12-19-2013 07:03 PM - edited 03-11-2019 08:20 PM
Dear Supporter,
I would like to backup both startup-config and asa861-2-smp-k8.bin from my ASA5512-X by using USB port.
Which command should I use to backup both startup-config and image by using USB?
And one more I have configure sub-interface on my ASA5512-X and I want to ping from any IP sub-interface to ASA.
So which command to allow ping from any ip sub-interface to ASA5512-X?
you can check my config as below:
Diagram:
Internet<--------------(int g0/0)ASA5512-X(Int g0/1)<----------(Trunking)Core Switch<------------Access Switch
Sub-interface is doing on ASA, Vlan is doing on Core Switch
interface GigabitEthernet0/1
description Interface for Inter-Vlan Trunking
no nameif
no security-level
no ip address
no shut
!
interface GigabitEthernet0/1.9
vlan 9
nameif DB
security-level 100
ip address 192.168.9.254 255.255.255.0
!
interface GigabitEthernet0/1.10
vlan 10
nameif SRV
security-level 100
ip address 192.168.10.254 255.255.255.0
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
!
interface Management0/0
management-only
nameif MGT
security-level 100
ip address 192.168.1.1 255.255.255.0
!
Thanks in advance
I appreciate with ur help.
Solved! Go to Solution.
12-19-2013 10:03 PM
Backup OS: copy disk0:*.bin disk1:
Backup the config: copy runn disk1:
To allow ICMP
icmp permit any [interface name]
12-19-2013 10:03 PM
Backup OS: copy disk0:*.bin disk1:
Backup the config: copy runn disk1:
To allow ICMP
icmp permit any [interface name]
12-20-2013 07:37 PM
Dear Collin Clark,
I'm very very thanks for your help.It is done for me. Your respone is very helpful to me.
I have one more question, but this question is related to anyconnect vpn.
Could you tell me which command should I use to configure anyconnect mobile vpn by using dual ISP on ASA5512-X ?
I appreciate very much for your respone.
Thanks
Best Regards,
12-22-2013 07:50 AM
AnyConnect on mobile devices requires a license on the ASA. Please check "show version" output to see if you have the AnyConnect for Mobile license installed.
If you do, you can most easily create a new remote access VPN by using the wizard in ASDM. It will step you through all of the necessary questions and build your configuration. If you're using Windows and OS X clients in addition to mobile, you should download the latest AnyConnect packages for those OSes as well for distribution from your ASA. The mobile clients should be downloaded from their respective marketplace - iTunes App Store or Google Play.
ASAs don't typically support dual ISP natively very well (i.e no dynamic load balancing etc.). You can setup a failover to secondary ISP by following the guidelines in this document:
Regards,
- Marvin
12-22-2013 11:05 PM
Dear Marvin,
Thanks for your quick respone. But now I still have concern,I would like you to explain me more about my isssue. The link you provide me is just sample configuration of redundant ISP, It is not anyconnect vpn, but I think it can help me a little.
Please kindly check licence on my ASA5525-X
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : 750 perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
And my question is I would like to configure AnyConnect vpn on Cisco ASA5525-X that is using two ISP ( ISP1 and ISP2 ) and after complete configuration user can use mobile or pc to remote to my ASA5525-X to access resource in my internal network. So if ISP1 is down, user is still access to resource in my internal network by using ISP2.
So, this senario can or not ?
If can, Could you provide me the clear configuration also step how to do it?
I appreciate with your help.
Thanks in advance
Best Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: