Download Print this page

Cisco ASA 5505 Configuration Manual

Cisco ASA 5505 Configuration Manual

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

,

Hardware installation manual (82 pages)

,

Cli configuration manual (2164 pages)

Advertisement

Quick Links

x

Download this manual

84

Starting Asdm

84

Downloading the Asdm Launcher

88

Asa 5505 Default Configuration

See also: Installation Manual

Cisco ASA 5500 Series Configuration

Guide using ASDM

Software Version 6.3, for use with Cisco ASA 5500 Version 8.3

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Customer Order Number: N/A, Online only

Text Part Number: OL-20339-01

Table of Contents

Advertisement

Chapters

Table of Contents

4
Table of Contents
93
Using the Asdm User Interface
- 94
  Chapter 3 Using the ASDM User Interface
- 94
  Information about the ASDM User Interface
- 95
  Navigating in the ASDM User Interface
- 96
  Menus
  - 96
    File Menu
  - 97
    View Menu
  - 98
    Tools Menu
  - 100
    Wizards Menu
  - 101
    Window Menu
  - 101
    Help Menu
  - 101
    Menus
- 102
  ASDM Assistant
- 102
  Toolbar
- 103
  Device List
- 103
  Status Bar
  - 103
    Connection to Device
- 104
  Common Buttons
- 105
  Keyboard Shortcuts
- 106
  Enabling Extended Screen Reader Support
- 108
  Home Pane (Single Mode and Context)
  - 108
    Device Dashboard Tab
    - 109
      Device Information Pane
    - 109
      Interface Status Pane
    - 109
      VPN Sessions Pane
    - 110
      Failover Status Pane
    - 110
      System Resources Status Pane
    - 110
      Traffic Status Pane
    - 110
      Latest ASDM Syslog Messages Pane
  - 111
    Firewall Dashboard Tab
    - 112
      Traffic Overview Pane
    - 112
      Top 10 Access Rules Pane
    - 112
      Top Usage Status Pane
    - 113
      Top Ten Protected Servers under SYN Attack Pane
    - 113
      Top 200 Hosts Pane
    - 113
      Top Botnet Traffic Filter Hits Pane
  - 113
    Content Security Tab
  - 114
    Intrusion Prevention Tab
- 116
  Home Pane (System)
117
Managing Feature Licenses
- 118
  Chapter 4 Managing Feature Licenses
- 118
  Supported Feature Licenses Per Model
  - 118
    Licenses Per Model
  - 125
    License Notes
  - 127
    VPN License and Feature Compatibility
- 127
  Information about Feature Licenses
  - 128
    Preinstalled License
  - 128
    Permanent License
  - 128
    Time-Based Licenses
  - 130
    Shared SSL VPN Licenses
  - 135
    Failover Licenses
  - 136
    Licenses FAQ
- 137
  Guidelines and Limitations
- 139
  Obtaining an Activation Key
- 139
  Viewing Your Current License
- 140
  Activating or Deactivating Keys
- 141
  Configuring a Shared License
- 143
  Feature History for Licensing
147
Configuring the Transparent or Routed Firewall
166
How Data Moves through the Transparent Firewall
- 167
  An Inside User Visits a Web Server
- 167
  Figure
- 167
  Host
- 167
  Management IP
- 167
  Www.example.com
- 173
  Setting up the Adaptive Security Appliance
- 176
  Chapter 6 Configuring Multiple Context Mode
- 176
  Information about Security Contexts
  - 176
    Common Uses for Security Contexts
  - 176
    Context Configuration Files
    - 176
      Context Configurations
    - 176
      System Configuration
    - 176
      Admin Context Configuration
  - 177
    How the Security Appliance Classifies Packets
    - 177
      Valid Classifier Criteria
    - 178
      Classification Examples
  - 180
    Cascading Security Contexts
  - 181
    Management Access to Security Contexts
    - 181
      System Administrator Access
    - 182
      Context Administrator Access
  - 182
    Information about Resource Management
    - 182
      Resource Limits
    - 183
      Default Class
    - 184
      Class Members
  - 185
    Information about MAC Addresses
    - 185
      Default MAC Address
    - 185
      Interaction with Manual MAC Addresses
    - 185
      Failover MAC Addresses
    - 185
      MAC Address Format
- 186
  Guidelines and Limitations
- 186
  Licensing Requirements for Multiple Context Mode
- 188
  Configuring Multiple Contexts
- 194
  Monitoring Security Contexts
  - 194
    Monitoring Context Resource Usage
  - 195
    Viewing Assigned MAC Addresses
    - 195
      Viewing MAC Addresses in the System Configuration
    - 196
      Viewing MAC Addresses Within a Context
- 197
  Feature History for Multiple Context Mode
199
Using the Startup Wizard
- 199
  Information about the Startup Wizard
- 199
  Licensing Requirements for the Startup Wizard
- 200
  Guidelines and Limitations
- 200
  Prerequisites for the Startup Wizard
- 201
  Startup Wizard Screens for ASA 5500 Series Adaptive Security Appliances
- 201
  Startup Wizard Screens for the ASA 5505 Adaptive Security Appliance
- 216
  Configuring Ipv6 Neighbor Discovery
  - 216
    Configuring Neighbor Solicitation Messages
- 223
  Configuring Ipv6 Static Neighbors
  - 225
    Interface Configuration
- 227
  Feature History for the Startup Wizard
  - 229
    Configuring Interfaces
  - 261
    Arp Table
  - 271
    Configuring Basic Settings
  - 272
    Setting the Date and Time
  - 289
    Configuring Dhcp
  - 293
    Configuring a Dhcp Server
  - 299
    Configuring Dynamic Dns
  - 357
    Displaying the Routing Table
  - 367
    Configuring a Static Route
  - 370
    Deleting Static Routes
  - 482
    Configuring Router Advertisement Messages
    - 484
      Configuring the Router Advertisement Transmission Interval
    - 486
      Configuring the Router Lifetime Value
    - 490
      Suppressing Router Advertisement Messages
      - 506
        Dynamic Nat
      - 607
        Default Configuration
      - 647
        Aaa Overview
      - 650
        Authentication Methods
      - 946
        Installing a Certificate
      - 1165
        Software Updates
      - 1180
        Wizard Setup
      - 1198
        Stateful Failover
      - 1203
        Interface Monitoring
      - 1260
        User Authentication
      - 1412
        Configuring Split Tunneling
      - 1486
        Configuring Port Forwarding
      - 1587
        Ssl Certificates
      - 1589
        Ipsec Tunnels
      - 1611
        Syslog Message Format
      - 1614
        Enabling Logging
      - 1655
        Configuring Snmp Traps
      - 1659
        Snmp Monitoring
      - 1693
        Troubleshooting
      - 1721
        Ipv6 Addresses

