I know the ASA 5505 is up because Nmap tells me so but no open ports, i.e. "1 IP address (1 host up) scanned in .."

After reboot Nmap would return something like this:

Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-23 10:16 CEST

Interesting ports:

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 15.69 seconds

Versions installed are as follows, where ASA 8.2 is the latest possible with 512 MB RAM. But perhaps ASDM can be upgraded while keeping ASA at 8.2 ?

ASA Version: 8.2(1)

ASDM Version: 6.2(1)

Firewall Mode: Routed

Total Flash: 128 MB

Device Type: ASA 5505

Total Memory: 512 MB

ciscoasa> show version

Cisco Adaptive Security Appliance Software Version 8.2(1)

Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders

System image file is "disk0:/asa821-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 16 hours 9 mins

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

Licensed features for this platform:

Maximum Physical Interfaces  : 8        

VLANs                        : 20, DMZ Unrestricted

Inside Hosts                 : Unlimited

Failover                     : Active/Standby

VPN-DES                      : Enabled  

VPN-3DES-AES                 : Enabled  

SSL VPN Peers                : 2        

Total VPN Peers              : 25       

Dual ISPs                    : Enabled  

VLAN Trunk Ports             : 8        

Shared License               : Disabled

AnyConnect for Mobile        : Disabled 

AnyConnect for Linksys phone : Disabled 

AnyConnect Essentials        : Disabled 

Advanced Endpoint Assessment : Disabled 

UC Phone Proxy Sessions      : 2        

Total UC Proxy Sessions      : 2        

Botnet Traffic Filter        : Disabled 

This platform has an ASA 5505 Security Plus license.

Hi Bro

Your Cisco ASDM version 6.2(1) could be hit with Cisco Bug ID CSCtl42678 and CSCsr89144. Please click on the URLs below for the description of the 2 Cisco Bug IDs.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsr89144

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtl42678

Your action plan here is to upgrade your Cisco ASA FW and ASDM version to version 8.2.4 (asa824-k8.bin) and version 6.4.2 (asdm-642.bin) respectively.

Upgrading FW software image will require about 15 minutes downtime (including Pre-UAT and Post UAT network/application verification), but the ASDM upgrade can be done on the fly. No downtime needed here. Let me know how this goes.

Thank you for your reply Ramraj.

I'll try what you suggest but why those perticular versions and not latest possible?

Hi Bro

Since your current software image version is version 8.2.1, the latest within its's train is version 8.2.5. After version 8.2.5, is version 8.3 and so on. To upgrade to version 8.3 or 8.4 (latest), this requires memory upgrade. In other words, this requires costs $$$$. I hate to propose suggestions that involves costs, unless it's deemed necessary. Furthermore, the CLI syntax in version 8.3 or 8.4 for object names and NATs are totally different compared to version 8.2.X and below. Trust me! it's a pain :-p

For your information, I hate version 8.2.5, as it's very buggy for many reasons. Hence, I suggested to you version 8.2.4 instead. By the way, the ASDM version 6.4.2 is the latest version, suitable for version 8.2.4.

Lastly, upgrading your software image version from version 8.2.1 to 8.2.4, has almost no adverse effects on your present configuration. So, no worries there. Let me know how it goes. Should everything go well, you owe me a beer, just kidding! :-)