After re-image FPR2110 from FTD to ASA9.8.2, the chassis (FXOS) mgmt interface UI become unaccesible giving the following error “Forbidden- you don’t have permission to access / on this server”.
In a nutshell, i could access FXOS via SSH and ASA (SSH & HTTPS) but the FXOS Chassis Management was broken. After spend some time, the only way to get this sorted was upgrade for the version 9.9.x
After upgrade, everything was working again.
This error message is because your Cisco ASA doesn’t have the AnyConnect image for your WebVPN profile. These images can be downloaded from cisco.com .This example is for ASDM 7.6, but if you run version 6.x you can do using ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Customization/Localization > Binary
I’ve configured many clusters using Cisco ASA gear, but this time i got a strange message bringing the cluster UP (active/passive) using a pair of 5510 (code asa842-k8.bin).
Mate’s license (Licensed Cores ) is not compatible with my license (Licensed Cores ). Failover will be disabled.
Understanding Licensing models it´s always hard, because of the product evolution. But i was wondering even with same License (Security Plus) could be because of having different AnyConnect seats? After generate a demo license didn’t work, so my last guess was look to release notes and Bingo! Affected by CSCtj87870
After upgrade to 8.4(7) it worked!
Firewall 1
This platform has an ASA 5510 Security Plus license.
The flash permanent activation key is the SAME as the running permanent key.
Firewall 2
This platform has an ASA 5510 Security Plus license.
The flash permanent activation key is the SAME as the running permanent key.
Logical Update Queue Information
Cur Max Total
Recv Q: 0 8 9606
Xmit Q: 0 122 10979540
This is the amazing Matrix for Cisco ASA wicht has compatibility about ASA OS, ASDM, Modules, Memory Kits with new and old boxes. I would add a Licensing bullet on this Cisco Doc, but is just my opinion.
This document lists the Cisco ASA software and hardware compatibility and requirements.
This section lists ASA and ASDM compatibility for current and lecisco asagacy ASA models.
References:
http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html
Efectuar upgrade de firmware nos Cisco ASA para a versão superior à 8.3 não é uma tarefa fácil devido ás diversas dependências existentes: memória RAM, Configs (ACL, NATs), Steps entre versões.
Aqui ficam alguns links para analisar antes de efectuar o Upgrade:
https://supportforums.cisco.com/docs/DOC-12690
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
Formação sobre Como Configurar as Appliances Cisco ASA/PIX
Migrating from PIX 500 to ASA 5500 Launch module
Firewall Services
Utilizing the Packet Tracer Feature on the Cisco ASA Launch module
Simplifying Access Control Policies on PIX 500 and ASA 5500 Launch module
IPS Services
Intrusion Prevention Services in ASA 5500 Launch module
VPN Services
Configuring The Easy VPN Hardware Client feature on the Cisco ASA 5505 Launch module
Configuring the L2TP/IPSEC feature on the Cisco ASA Launch module
Using Cisco ASA 5500 Series SSL VPN for Clientless Access (WebVPN) Launch module
Using Cisco Secure Desktop to Provide Endpoint Security for SSL VPN Launch module
SSL VPN Client Access on ASA 5500 Launch module
Using Citrix™ with SSL VPN Clientless Access on ASA 5500 Launch module
VPN Clustering for ASA 5500 Launch module
Anti-X Services
Cisco ASA 5500 Series Content Security and Control SSM (CSC-SSM): Installation, Setup and Activation Launch module
Configuring the ASA 5500 Series with the CSC-SSM Launch module
Monitoring the ASA 5500 Series CSC-SSM Launch module
Configuring the Base License Features of the CSC-SSM in the ASA 5500 Series Launch module
Configuring the Plus License Features of the CSC-SSM in the ASA 5500 Series Launch module
Policies
Modular Policy Framework on PIX 500 and ASA 5500 Launch module
High Availability
Basic Features Services
Configuring Basic Features on the Cisco ASA 5505 Launch module