Also See for Cisco ASA 5505

Cisco ASA Series Cli Configuration Manual

Cisco ASA Series Cli Configuration Manual 2164 pages

Cisco ASA 5505 Getting Started Manual

Cisco ASA 5505 Getting Started Manual 168 pages

Cisco ASA 5505 Getting Started Manual

Cisco ASA 5505 Getting Started Manual 114 pages

Related Manuals for Cisco ASA 5505

Firewall Cisco ASA 5505 Getting Started Manual
(108 pages)
Firewall Cisco ASA 5505 Hardware Installation Manual
Asa 5500 series (82 pages)
Firewall Cisco ASA 5505 Hardware Installation Manual
Adaptive security appliance (52 pages)
Firewall Cisco 5505 - ASA Firewall Edition Bundle Installation Manual
Adaptive security appliance (14 pages)
Firewall Cisco ASA 5506-X Easy Setup Manual
Asa with firepower services (11 pages)
Firewall Cisco 5510 - ASA SSL / IPsec VPN Edition Getting Started Manual
Asa 5500 series (208 pages)
Firewall Cisco ASA 5550 Series Getting Started Manual
(104 pages)

Firewall Cisco 5580-40 - ASA Firewall Edition Hardware Installation Manual
Adaptive security appliance (84 pages)
Network Router Cisco WS-C5509 Hardware Installation Manual
Asa 5500 series (72 pages)
Firewall Cisco Cisco ASA 5510 Quick Start Manual
Adaptive security appliance asa 5500 series (63 pages)
Firewall Cisco 5510 - ASA SSL / IPsec VPN Edition Quick Start Manual
Asa 5500 series adaptive security appliance (40 pages)
Firewall Cisco ASA 5580 Quick Start Manual
(13 pages)
Firewall Cisco ASA 5506-X Quick Start Manual
Firepower threat defense for the asa 5506-x series using firepower device manager (14 pages)

