cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5523
Views
60
Helpful
27
Replies

ASA and Phonefactor

JASON HYMAN
Level 1
Level 1

I'm am trying to get my ASA to authenticate Anyconnect users with Phonefactor authentication. Has anyone successfully done this before?

27 Replies 27

Javier,

Sorry for the confusion but the gist of the problem revolves around the fact that my access to "File Management" does not exist...it's greyed out!!

Which is why I thought you suggested upgrading to the current ASDM version of 6.4.

This brings me back to my question regarding how I go about upgrading without the ability to use the version of ASDM that I have. I'm going on the assumption that I will have to do this via a CLI? Directly plugged into the console port on my ASA?

Thank you for your patience!

Jason

Jason,

Please include a screenshot of your ASDM.

Another option is to upload the ASDM image via TFTP and then enable the new image through the CLI.

Thanks.

Jason,

Bro you are not connecting to an ASA :S

This is the FWSM...

Do you have access to the ASA?

Thanks.

This is definitely our ASA...here is the show ver

Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

MI01-F0002 up 170 days 4 hours

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Javier,

Something odd is definitely going on. Just logged into my ASA and I now have access to File Management!

I am going to upgrade to the latest version of Cisco ASDM and hopefully this will resolve any future issues.

Regarding one of my original question to integrate PhoneFactore, what is the name of the XML file that needs to be edited to increase the timeout?

Thank you,

Jason

Jason,

Sorry for any delay.

Not actually, this is not the ASA, this is the FWSM module.

Please go to help and attach the "show ASDM" and "show ASA" outputs.

Thanks.

Portu.

Javier,

I am attaching to two seperate firewalls utilizing my ASDM. One, my local ASA, which you'll see the information on it below and the other, a FWSM, whose information I've provide below the ASAs info. Unfortunately the current ASDM version is not supported by the FWSM version 4.0(16). The FWSM is a hosted solution that we manage so upgrading to the latest ASA and ASDM versions is something i'll have to see about.

I did upgrade the ASDM version on my ASA to version 6.4(5) and will upgrade to the latest version as soon as we add a SmartNet contract.

There is obviously an anomoly in the ASDM software that did not allow me to see File Manage but as soon as I upgrade everything worked fine. I'm curious if this is a known issue?


Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.4(5)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

MI01-F0002 up 176 days 2 hours

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   :  CN1000-MC-BOOT-2.00
                             SSL/IKE microcode:  CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  :  CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0         : address is 6400.f127.fce2, irq 9
1: Ext: Ethernet0/1         : address is 6400.f127.fce3, irq 9
2: Ext: Ethernet0/2         : address is 6400.f127.fce4, irq 9
3: Ext: Ethernet0/3         : address is 6400.f127.fce5, irq 9
4: Ext: Management0/0       : address is 6400.f127.fce6, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5
The Running Activation Key feature: GTP/GPRS is not allowed on the platform, disabling GTP/GPRS.

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 100      
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
Security Contexts            : 5        
GTP/GPRS                     : Disabled 
SSL VPN Peers                : 250      
Total VPN Peers              : 250      
Shared License               : Enabled
AnyConnect for Mobile        : Enabled  
AnyConnect for Linksys phone : Enabled  
AnyConnect Essentials        : Disabled 
Advanced Endpoint Assessment : Enabled  
UC Phone Proxy Sessions      : 250      
Total UC Proxy Sessions      : 250      
Botnet Traffic Filter        : Disabled 

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1522L0Y8

FWSM

FWSM Firewall Version 4.0(16)

Device Manager Version 6.2(2)F

Compiled on Wed 29-Jun-11 07:55 by fwsmbld

FWSM up 123 days 6 hours

failover cluster up 165 days 14 hours

Hardware:   WS-SVC-FWM-1

Licensed features for this user context:

Failover                    : Active/Active

VPN-DES                     : Enabled  

VPN-3DES-AES                : Enabled  

GTP/GPRS                    : Disabled 

BGP Stub                    : Disabled 

Service Acceleration        : Disabled 

Configuration last modified by bdm40381 at 07:27:18.838 UTC Fri Oct 5 2012 FWSM Firewall Version 4.0(16)
Device Manager Version 6.2(2)F
Compiled on Wed 29-Jun-11 07:55 by fwsmbld
FWSM up 123 days 6 hours
failover cluster up 165 days 14 hours
Hardware:   WS-SVC-FWM-1
Licensed features for this user context:
Failover                    : Active/Active
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
GTP/GPRS                    : Disabled 
BGP Stub                    : Disabled 
Service Acceleration        : Disabled 
Configuration last modified by bdm40381 at 07:27:18.838 UTC Fri Oct 5 2012

Jason,

Probably something went wrong, try to keep your software up to date to avoid any issues.

Is there anything else? otherwise, please mark this post as answered.

Thanks.

Portu

That should cover it! Thank you again for your assistance!

Jason Hyman

Network Engineer

Orlans Associates

Thanks for your time and collaboration Jason

Hope to hear back from you.

Take care.

Hi Javier,

Very nice information provided to the user. Keep the good work going. I am converting this discussion to a document link of the same is mentioned below:

https://supportforums.cisco.com/docs/DOC-40417

Regards,

Anim Saxena

Community Manager

Hi Anim,

Thanks for the nice feedback and collaboration

hoylea
Level 1
Level 1

Just posting this here in case someone has the same problem later:

The File management options including "upgrade software from local computer" will be greyed out on any virtual firewall (multi context).  In the ASDM, click on "system" and click "Connect" and the options will be visible again.