From: essenz on
This one has me stumped.

I have a brand new ASA5510 Security Plus. It boots up, I can go in via
console, but alot of commands that are supposed to work dont.

For example, no vlan commands exist. If I try to create a vlan (conf
t, interface vlan 100) it says unrecognized command.

I tried to restore factory default by running the command (conf
factory-default) - same thing, command unrecognized. I've tried
different OS versions (7.3, 8.2, 8.3), different ASDM versions, still
nothing, here is my sh ver and sh run:

ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.3(1)
Device Manager Version 6.1(5)

Compiled on Thu 04-Mar-10 16:56 by builders
System image file is "disk0:/asa831-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 14 mins 26 secs

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 64MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator
(revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-
PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-
MAIN-2.06
0: Ext: Ethernet0/0 : address is 5475.d0f0.4e30, irq 9
1: Ext: Ethernet0/1 : address is 5475.d0f0.4e31, irq 9
2: Ext: Ethernet0/2 : address is 5475.d0f0.4e32, irq 9
3: Ext: Ethernet0/3 : address is 5475.d0f0.4e33, irq 9
4: Ext: Management0/0 : address is 5475.d0f0.4e34, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
SSL VPN Peers : 2 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
AnyConnect Essentials : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual

This platform has an ASA 5510 Security Plus license.

Serial Number: *****hidden******
Running Permanent Activation Key: *****hidden******
Configuration register is 0x1
Configuration has not been modified since last system restart.





ciscoasa# sh run
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 10.40.14.111 255.0.0.0
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa831-k8.bin
ftp mode passive
pager lines 24
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome(a)cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily

From: Morph on
In the message
<cb96590e-b7ea-44f4-8db3-e73fd129ea74(a)t10g2000yqg.googlegroups.com>
essenz wrote:

| This one has me stumped.
|
| I have a brand new ASA5510 Security Plus. It boots up, I can go in via
| console, but alot of commands that are supposed to work dont.
|
| For example, no vlan commands exist. If I try to create a vlan (conf
| t, interface vlan 100) it says unrecognized command.
|
| I tried to restore factory default by running the command (conf
| factory-default) - same thing, command unrecognized. I've tried
| different OS versions (7.3, 8.2, 8.3), different ASDM versions, still
| nothing, here is my sh ver and sh run:
|

| interface Ethernet0/0
| nameif inside
| security-level 100
| ip address 10.40.14.111 255.0.0.0
| !
| interface Ethernet0/1
| shutdown
| no nameif
| no security-level
| no ip address
| !

You need to create subinterfaces for the VLAN's that you need.
Let's say you have VLAN 2,3 and 4 configured on a switch.
Connect that switch using a trunk to a port on the ASA (lets say
interface Ethernet0/1).
Then create subinterfaces on the interface Ethernet0/1

interface Ethernet0/1.2
vlan 2
nameif vlan2
security-level 100
ip address x.x.x.x y.y.y.y

interface Ethernet0/1.3
vlan 3
nameif vlan3
security-level 100
ip address x.x.z.z z.z.z.z

interface Ethernet0/1.4
vlan 4
nameif vlan4
security-level 100
ip address q.s.d.v y.y.y.y

Leave the config of Ethernet0/1 as it is (only configure the
subinterfaces) and do the no shutdown to activate it

| interface Ethernet0/1
no shutdown
| no nameif
| no security-level
| no ip address
 | 
Pages: 1
Prev: sip security
Next: WTR54gs Dropping Connection