Summary of Contents for Cisco ASA 5505

Page 1 Cisco ASA 5500 Series Configuration Guide using ASDM Software Version 6.3, for use with Cisco ASA 5500 Version 8.3 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.
Page 3 Obtaining Documentation, Obtaining Support, and Security Guidelines Getting Started and General Information P A R T Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance C H A P T E R ASDM Client Operating System and Browser Requirements...
Page 4: Table Of Contents
C H A P T E R Information About the ASDM User Interface Navigating in the ASDM User Interface Menus File Menu View Menu Tools Menu Wizards Menu Window Menu Help Menu Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 5 Managing Feature Licenses C H A P T E R Supported Feature Licenses Per Model Licenses Per Model License Notes VPN License and Feature Compatibility 4-11 Information About Feature Licenses 4-11 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 6 Configuring the Firewall Mode Information About the Firewall Mode Information About Routed Firewall Mode Information About Transparent Firewall Mode Licensing Requirements for the Firewall Mode Default Settings Guidelines and Limitations Setting the Firewall Mode Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 7 Setting up the Adaptive Security Appliance P A R T Configuring Multiple Context Mode C H A P T E R Information About Security Contexts Common Uses for Security Contexts Context Configuration Files Context Configurations Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 8 6-22 Feature History for Multiple Context Mode 6-23 Using the Startup Wizard C H A P T E R Information About the Startup Wizard Licensing Requirements for the Startup Wizard Cisco ASA 5500 Series Configuration Guide using ASDM viii OL-20339-01...
Page 9 Prerequisites for the Startup Wizard Guidelines and Limitations Startup Wizard Screens for ASA 5500 Series Adaptive Security Appliances Startup Wizard Screens for the ASA 5505 Adaptive Security Appliance Step 1 - Starting Point or Welcome Step 2 - Basic Configuration...
Page 10 Task Flow for Starting Interface Configuration 8-16 Configuring VLAN Interfaces 8-17 Configuring and Enabling Switch Ports as Access Ports 8-18 Configuring and Enabling Switch Ports as Trunk Ports 8-19 Completing Interface Configuration (All Models) 8-21 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 11 Configuring the Master Passphrase Information About the Master Passphrase Licensing Requirements for the Master Passphrase Guidelines and Limitations Adding or Changing the Master Passphrase Disabling the Master Passphrase Recovering the Master Passphrase Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 12 C H A P T E R Information about DDNS 11-1 Licensing Requirements for DDNS 11-1 Guidelines and Limitations 11-2 Configuring Dynamic DNS 11-2 DDNS Monitoring 11-4 Feature History for DDNS 11-4 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 13 13-14 Creating a Regular Expression Class Map 13-15 Configuring Time Ranges 13-15 Add/Edit Time Range 13-16 Adding a Time Range to an Access Rule 13-16 Add/Edit Recurring Time Range 13-18 Cisco ASA 5500 Series Configuration Guide using ASDM xiii OL-20339-01...
Page 14 Using Standard ACLs 17-3 Adding a Standard ACL 17-3 Adding an ACE to a Standard ACL 17-3 Editing an ACE in a Standard ACL 17-4 Feature History for Standard ACLs 17-4 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 15 Configuring Static and Default Routes 19-2 Configuring a Static Route 19-3 Add/Edit a Static Route 19-3 Configuring Static Route Tracking 19-6 Deleting Static Routes 19-6 Configuring a Default Static Route 19-7 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 16 Configuring OSPF Area Parameters 21-12 Configuring OSPF NSSA 21-13 Defining Static OSPF Neighbors 21-14 Configuring Route Calculation Timers 21-15 Logging Neighbors Going Up or Down 21-16 Configuring Filtering in OSPF 21-16 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 17 23-1 C H A P T E R Overview 23-1 Licensing Requirements for EIGRP 23-2 Guidelines and Limitations 23-2 Task List to Configure an EIGRP Process 23-3 Configuring EIGRP 23-3 Cisco ASA 5500 Series Configuration Guide using ASDM xvii OL-20339-01...
Page 18 Disabling IGMP on an Interface 24-6 Configuring IGMP Group Membership 24-6 Configuring a Statically Joined IGMP Group 24-7 Controlling Access to Multicast Groups 24-8 Limiting the Number of IGMP States on an Interface 24-8 Cisco ASA 5500 Series Configuration Guide using ASDM xviii OL-20339-01...
Page 19 25-5 Configuring DAD Settings 25-5 Configuring IPv6 Addresses on an Interface 25-6 Configuring IPv6 Prefixes on an Interface 25-7 Feature History for Neighbor Reachable Time 25-8 Configuring Router Advertisement Messages 25-8 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 20 Feature History for Configuring a Static IPv6 Neighbor 25-20 Configuring Network Address Translation P A R T Information About NAT 26-1 C H A P T E R Why Use NAT? 26-1 NAT Terminology 26-2 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 21 Configuring Static NAT or Static NAT with Port Translation 27-11 Configuring Identity NAT 27-14 Configuration Examples for Network Object NAT 27-17 Providing Access to an Inside Web Server (Static NAT) 27-18 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 22 Order in Which Multiple Feature Actions are Applied 29-4 Incompatibility of Certain Feature Actions 29-5 Feature Matching for Multiple Service Policies 29-5 Licensing Requirements for Service Policies 29-6 Guidelines and Limitations 29-6 Default Settings 29-7 Cisco ASA 5500 Series Configuration Guide using ASDM xxii OL-20339-01...
Page 23 30-7 Default Settings 30-7 Configuring Access Rules 30-7 Adding an Access Rule 30-7 Adding an EtherType Rule (Transparent Mode Only) 30-8 Add/Edit EtherType Rule 30-10 Configuring Management Access Rules 30-10 Cisco ASA 5500 Series Configuration Guide using ASDM xxiii OL-20339-01...
Page 24 RADIUS Server Fields 31-11 TACACS+ Server Fields 31-12 SDI Server Fields 31-13 Windows NT Domain Server Fields 31-13 Kerberos Server Fields 31-13 LDAP Server Fields 31-15 HTTP Form Server Fields 31-17 Cisco ASA 5500 Series Configuration Guide using ASDM xxiv OL-20339-01...
