Solved: Re: ASA ASDM

saudhusain · ‎04-08-2020

Hi All

I am currently using CISCO ASA 5550 model with below IOS version and VPN client software. Network audit raise an issue on IOS and VPN client version and request to upgrade to latest release. Can anyone please suggest and share download link of latest and stable IOS version of ASA and ASDM for CISCO ASA 5550 model and VPN client software.

Will upgrade to latest release have any impact on existing ASA licensing?.

Cisco Adaptive Security Appliance Software Version 9.1(6)
Device Manager Version 7.8(1)150

Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz,

Find below Audit concerns

During our review, vulnerable firmware version on VPN firewall and Cisco VPN client was identified with multiple vulnerabilities:
Denial of Service Vulnerability (CVE-2019-1693) and Remote Code Execution Vulnerability (CVE-2018-0101) on Firewall
REF:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos
REF:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Denial of Service Vulnerability(CVE-2012-5429) and Gain Privilege
Vulnerability(CVE-2015-7600) on VPN Client
REF:https://tools.cisco.com/security/center/viewAlert.x?alertId=27926
REF:https://www.cvedetails.com/cve/CVE-2015-7600/

Sheraz.Salim · ‎04-08-2020

you have 2 anyconnect licenses | AnyConnect Premium Peers : 2 perpetual

here link is for the ASA code.

here link is for the ASDM

here link how to upgrade the code and asdm on the ASA.

for upgrade going onward 9.1x to 9.8.x there is no configuration impact. everything will stay the same.

here link mentioned you can go straight to 9.1.6 to 9.8.x

here link for build in windows

please do not forget to rate.

View solution in original post

Sheraz.Salim · ‎04-08-2020

upgrade to 9.8.4 code this is a gold star and interim release.

also vpn client you using is EOL better move to anyconnect.

please do not forget to rate.

saudhusain · ‎04-08-2020

Hi Sheraz.Salim
As per below output can you please confirm how many Any-connect license available on ASA?
Can I create pptp/l2tp VPN on CISCO ASA and use builtin windows vpn client?
Share download link of ASA 9.8.4 code with compatible ASDM release and latest Any connect software.

Last but not the least is there any impact on configuration or license if i upgrade from 9.1(6) to 9.8.4 code.

CISCO 5550 ASA License details:

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 400 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 5 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

Sheraz.Salim · ‎04-08-2020

you have 2 anyconnect licenses | AnyConnect Premium Peers : 2 perpetual

here link is for the ASA code.

here link is for the ASDM

here link how to upgrade the code and asdm on the ASA.

for upgrade going onward 9.1x to 9.8.x there is no configuration impact. everything will stay the same.

here link mentioned you can go straight to 9.1.6 to 9.8.x

here link for build in windows

please do not forget to rate.

saudhusain · ‎04-08-2020

Can you please guide the same for below Firewall. I have one more ASA which i don't have access right now. In case if there is any query i will post it.

Upgrade path and latest CISCO ASA and ASDM image and Anyconnect license details ???

Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 150

This platform has an ASA 5510 Security Plus license.

Sheraz.Salim · ‎04-09-2020

Hi 5510 is EOL. The latest software available is 9.1.7. as you running 7.0 software therefore in order to jump on 9.1.7 you still need a baby steps 7.0 to 8.x to 9.1.

please do not forget to rate.