability to actually filter traffic at that rate, or is it similar to the cheaper cisco ISR series routers like the 2911 that have gig ethernet ports but are only able to process 345Mbps?
I am asking because I have just recently been given a dedicated gig connection for my department, but I'm currently only utilizing half that because I am running straight from an EOL 6509 core switch and this is highly insecure because we are only securing with ACLs at the moment. I would like to set up a pair of 2911 routers with GLBP (to increase to around 700 Mbps), but all of the ones I have available are only running IPbasek9, so even though bandwidth would increase, security is still a concern in that setup. I have zero budget for purchasing extra licenses or devices so I'm trying to get the best setup with what I have on hand.
An ASA 5505 has a best case maximum throughput of about 150 Mbps. That's of course a best case lab scenario assuming several distinct flows are going through it to differing interfaces. A given interface can only run at 100 Mbps (hardware limitation). A given single flow will likely be even less.
I updated the compact flash to an EDGE compact flash card - 512MB. I formatted them all in a 5510 and used a PC to load multiple code levels and configs on them before inserting into the ASA 5505s. EDGE compact flash was like $12-15 if I recall.
Upon booting, the ASAS5505 will lose its activation key so you must record it before removing the old compact flash. Once the new compact flash is booted you can get into the machine and reload the activation key.
NOTE: On one ASA I lost the key information and it was a PLUS License. I went to the automated Cisco tech site and asked for a AES-256 activation key for the serial number of my ASA. The site generated a key for me and sent it to me with a error message saying something was wrong. However there was nothing wrong. The system knew it already had AES-256 and a PLUS license so it sent a key to me for those features again! It all worked!
I am now using 1GB simms labeled HYS64D128320HU-5-B and HYS64D128320HU-5-B-N . I have about a half dozen of each and none have failed with reloading several times daily over the last several weeks. This is with 9.2.3 code which makes the ASAs run hotter than they did with the older 8.2.5 code levels. You can buy the SImms from places like OEMPCWORLD for about $17.
The ones that have Infineon on them also had a number of 031810 in their database and these were the ones labeled HYS64D128320HU-5-B. The other ones without the Infineon name labeled with part number HYS64D128320HU050B-N also had part number 033718 on them. I think either will work without issues however MAKE SURE YOU SELECT NO SUBSTITUTIONS - otherwise I do not know if their replacement simms would work!
One last thing...these ASAs run hotter now...you need to keep air flowing near them. I am thinking of putting taller feet on them. I had the feet on one disintegrate due to the heat. Getting them slightly higher in the air may help the airflow under them too.
After more testing and a few failures, I now will only use the 512MB simms that are supplied in the newer ASAs or Infineon HYS64D128320HU-5-B 1GB memory simms. I will not use any others since I have seen a failure or two on a reload with other brands. I have NEVER had a reload failure with the sinmm part number I listed above - BUT it has to have the word Infineon or the slanted letter I on it. All other simms are not equivalent. The 512MB EDGE compact flash card has worked in every ASA with no problems. I simply reload all the files on it, boot the ASA with it, reinstall the activation key (need to copy it off the unit before swapping the compact flash) and upgrade the code to the latest 9.2.3 and asdm code. I've done twenty plus with another 30 to do when I have spare time. These ASA5505s are good for another few years and can push 90+Mb on a good connection.
b37509886e