Page 25 Limiting User CLI and ASDM Access with Management Authorization 32-12 Configuring Command Authorization 32-13 Command Authorization Overview 32-13 Configuring Local Command Authorization 32-15 Configuring TACACS+ Command Authorization 32-18 Configuring Management Access Accounting 32-22 Viewing the Current Logged-In User 32-23 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 26 Configuring Additional URL Filtering Settings 34-4 Buffering the Content Server Response 34-5 Caching Server Addresses 34-5 Filtering HTTP URLs 34-6 Configuring Filtering Rules 34-6 Filtering the Rule Table 34-11 Defining Queries 34-12 Cisco ASA 5500 Series Configuration Guide using ASDM xxvi OL-20339-01...
Page 27 35-19 Configuring Code Signer Certificates 35-20 Showing Code Signer Certificate Details 35-20 Deleting a Code Signer Certificate 35-21 Importing a Code Signer Certificate 35-21 Exporting a Code Signer Certificate 35-21 Cisco ASA 5500 Series Configuration Guide using ASDM xxvii OL-20339-01...
Page 28 37-6 Add/Edit DNS Match Criterion 37-7 DNS Inspect Map 37-8 Add/Edit DNS Policy Map (Security Level) 37-10 Add/Edit DNS Policy Map (Details) 37-11 FTP Inspection 37-13 FTP Inspection Overview 37-13 Cisco ASA 5500 Series Configuration Guide using ASDM xxviii OL-20339-01...
Page 29 Select IPSec-Pass-Thru Map 37-45 IPSec Pass Through Inspect Map 37-45 Add/Edit IPSec Pass Thru Policy Map (Security Level) 37-46 Add/Edit IPSec Pass Thru Policy Map (Details) 37-47 NetBIOS Inspection 37-48 Cisco ASA 5500 Series Configuration Guide using ASDM xxix OL-20339-01...
Page 30 Add/Edit H.323 Policy Map (Details) 38-10 Add/Edit HSI Group 38-12 Add/Edit H.323 Map 38-12 MGCP Inspection 38-13 MGCP Inspection Overview 38-14 Select MGCP Map 38-16 MGCP Inspect Map 38-16 Gateways and Call Agents 38-17 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 31 39-1 C H A P T E R ILS Inspection 39-1 SQL*Net Inspection 39-2 Sun RPC Inspection 39-3 Sun RPC Inspection Overview 39-3 SUNRPC Server 39-3 Add/Edit SUNRPC Service 39-4 Cisco ASA 5500 Series Configuration Guide using ASDM xxxi OL-20339-01...
Page 32 P A R T Information About Cisco Unified Communications Proxy Features 41-1 C H A P T E R Information About the Adaptive Security Appliance in Cisco Unified Communications 41-1 TLS Proxy Applications in Cisco Unified Communications 41-3 Licensing for Cisco Unified Communications Proxy Features...
Page 33 42-18 Saving the Identity Certificate Request 42-19 Installing the ASA Identity Certificate on the Mobility Advantage Server 42-20 Installing the ASA Identity Certificate on the Presence Federation and Cisco Intercompany Media Engine Servers 42-21 Configuring the Cisco Phone Proxy 43-1...
Page 34 Add TLS Proxy Instance Wizard – Other Steps 44-12 Edit TLS Proxy Instance – Server Configuration 44-12 Edit TLS Proxy Instance – Client Configuration 44-13 TLS Proxy 44-15 Add/Edit TLS Proxy 44-16 Cisco ASA 5500 Series Configuration Guide using ASDM xxxiv OL-20339-01...
Page 35 Licensing for Cisco Unified Presence 46-7 Configuring Cisco Unified Presence Proxy for SIP Federation 46-7 Task Flow for Configuring Cisco Unified Presence Federation Proxy for SIP Federation 46-8 Feature History for Cisco Unified Presence 46-8 Configuring Cisco Intercompany Media Engine Proxy...
Page 36 (Optional) Configuring TLS within the Local Enterprise 47-28 (Optional) Configuring Off Path Signaling 47-31 Configuring the Cisco UC-IMC Proxy by using the UC-IME Proxy Pane 47-32 Configuring the Cisco UC-IMC Proxy by using the Unified Communications Wizard 47-34 Feature History for Cisco Intercompany Media Engine Proxy...
Page 37 Enabling Traffic Classification and Actions for the Botnet Traffic Filter 50-10 Blocking Botnet Traffic Manually 50-12 Searching the Dynamic Database 50-13 Monitoring the Botnet Traffic Filter 50-13 Botnet Traffic Filter Syslog Messaging 50-13 Botnet Traffic Filter Monitor Panes 50-14 Cisco ASA 5500 Series Configuration Guide using ASDM xxxvii OL-20339-01...
Page 38 TCP Reset Settings 52-4 Configuring IP Audit for Basic IPS Support 52-5 IP Audit Policy 52-5 Add/Edit IP Audit Policy Configuration 52-6 IP Audit Signatures 52-6 IP Audit Signature List 52-7 Cisco ASA 5500 Series Configuration Guide using ASDM xxxviii OL-20339-01...
Page 39 C H A P T E R Information About the CSC SSM 55-1 Determining What Traffic to Scan 55-3 Licensing Requirements for the CSC SSM 55-5 Prerequisites for the CSC SSM 55-5 Cisco ASA 5500 Series Configuration Guide using ASDM xxxix OL-20339-01...
Page 40 CSC Setup Wizard IP Configuration 56-9 CSC Setup Wizard Host Configuration 56-9 CSC Setup Wizard Management Access Configuration 56-10 CSC Setup Wizard Password Configuration 56-10 CSC Setup Wizard Traffic Selection for CSC Scan 56-11 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 41 Auto Update Process Overview 57-8 Monitoring the Auto Update Process 57-9 Failover Health Monitoring 57-10 Unit Health Monitoring 57-11 Interface Monitoring 57-11 Failover Feature/Platform Matrix 57-12 Failover Times by Platform 57-12 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 42 Device Initialization and Configuration Synchronization 59-2 Command Replication 59-3 Failover Triggers 59-3 Failover Actions 59-4 Optional Active/Standby Failover Settings 59-5 Licensing Requirements for Active/Standby Failover 59-5 Prerequisites for Active/Standby Failover 59-5 Cisco ASA 5500 Series Configuration Guide using ASDM xlii OL-20339-01...
Page 43 Failover-Multiple Mode, Security Context 60-8 Failover - Routed 60-8 Failover - Transparent 60-9 Failover-Multiple Mode, System 60-9 Failover > Setup Tab 60-10 Failover > Criteria Tab 60-12 Failover > Active/Active Tab 60-12 Cisco ASA 5500 Series Configuration Guide using ASDM xliii OL-20339-01...
Page 44 VPN Client Authentication Method and Name 62-9 Client Authentication 62-10 New Authentication Server Group 62-11 User Accounts 62-11 Address Pool 62-12 Attributes Pushed to Client 62-13 IPsec Settings (Optional) 62-13 Summary 62-14 Cisco ASA 5500 Series Configuration Guide using ASDM xliv OL-20339-01...
Page 45 Adding or Editing a Remote Access Internal Group Policy, General Attributes 64-7 Configuring the Portal for a Group Policy 64-10 Configuring Customization for a Group Policy 64-11 Adding or Editing a Site-to-Site Internal Group Policy 64-12 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 46 Add/Edit Internal Group Policy > Client Configuration > General Client Parameters 64-29 View/Config Banner 64-31 Add/Edit Internal Group Policy > Client Configuration > Cisco Client Parameters 64-31 Add or Edit Internal Group Policy > Advanced > IE Browser Proxy 64-32...
