Cisco ASA License Woes

I have been engaged to deploy a Cisco ASA 5505 device this week. It came with the basic license package. The client wanted the classic deployment, one vlan for the external interface, one vlan for the inside interface and a third vlan for DMZ (Demilitarize zone).

Id like to share with you that this cant be done with the basic license. You need to invest in the upgrade. The ASDM software will force you to restrict the traffic from one of the 3 vlans to any one of the two remaining VLans.

On the bright side of it, the Cisco ASA device came with ASDM ( A GUI client) that can be used in lieu of the CLI (command line interface).
Some things to note with the ASDM interface:

1. You install it by browsing the default interface “https://192.168.1.1” The webpage will have a link for you to install the ASDM software.
2. There is a bug with the backup and restore tools on the ASDM. They dont really restore the backups!
3. If you are having problems with the installation on the ASDM and your browser, try mozilla, or IE or switch between the two. Other sites have mentioned that it could also be the java version you have in your machine.
4. Remember to login to the PC as the ADMIN when you try to install ASDM.
5. I got problems creating/inserting firewall rules with this on the inside interface, so i had to do it by CLI (by hand)

It does provide cool dashboards tho:

The basic package does not include the IPS module!!

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.