Cisco ASA Documentation: Difference between revisions
Jump to navigation
Jump to search
BenFranske (talk | contribs) No edit summary |
BenFranske (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
=Upgrading the Software on ASA 5506= | |||
If Your Cisco ASA 5506 has outdated system image or ASDM software you should update them. | |||
# Ensure you have a working IP connection between the ASA and one of the PCs | |||
# Use the TFTPd software on the PC to make the directory with the ASA software files available over TFTP. | |||
#* NOTE: On our Netlab PCs the ASA software is located on the Desktop in the "CCNA Security Files\ASA Software" directory | |||
# Use the '''copy tftp: flash:''' command to copy the ASA software ''AND'' the ASDM software to the ASA, you need to copy two files! | |||
#* NOTE: The ASA software starts with '''asa9''' and ends with '''.SPA''' | |||
#* NOTE: The ASDM software starts with '''asdm-''' and ends with '''.bin''' DO NOT copy the "openjre" version unless you have specifically been told to do so. | |||
# Enter config mode on the ASA | |||
# Use the '''boot system flash:asa9-...SPA''' command (with the correct ASA software filename you just copied) to set the ASA to boot to the new software. | |||
# Use the '''asdm image flash:asdm-...bin''' command (with the correct ASDM software filename you just copied) to set the ASA to use the new ASDM software. | |||
# Save your configuration with the '''write mem''' command. | |||
# Reload the ASA with the '''reload''' command. | |||
# Check the version is correct with the '''show version''' command | |||
# Check the old version filenames with the ''dir flash:''' command | |||
# Use the '''del flash:filename.bin''' command (replacing filename.bin with the correct filename) to delete the old ASA software file ''AND'' the old ASDM software file. | |||
# Congratulations the ASA and ASDM software is updated | |||
=Adding Anyconnect Package to ASA 5506= | |||
If your Cisco ASA 5506 does not have the Anyconnect deployment package you will not be able to install the Anyconnect VPN client from the ASA on a client PC. | |||
# Ensure you have a working IP connection between the ASA and one of the PCs | |||
# Use the TFTPd software on the PC to make the directory with the ASA software files available over TFTP. | |||
#* NOTE: On our Netlab PCs the ASA software is located on the Desktop in the "CCNA Security Files\ASA Software" directory | |||
# Use the '''copy tftp: flash:''' command to copy the Anyconnect web deployment software to the ASA | |||
#* NOTE: The Anyconnect web deployment software starts with '''anyconnect-win-''' and ends with '''-webdeploy-k9.pkg''' | |||
# Congratulations, the Anyconnect web deployment software is installed | |||
=Activating VPN-3DES-AES License on an ASA 5505= | =Activating VPN-3DES-AES License on an ASA 5505= | ||
If your Cisco ASA 5505 gives you an error message stating "The 3DES/AES algorithms require a VPN-3DES-AES activation key." Follow these steps to activate the free 3DES-AES license. | If your Cisco ASA 5505 gives you an error message stating "The 3DES/AES algorithms require a VPN-3DES-AES activation key." Follow these steps to activate the free 3DES-AES license. |
Revision as of 17:54, 26 April 2021
Upgrading the Software on ASA 5506
If Your Cisco ASA 5506 has outdated system image or ASDM software you should update them.
- Ensure you have a working IP connection between the ASA and one of the PCs
- Use the TFTPd software on the PC to make the directory with the ASA software files available over TFTP.
- NOTE: On our Netlab PCs the ASA software is located on the Desktop in the "CCNA Security Files\ASA Software" directory
- Use the copy tftp: flash: command to copy the ASA software AND the ASDM software to the ASA, you need to copy two files!
- NOTE: The ASA software starts with asa9 and ends with .SPA
- NOTE: The ASDM software starts with asdm- and ends with .bin DO NOT copy the "openjre" version unless you have specifically been told to do so.
- Enter config mode on the ASA
- Use the boot system flash:asa9-...SPA command (with the correct ASA software filename you just copied) to set the ASA to boot to the new software.
- Use the asdm image flash:asdm-...bin command (with the correct ASDM software filename you just copied) to set the ASA to use the new ASDM software.
- Save your configuration with the write mem command.
- Reload the ASA with the reload command.
- Check the version is correct with the show version command
- Check the old version filenames with the dir flash:' command
- Use the del flash:filename.bin command (replacing filename.bin with the correct filename) to delete the old ASA software file AND the old ASDM software file.
- Congratulations the ASA and ASDM software is updated
Adding Anyconnect Package to ASA 5506
If your Cisco ASA 5506 does not have the Anyconnect deployment package you will not be able to install the Anyconnect VPN client from the ASA on a client PC.
- Ensure you have a working IP connection between the ASA and one of the PCs
- Use the TFTPd software on the PC to make the directory with the ASA software files available over TFTP.
- NOTE: On our Netlab PCs the ASA software is located on the Desktop in the "CCNA Security Files\ASA Software" directory
- Use the copy tftp: flash: command to copy the Anyconnect web deployment software to the ASA
- NOTE: The Anyconnect web deployment software starts with anyconnect-win- and ends with -webdeploy-k9.pkg
- Congratulations, the Anyconnect web deployment software is installed
Activating VPN-3DES-AES License on an ASA 5505
If your Cisco ASA 5505 gives you an error message stating "The 3DES/AES algorithms require a VPN-3DES-AES activation key." Follow these steps to activate the free 3DES-AES license.
- Run the
show activation-key
command on your ASA. Note that the Encryption-3DES-AES line is listed as "Disabled" also note the Serial Number which is included in the output - Go to the Cisco Licensing page at https://tools.cisco.com/SWIFT/LicensingUI/Quickstart and login with your Cisco login
- Go to the "Devices" tab on the "Product License Registration" page at Cisco
- Click "Add Devices"
- Choose "ASA 5500 Series" for the "Product Family"
- Enter in the serial number for your ASA which you got from the "show activation-key" command and click "OK".
- Once the device shows up in your list of devices hover over the serial number and click the blue arrow to the right of the serial number and choose "Download License"
- Open the ZIP file which downloads and open the ASA3DES... ZIP file
- Open the ASA3DES...LIC file with notepad
- At the bottom of the file will be the serial number plus 5 groups of hexadecimal digits. You will need to add a "0x" on to the front of each group of hexadecimal digits.
- Enter the
activation-key
command on your ASA you will follow it with the five groups of hex digits from your license file likeactivation-key 0x8c07de7b 0x0c5cd0bc 0x30c27dac 0xba7c5870 0x840a7c9d
(note this particular code is invalid and you need to generate one on the Cisco site specific to your serial number and press enter. - You will probably receive a warning or notice
- Run the
show activation-key
command on your ASA. Note that the Encryption-3DES-AES line is now listed as "Enabled"