Page 47 64-88 Add/Edit Tunnel Group > General > Client Address Assignment 64-88 Add/Edit Tunnel Group > General > Advanced 64-89 Add/Edit Tunnel Group > IPsec for Remote Access > IPsec 64-90 Cisco ASA 5500 Series Configuration Guide using ASDM xlvii OL-20339-01...
Page 48 Test Dynamic Access Policies 65-8 Add/Edit Dynamic Access Policies 65-10 Add/Edit AAA Attributes 65-15 Retrieving Active Directory Groups 65-18 Add/Edit Endpoint Attributes 65-19 Guide 65-22 Syntax for Creating Lua EVAL Expressions 65-22 Cisco ASA 5500 Series Configuration Guide using ASDM xlviii OL-20339-01...
Page 49 67-16 Java Code Signer 67-18 Encoding 67-18 Web ACLs 67-21 Configuring Port Forwarding 67-22 Why Port Forwarding? 67-22 Port Forwarding Requirements and Restrictions 67-23 Configuring DNS for Port Forwarding 67-24 Cisco ASA 5500 Series Configuration Guide using ASDM xlix OL-20339-01...
Page 50 Creating XML-Based Portal Customization Objects and URL Lists 67-52 Understanding the XML Customization File Structure 67-52 Customization Example 67-58 Using the Customization Template 67-60 The Customization Template 67-60 Help Customization 67-73 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 51 68-1 C H A P T E R Configuring E-Mail Proxy 68-1 68-2 POP3S Tab 68-2 IMAP4S Tab 68-4 SMTPS Tab 68-6 Access 68-7 Edit E-Mail Proxy Access 68-9 Authentication 68-9 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 52 Severity Levels 71-3 Message Classes and Range of Syslog IDs 71-4 Filtering Syslog Messages 71-4 Sorting in the Log Viewers 71-4 Using Custom Message Lists 71-5 Licensing Requirements for Logging 71-5 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 53 Adding or Editing the Rate Limit for a Syslog Message 71-21 Editing the Rate Limit for a Syslog Severity Level 71-21 Log Monitoring 71-22 Filtering Syslog Messages Through the Log Viewers 71-22 Cisco ASA 5500 Series Configuration Guide using ASDM liii OL-20339-01...
Page 54 73-3 Security Models 73-3 SNMP Groups 73-4 SNMP Users 73-4 SNMP Hosts 73-4 Implementation Differences Between Adaptive Security Appliances and the Cisco IOS 73-4 Licensing Requirements for SNMP 73-4 Prerequisites for SNMP 73-5 Guidelines and Limitations 73-5 Configuring SNMP 73-6...
Page 55 75-9 Configuring the Boot Image/Configuration Settings 75-9 Adding a Boot Image 75-10 Upgrading Software from Your Local Computer 75-10 Upgrading Software from the Cisco.com Wizard 75-11 Scheduling a System Restart 75-12 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 56 76-12 Common Problems 76-13 Reference P A R T Addresses, Protocols, and Ports A P P E N D I X IPv4 Addresses and Subnet Masks Classes Private Networks Subnet Masks Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 57 Configuring an External RADIUS Server B-30 Reviewing the RADIUS Configuration Procedure B-30 Security Appliance RADIUS Authorization Attributes B-30 Security Appliance IETF RADIUS Authorization Attributes B-38 Configuring an External TACACS+ Server B-39 Cisco ASA 5500 Series Configuration Guide using ASDM lvii OL-20339-01...
Page 58 Contents L O S S A R Y N D E X Cisco ASA 5500 Series Configuration Guide using ASDM lviii OL-20339-01...
Page 59: About This Guide
This guide applies to the Cisco ASA 5500 series adaptive security appliances. Throughout this guide, the term “adaptive security appliance” applies generically to all supported models, unless specified otherwise.
Page 60: Related Documentation
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 61 A R T Getting Started and General Information...
Page 63 Instead, refer to the ASDM guide in which support for your platform version was added (see Cisco ASA 5500 Series and PIX 500 Series Security Appliance Hardware and Software Compatibility for the minimum supported version of ASDM for each ASA version).
Page 64 1. Obtain Sun Java from java.sun.com ASA 5500 Model Support For a complete list of supported ASA models and ASA software versions for this release, see Cisco ASA 5500 Series and PIX 500 Series Security Appliance Hardware and Software Compatibility: http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html...
Page 65 No support 1. The CSC SSM licenses support up to 1000 users while the Cisco ASA 5540 Series appliance can support significantly more users. If you deploy CSC SSM with an ASA 5540 adaptive security appliance, be sure to configure the security appliance to send the CSC SSM only the traffic that should be scanned.
Page 66 Syslog message filtering based on multiple text strings that correspond to various columns • Creation of custom filters • Column sorting of messages. For detailed information, see the Cisco ASA 5500 Series • Configuration Guide using ASDM. The following screens were modified: Monitoring >...
Page 67 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance New Features Table 1-3 New Features for ASDM Version 6.3(2)/ASA Version 8.3(2) (Unless Otherwise Noted) (continued) Feature Description Hardware processing for This feature lets you switch large modulus operations from software to hardware. It applies large modulus operations only to the ASA models 5510, 5520, 5540, and 5550.
Page 68 Description General Features No Payload Encryption For export to some countries, payload encryption cannot be enabled on the Cisco ASA 5500 image for export series. For version 8.3(2), you can now install a No Payload Encryption image (asa832-npe-k8.bin) on the following models: ASA 5505 •...
Page 69 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance New Features Table 1-4 lists the new features for ASDM Version 6.3(1). All features apply only to ASA Version 8.3(1), unless otherwise noted. Table 1-4 New Features for ASDM Version 6.3(1)/ASA Version 8.3(1) (Unless Otherwise Noted)
Page 70 For LAN-to-LAN connections using mixed IPv4 and IPv6 addressing, or all IPv6 addressing, LAN-to-LAN VPN the adaptive security appliance supports VPN tunnels if both peers are Cisco ASA 5500 series connections adaptive security appliances, and if both inside networks have matching addressing schemes (both IPv4 or both IPv6).
Page 71 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance New Features Table 1-4 New Features for ASDM Version 6.3(1)/ASA Version 8.3(1) (Unless Otherwise Noted) (continued) Feature Description Usability Improvements for ASDM provides a step-by-step guide to configuring Clientless SSL VPN, AnyConnect SSL Remote Access VPN VPN Remote Access, or IPsec Remote Access using the ASDM Assistant.
