One ASA is version 8.2(5) and the other is 8.2(2). Can't we just disable something?? or turn something off, rather than purchase physical RAM (required to upgrade to ASA 9 if your router only has 256 MB), then upgrade our router twice (since it needs incremental upgrades), and THEN apply the Cisco patch?
With all the reading I've done, I am surprised to not find something that shows how to run some commands to either confirm or deny vulnerability, and if one doesn't want to completely revamp their routers, to ****JUST**** turn off the "vulnerable" part(s). Perhaps I am not seeing the bigger picture here; if so, please let me know (kindly).
We only have the persistent IKE IPsec tunnel to the other ASA, and end users also connect with Cisco VPN Client and/or Shrewsoft VPN with .PCF config files. There is also a IKE IPsec tunnel to an Amazon AWS instance.
The vulnerable part is the ASA with this old software. You can just turn that off.
Ok, that is not what you want to hear, but it's the reality: A firewall is a complex system that needs ongoing professional maintenance. If you can't do it alone, you should get someone to do it for you. There are Cisco partners and consultants out there who can do the job.
Not taking care of that leaves your network and your business at risk.
Thanks for the replies everyone. This actually makes it much easier to do what I wanted anyway -- swap them out with some Meraki MX appliances. I do understand the complexity of routers/firewall, but man, have we come a long way in the way of "maintenance", which is why I want to go the Meraki route. I do agree, the ASA's need to go away.... since, just to connect to and manage them, I have to break out an old laptop that still has the **working** ASDM software loaded on it, because to this day there is not an EXPLICIT instruction set for getting ASDM to work flawlessly the first time. Java version this, java version that, nightmares over and over.... much better to just log into a website!
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...