1. Home
  2. Cisco Systems
  3. New ASA 5505 -- software upgrades, 10 inside host limit &

New ASA 5505 -- software upgrades, 10 inside host limit &

I just bought a 10 user base license 5505 to use at home. My understanding is that this comes with a year of TAC support, including software updates.

How exactly do I get this -- does it actually involve calling the TAC? Is there some online registration process? I totally struck out on the Cisco web site, there seemed to be little access for a CCO login with no contracts.

I'm mainly interested in the software updates -- the configuration seems fairly straightforward and I had it running in a couple of hours with a static NAT, dynamic NAT, etc.

My two other questions -- how is the 10 inside host limit calculated? I'm assuming unique internal IPs with connections, but I'm also assuming that there's some kind of timer/expiration so that host x.x.x.1 shutting down and going away doesn't hold a slot permanently. Is this tweakable at all? I doubt I'll hit the limit, but it'd be nice to know if I did.

Is there any way to increase the ssh connection timeout past 60 minutes? 0 isn't an option and "no ssh timeout" leaves "ssh timeout 5" in the running config.

Reply to
Howard Beale
Loading thread data ...

Possibly, but looking around it appears that possibly you are mistaken. The information I find suggests that the 1 year warranty is a limited parts/labour warranty, and that the standard limited warranty on the box (that would give you TAC support and temporary rights to software upgrades) appears to be 90 days.

I last did anything along these lines about 3 years ago, at which time the process was to sign up for a CCO account, and once logged on to there, find the appropriate section to add a contract to the account. The process of adding a contract would allow you to enter the serial number. Provided that the sale got registered through to Cisco then the adding would be allowed and that would result in the switch being flipped that allowed you full regular CCO access (until the 90 day warrantee ran out.)

Right.

Reply to
Walter Roberson

Thanks. I'll just have to be more motivated to do it now, versus later. My understanding is that critical security updates that fix problems are free down the road, even outside the 90 days?

I should probably just call the TAC. The Cisco web site kind of drives me nuts.

Reply to
Howard Beale

That has been the policy for the PIX and ASA, but I have never seen it written into the sales literature so it is potentially subject to change.

Also, any particular minor release train such as 7.2 eventually tires out with Cisco: they keep it going for awhile after they are into the next release (e.g., 8.1 now), but at some point they stop doing security fixes for it. In all of the PIX security release notes that I have gone through, I have only -once- seen Cisco put in anything that could be argued as allowing you a free update to a different minor release, and I have never seen them allow free updates to a different major release (first digit.) But major releases don't seem to last as long these days...

Reply to
Walter Roberson

I guess I'll chance it and see what happens. The worst thing that happens is that I have to buy a cheapie smartnet to get some significant software release. But I'm largely protecting a home LAN I got just a little too lazy to protect with a FreeBSD firewall.

Thusfar I pretty much have it configured the way I want, although I've got translation errors on the SSL VPN session. I get the session up, but I'm missing some translation rule which isn't mentioned in the docs I've seen thusfar.

Reply to
Howard Beale

For those following this through an archived Google groups thread, I ended up opening a case with the TAC through the 800 number, and the engineer had to make a special file download for me for ASDM 6.0(3) and the ASA 8.x image.

What's a bit missing is whether or not I can get the AnyConnect VPN client.

Reply to
Howard Beale

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.