Page 72 The following screen was modified: Configuration > Firewall > Threat Detection. Unified Communication Features SCCP v19 support The IP phone support in the Cisco Phone Proxy feature was enhanced to include support for version 19 of the SCCP protocol on the list of supported IP phones. Cisco Intercompany Media...
Page 73 Failover licenses no longer need to be identical on each unit. The license used for both units is licenses the combined license from the primary and secondary units. For the ASA 5505 and 5510 adaptive security appliances, both units require the Note Security Plus license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.
Page 74 Configuration > Device Management > Device Administration > Master Passphrase ASDM Features Upgrade Software from The Upgrade Software from Cisco.com wizard has changed to allow you to automatically Cisco.com Wizard upgrade ASDM and the adaptive security appliance to more current versions. Note that this feature is only available in single mode and, in multiple context mode, in the System execution space.
Page 75 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance Unsupported Commands Unsupported Commands ASDM supports almost all commands available for the adaptive adaptive security appliance, but ASDM ignores some commands in an existing configuration. Most of these commands can remain in your configuration;...
Page 76 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance Unsupported Commands (continued) Table 1-5 List of Unsupported Commands Unsupported Commands ASDM Behavior sysopt uauth allow-http-cache Ignored. terminal Ignored. Effects of Unsupported Commands If ASDM loads an existing running configuration and finds other unsupported commands, ASDM operation is unaffected.
Page 77 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance Firewall Functional Overview Firewall Functional Overview Firewalls protect inside networks from unauthorized access by users on an outside network. A firewall can also protect inside networks from each other, for example, by keeping a human resources network separate from a user network.
Page 78 Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance Firewall Functional Overview Permitting or Denying Traffic with Access Rules You can apply an access rule to limit traffic from inside to outside, or allow traffic from outside to inside.
Page 79: Enabling Threat Detection
Firewall Functional Overview manager. Other legitimate connections continue to operate independently without interruption. For more information, see Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface. Sending Traffic to the Content Security and Control Security Services Module If your model supports it, the CSC SSM provides protection against viruses, spyware, spam, and other unwanted traffic.
Page 80: Configuring Cisco Unified Communications
Configuring Cisco Unified Communications The Cisco ASA 5500 Series appliances are a strategic platform to provide proxy functions for unified communications deployments. The purpose of a proxy is to terminate and reoriginate connections between a client and server.
Page 81: Vpn Functional Overview
Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance VPN Functional Overview Performing the access list checks – Performing route lookups – Allocating NAT translations (xlates) – Establishing sessions in the “fast path” – Some packets that require Layer 7 inspection (the packet payload must be inspected or altered) are passed on to the control plane path.
Page 82: Security Context Overview
Chapter 1 Introduction to the Cisco ASA 5500 Series Adaptive Security Appliance Security Context Overview Manages data transfer across the tunnel • Manages data transfer inbound and outbound as a tunnel endpoint or router • The adaptive security appliance invokes various standard protocols to accomplish these functions.
Page 83: Getting Started
32-1. See the following Ethernet connection guidelines when using the factory default configurations: ASA 5505—The switch port to which you connect to ASDM can be any port, except for Ethernet • 0/0. ASA 5510 and higher —The interface to which you connect to ASDM is Management 0/0.
Page 84: Chapter 2 Getting Started
Starting ASDM from the ASDM Launcher To start ASDM from the ASDM Launcher, perform the following steps: Double-click the Cisco ASDM Launcher shortcut on your desktop, or open it from the Start menu. Step 1 Alternatively, from the ASDM Welcome screen, you can click Run Startup Wizard to configure ASDM.
Page 85: Using Asdm In Demo Mode
Save Running Configuration to Standby Unit Save Internal Log Buffer to Flash Clear Internal Log Buffer – Tools menu: Command Line Interface Ping File Management Update Software File Transfer Upload Image from Local PC System Reload Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 86: Starting Asdm From A Web Browser
Step 2 Double-click the installer to install the software. Step 3 Double-click the Cisco ASDM Launcher shortcut on your desktop, or open it from the Start menu. Check the Run in Demo Mode check box. Step 4 The Demo Mode window appears.
Page 87: Multiple Asdm Session Support
ASDM sessions are supported per context, up to a maximum of 32 total connections for each adaptive security appliance. Factory Default Configurations The factory default configuration is the configuration applied by Cisco to new adaptive security appliances. For the ASA 5510 and higher adaptive security appliances, the factory default configuration configures an interface for management so you can connect to it using ASDM, with which you can then complete your configuration.
Page 88: Asa 5505 Default Configuration
ASA 5505 Default Configuration The default factory configuration for the ASA 5505 adaptive security appliance configures the following: An inside VLAN 1 interface that includes the Ethernet 0/1 through 0/7 switch ports. If you did not •...
Page 89: Asa 5510 And Higher Default Configuration
The HTTP server is enabled for ASDM and is accessible to users on the 192.168.1.0 network. The configuration consists of the following commands: interface management 0/0 ip address 192.168.1.1 255.255.255.0 nameif management security-level 100 no shutdown asdm logging informational 100 asdm history enable Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 90: Getting Started With The Configuration
This section includes the following topics: Using the Command Line Interface Tool, page 2-9 • Handling Command Errors, page 2-9 • Using Interactive Commands, page 2-9 • Avoiding Conflicts with Other Administrators, page 2-10 • Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 91: Using The Command Line Interface Tool
