Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
5
Helpful
13
Replies

ASA 5505 v8.2(1)

Go to solution
krosal
Level 1
Level 1

‎03-06-2017 12:28 PM

I have been struggling trying to create a VPN connection for remote connectivity on a Cisco ASA 5505. I saw that there was a bug listed for the version 8.2.1. Does anyone know if this is correct?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-07-2017 06:59 AM

If you get Smartnet support contract for the ASA 5505 you would be entitled to TAC support for configuration issues. 

You should know that the 5505 end of sales announcement was made in February 2017. The hardware will no longer be sold after this August. However you can still purchase a support contract up until August 2018.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5505-adaptive-security-appliance/eos-eol-notice-c51-738642.html

If you have long term plans for supporting a production VPN you would be better advised to use one of the current hardware models like the ASA 5506-X. Those will run newer software releases and give you options for more security. 

FYI here are the part numbers:

L-AC-PLS-LIC=
Cisco AnyConnect Plus Term License, Total Authorized Users

L-AC-PLS-1Y-S1

1 year term license, quantity 25 users (minimum orderable)

CON-SNT-AS5K8
SNTC-8X5XNBD ASA5505-K8
Duration: 12 Month(s)

Smartnet contract for ASA 5505 (assuming Base ASA license)

You should first check with your reseller to make sure the ASA you have is eligible for Smartnet. People have reported that ones purchased via third parties (eBay, private seller etc.) are not eligible. 

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-08-2017 06:27 AM

You're welcome. Please mark your question as answered if it has been.

View solution in original post

0 Helpful
13 Replies 13

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-07-2017 06:58 AM

What kind of VPN? (Remote access IPsec, remote access SSL or site-to-site IPsec are the primary types.)

For the most part all of those work fine even on the older software you are running. Most bugs are minor and not catastrophic.

0 Helpful

Go to solution
krosal
Level 1
Level 1
In response to Marvin Rhoads

‎03-07-2017 06:58 AM

That would be a remote access SSL. I made some changes on the ASDM and I'll try it again tonight and let you know.

thank you

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to krosal

‎03-07-2017 02:25 PM

OK. If you run into a specific issue, let us know. I've run lots of ASAs with 8.2x and SSL VPN just fine.

0 Helpful

Go to solution
kelly.rosal
Level 1
Level 1
In response to Marvin Rhoads

‎05-07-2017 05:54 AM

Hi Marvin, I surely appreciate your reply. I have not been able to get connected remotely on our ASA 5505 and have tried a couple of times with no success. I have tried the Anyconnect and setup and also the IPsec, but cannot get connected. The Anyconnect version that is on the ASA is version 2.3.0254 will this work on a Windows10 PC?

Also, with Windows 10, must I create a VPN connection in Windows first, connect and then try the Anyconnect?

Does the VPN connection need to be enabled first?

If I get setup with a Cisco account, will Cisco help me out?

I'm in need of getting this setup and not sure where I'm going wrong. I have set it up through the ASDM, created a NAT exempt rule, but cannot get connected remotely.

I have tried with Anycconect, IPsec, but not SSL yet.

Any suggestions would be greatly appreciated.

Thank you,

Sincerely,

Kelly

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-07-2017 06:34 AM

That AnyConnect version is very very old. It will not support Windows 10 clients. The current AnyConnect is 4.4.02039.

Your best option would be to buy a current AnyConnect license type. The smallest increment would be a 1 year term 25 user license. List price US$125. That would entitle you for the AnyConnect downloads. 

AnyConnect is synonymous with SSL VPN (although it can also support IPSec IKEv2 with newer ASAs). When it is configured correctly the client software will download from the ASA to your PC and be used to initiate and manage the VPN.

0 Helpful

Go to solution
kelly.rosal
Level 1
Level 1
In response to Marvin Rhoads

‎05-07-2017 06:34 AM

Thank you for the quick reply.

I will go ahead and get the current license and then work on the SSL VPN. Would you recommend the Smartnet contract for this, and if so does Cisco assist on VPN connections if needed?

Thank you again!

Kelly

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-07-2017 06:59 AM

If you get Smartnet support contract for the ASA 5505 you would be entitled to TAC support for configuration issues. 

You should know that the 5505 end of sales announcement was made in February 2017. The hardware will no longer be sold after this August. However you can still purchase a support contract up until August 2018.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5505-adaptive-security-appliance/eos-eol-notice-c51-738642.html

If you have long term plans for supporting a production VPN you would be better advised to use one of the current hardware models like the ASA 5506-X. Those will run newer software releases and give you options for more security. 

FYI here are the part numbers:

L-AC-PLS-LIC=
Cisco AnyConnect Plus Term License, Total Authorized Users

L-AC-PLS-1Y-S1

1 year term license, quantity 25 users (minimum orderable)

CON-SNT-AS5K8
SNTC-8X5XNBD ASA5505-K8
Duration: 12 Month(s)

Smartnet contract for ASA 5505 (assuming Base ASA license)

You should first check with your reseller to make sure the ASA you have is eligible for Smartnet. People have reported that ones purchased via third parties (eBay, private seller etc.) are not eligible. 

Go to solution
kelly.rosal
Level 1
Level 1
In response to Marvin Rhoads

‎05-07-2017 06:59 AM

Thank you, I will definitely discuss this wit my Manager.

Can a person backup the current configuration of the ASA 5505 and install it on the new ASA, or would a total configuration be in order.

Thank you,

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-07-2017 07:05 AM

A new configuration would be in order. Several command syntax changes were made with the later software versions. An experienced engineer could translate them manually but it might be more trouble than it's worth. 

I usually take the opportunity of changing to new hardware as an occasion to thoroughly review all of the old settings with a customer in order to clean out old and unused (and possibly mis-configured) bits. 

0 Helpful

Go to solution
kelly.rosal
Level 1
Level 1
In response to Marvin Rhoads

‎05-07-2017 10:36 AM

Hi Marvin, I have another question on the 1 year Term for the AnyConnect license. Does this license need a renewal every year to keep using the VPN connection, or would this be just for being able to download the AnyConnect?

Your best option would be to buy a current AnyConnect license type. The smallest increment would be a 1 year term 25 user license. List price US$125. That would entitle you for the AnyConnect downloads

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-07-2017 08:19 PM

The one year term means you have a right to use (and update) the software for 1 year. You can purchase longer term licenses (up to 5 years) or a perpetual license (for the plus license type only).
All of the various options are described in detail in the AnyConnect Ordering Guide and FAQ documents:
http://www.cisco.com/c/dam/en/us/products/collateral/security/anyconnect-og.pdf
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html

0 Helpful

Go to solution
kelly.rosal
Level 1
Level 1
In response to Marvin Rhoads

‎05-08-2017 03:02 AM

Marvin, thank you for this detailed information, I surely appreciate your help in this.

Kelly

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kelly.rosal

‎05-08-2017 06:27 AM

You're welcome. Please mark your question as answered if it has been.

0 Helpful
Customers Also Viewed These Support Documents