A message appears in the Response area to inform you whether or not any error occurred, as well as other related information. ASDM supports almost all CLI commands. See the Cisco ASA 5500 Series Command Reference for a Note list of commands.
Page 92: Avoiding Conflicts With Other Administrators
To display the list of unsupported commands for ASDM, perform the following steps: In the main ASDM application window, choose Tools > Show Commands Ignored by ASDM on Step 1 Device. Click OK when you are done. Step 2 Cisco ASA 5500 Series Configuration Guide using ASDM 2-10 OL-20339-01...
Page 93 To access the Configuration and Monitoring panes, you can do one of the following: Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 94: Chapter 3 Using The Asdm User Interface
In addition, the ASDM Assistant appears in this pane. Figure 3-1 on page 3-2 shows the elements of the ASDM user interface. Figure 3-1 ASDM User Interface Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 95: Navigating In The Asdm User Interface
Choose the drop-down list below the last function button to display a context menu. Step 1 Choose one of the following options: Step 2 To show more buttons, click Show More Buttons. • • To show fewer buttons, click Show Fewer Buttons. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 96: Menus
Show Running Configuration in Displays the current running configuration in a new window. New Window Save Running Configuration to Writes a copy of the running configuration to flash memory. Flash Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 97: View Menu
%ASA-1-211004 is generated, indicating what the installed memory is and what the required memory is. This message reappears every 24 hours until the memory is upgraded. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 98: Tools Menu
See the “Tracing Packets with Packet Tracer” section on page 76-7 for more information. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 99 “Upgrading Software from the Cisco.com Wizard” section on page 75-11 for more information. Backup Configurations Backs up the adaptive security appliance configuration, a Cisco Secure Desktop image, and SSL VPN Client images and profiles. See the “Backing Up Configurations” section on page 75-13 more information.
Page 100: Wizards Menu
For more information, see the “Configuring and Running Captures with the Packet Capture Wizard” section on page 76-8. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 101: Window Menu
(?) help icon. Release Notes Opens the most current version of the Release Notes for Cisco ASDM on Cisco.com. The release notes contain the most current information about ASDM software and hardware requirements, and the most current information about changes in the software.
Page 102: Toolbar
Look For field in the menu bar. From the Find drop-down list, choose How Do I? to begin the search. To use the ASDM Assistant, perform the following steps: In the main ASDM application window, choose View > ASDM Assistant. Step 1 Cisco ASA 5500 Series Configuration Guide using ASDM 3-10 OL-20339-01...
Page 103: Status Bar
This pane is available in the Home, Configuration, Monitoring, and System views. You can use this pane to switch to another Cisco ASA 5500 Series Configuration Guide using ASDM 3-11...
Page 104: Common Buttons
Remove information from a field, or remove a check from a check box. Back Returns to the previous pane. Forward Goes to the next pane. Help Displays help for the selected pane or dialog box. Cisco ASA 5500 Series Configuration Guide using ASDM 3-12 OL-20339-01...
Page 105: Keyboard Shortcuts
Previous tab (when a tab has the focus) Left Arrow Next cell in a table Previous sell in a table Shift+Tab Next pane (when multiple panes are displayed) Previous pane (when multiple panes are displayed) Shift+F6 Cisco ASA 5500 Series Configuration Guide using ASDM 3-13 OL-20339-01...
Page 106: Enabling Extended Screen Reader Support
The Preferences dialog box appears. On the General tab, check the Enable screen reader support check box. Step 2 Click OK. Step 3 Restart ASDM to activate screen reader support. Step 4 Cisco ASA 5500 Series Configuration Guide using ASDM 3-14 OL-20339-01...
Page 107 You can control this behavior in Internet Explorer by choosing Tools > Internet Options > Advanced > Reuse windows for launching shortcuts. Cisco ASA 5500 Series Configuration Guide using ASDM 3-15 OL-20339-01...
Page 108: Home Pane (Single Mode And Context)
Figure 3-2 shows the elements of the Device Dashboard tab. Figure 3-2 Device Dashboard Tab Cisco ASA 5500 Series Configuration Guide using ASDM 3-16 OL-20339-01...
Page 109: Device Information Pane
Kbps displays below the table. VPN Sessions Pane This pane shows the VPN tunnel status. Click Details to go to the Monitoring > VPN > VPN Statistics > Sessions pane. Cisco ASA 5500 Series Configuration Guide using ASDM 3-17 OL-20339-01...
Page 110: Failover Status Pane
Latest ASDM Syslog Messages button in the left, bottom corner and the pane displays. Move your cursor away from the pane, and it disappears. Closes the pane. To show the pane, choose View Latest ASDM Syslog Messages. Cisco ASA 5500 Series Configuration Guide using ASDM 3-18 OL-20339-01...
Page 111: Firewall Dashboard Tab
In multiple context mode, the Firewall Dashboard is viewable within each context. Figure 3-4 shows some of the elements of the Firewall Dashboard tab. Figure 3-4 Firewall Dashboard Tab Cisco ASA 5500 Series Configuration Guide using ASDM 3-19 OL-20339-01...
Page 112: Traffic Overview Pane
Enabling statistics for hosts affects performance in a significant way; if you have a high traffic load, you might consider enabling this type of statistics temporarily. Enabling statistics for ports, however, has a modest effect. Cisco ASA 5500 Series Configuration Guide using ASDM 3-20 OL-20339-01...
Page 113: Top Ten Protected Servers Under Syn Attack Pane
Security > CSC Setup, you cannot access the panes under Home > Content Security. Instead, a dialog box appears and lets you access the CSC Setup Wizard directly from this location. Cisco ASA 5500 Series Configuration Guide using ASDM 3-21...
Page 114: Intrusion Prevention Tab
To connect to the IPS software on the AIP SSM, perform the following steps: In the main ASDM application window, click the Intrusion Prevention tab. Step 1 In the Connecting to IPS dialog box, choose one of the following options: Step 2 Cisco ASA 5500 Series Configuration Guide using ASDM 3-22 OL-20339-01...
Page 115 Health Dashboard tab, located on the Intrusion Prevention tab. Figure 3-6 Intrusion Prevention Tab (Health Dashboard) Legend GUI Element Description Sensor Information pane. Sensor Health pane. CPU, Memory, and Load pane. Interface Status pane. Licensing pane. Cisco ASA 5500 Series Configuration Guide using ASDM 3-23 OL-20339-01...
Page 116: Home Pane (System)
Description System vs. Context selection. Interface Status pane. Choose an interface to view the total amount of traffic through the interface. Connection Status pane. CPU Status pane. Memory Status pane. Cisco ASA 5500 Series Configuration Guide using ASDM 3-24 OL-20339-01...
Page 117 This section describes the licenses available for each model as well as important notes about licenses. This section includes the following topics: Licenses Per Model, page 4-2 • License Notes, page 4-9 • • VPN License and Feature Compatibility, page 4-11 Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 118: Chapter 4 Managing Feature Licenses
Security Plus license. You can mix and match licenses, for example, the 10 security context license plus the Strong Encryption license; or the 500 Clientless SSL VPN license plus the GTP/GPRS license; or all four licenses together. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 119 Chapter 4 Managing Feature Licenses Supported Feature Licenses Per Model Table 4-1 shows the licenses for the ASA 5505. Table 4-1 ASA 5505 Adaptive Security Appliance License Features ASA 5505 Base License Security Plus Firewall Licenses Botnet Traffic Filter Disabled...
Page 120 2. See the “VPN License and Feature Compatibility” section on page 4-11. 3. Although the Ethernet 0/0 and 0/1 ports are Gigabit Ethernet, they are still identified as “Ethernet” in the software. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 121 Failover Active/Standby or Active/Active Security Contexts Optional licenses: VLANs, Maximum 1. See the “License Notes” section on page 4-9. 2. See the “VPN License and Feature Compatibility” section on page 4-11. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 122 Failover Active/Standby or Active/Active Security Contexts Optional licenses: VLANs, Maximum 1. See the “License Notes” section on page 4-9. 2. See the “VPN License and Feature Compatibility” section on page 4-11. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 123 Failover Active/Standby or Active/Active Security Contexts Optional licenses: VLANs, Maximum 1. See the “License Notes” section on page 4-9. 2. See the “VPN License and Feature Compatibility” section on page 4-11. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 124 2. With the 10,000-session license, the total combined sessions can be 10,000, but the maximum number of Phone Proxy sessions is 5000. 3. See the “VPN License and Feature Compatibility” section on page 4-11. Cisco ASA 5500 Series Configuration Guide using ASDM OL-20339-01...
Page 125: License Notes
This license enables AnyConnect VPN client access to the adaptive security appliance. This license does not support browser-based (clientless) SSL VPN access or Cisco Secure Desktop. For these features, activate an AnyConnect Premium SSL VPN Edition license instead of the AnyConnect Essentials license.
Page 126 All of these applications are licensed under the UC Proxy umbrella, and can be mixed and matched. Some applications might use multiple sessions for a connection. For example, if you configure a phone with a primary and backup Cisco Unified Communications Manager, there are 2 TLS proxy connections, so 2 UC Proxy sessions are used.
Page 127: Vpn License And Feature Compatibility
Preinstalled License, page 4-12 • Permanent License, page 4-12 • Time-Based Licenses, page 4-12 • Shared SSL VPN Licenses, page 4-14 • Failover Licenses, page 4-19 • Licenses FAQ, page 4-20 • Cisco ASA 5500 Series Configuration Guide using ASDM 4-11 OL-20339-01...
Page 128: Preinstalled License
• security appliance. If you stop using the time-based license before it times out, then the timer halts. The timer only starts • again when you reactivate the time-based license. Cisco ASA 5500 Series Configuration Guide using ASDM 4-12 OL-20339-01...
Page 129: How Permanent And Time-Based Licenses Combine
To view the combined license, see the “Viewing Your Current License” section on page 4-23. Cisco ASA 5500 Series Configuration Guide using ASDM 4-13 OL-20339-01...
Page 130: Stacking Time-Based Licenses
This section describes how a shared license works and includes the following topics: Cisco ASA 5500 Series Configuration Guide using ASDM 4-14 OL-20339-01...
Page 131: Information About The Shared Licensing Server And Participants
The participant continues to send refresh messages requesting more sessions until the server can adequately fulfill the request. When the load is reduced on a participant, it sends a message to the server to release the shared sessions. Cisco ASA 5500 Series Configuration Guide using ASDM 4-15 OL-20339-01...
Page 132: Communication Issues Between Participant And Server
10-day limit left over. The backup server “recharges” up to the maximum 30 days after 20 more days as an inactive backup. This recharging function is implemented to discourage misuse of the shared license. Cisco ASA 5500 Series Configuration Guide using ASDM 4-16 OL-20339-01...
Page 133: Failover And Shared Licenses
If Pair #1 remains down, and the primary unit in Pair #2 goes down, then the standby unit in Pair #2 comes into use as the shared licensing server (see Figure 4-1). Cisco ASA 5500 Series Configuration Guide using ASDM 4-17 OL-20339-01...
Page 134 In this case, you can increase the delay between participant refreshes, or you can create two shared networks. Cisco ASA 5500 Series Configuration Guide using ASDM 4-18...
Page 135: Failover Licenses
If you have licenses on both units, they combine into a single running failover cluster license. For the ASA 5505 and 5510 adaptive security appliances, both units require the Security Plus • license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.
Page 136: Loss Of Communication Between Failover Units
Yes. You can use one time-based license per feature at a time. Can I “stack” time-based licenses so that when the time limit runs out, it will automatically use the next license? Cisco ASA 5500 Series Configuration Guide using ASDM 4-20 OL-20339-01...
Page 137: Guidelines And Limitations