«

I just bought a 10 user base license 5505 to use at home. My
understanding is that this comes with a year of TAC support, including
software updates.

How exactly do I get this -- does it actually involve calling the TAC? Is
there some online registration process? I totally struck out on the Cisco
web site, there seemed to be little access for a CCO login with no contracts.

I'm mainly interested in the software updates -- the configuration seems
fairly straightforward and I had it running in a couple of hours with a
static NAT, dynamic NAT, etc.

My two other questions -- how is the 10 inside host limit calculated? I'm
assuming unique internal IPs with connections, but I'm also assuming that
there's some kind of timer/expiration so that host x.x.x.1 shutting down
and going away doesn't hold a slot permanently. Is this tweakable at all?
I doubt I'll hit the limit, but it'd be nice to know if I did.

Is there any way to increase the ssh connection timeout past 60 minutes? 0
isn't an option and "no ssh timeout" leaves "ssh timeout 5" in the running
config.

In article <>,
Howard Beale <> wrote:
>I just bought a 10 user base license 5505 to use at home. My
>understanding is that this comes with a year of TAC support, including
>software updates.

Possibly, but looking around it appears that possibly you are mistaken.
The information I find suggests that the 1 year warranty is a
limited parts/labour warranty, and that the standard limited warranty
on the box (that would give you TAC support and temporary rights
to software upgrades) appears to be 90 days.

>How exactly do I get this -- does it actually involve calling the TAC? Is
>there some online registration process? I totally struck out on the Cisco
>web site, there seemed to be little access for a CCO login with no contracts.

I last did anything along these lines about 3 years ago, at which
time the process was to sign up for a CCO account, and once logged
on to there, find the appropriate section to add a contract to the
account. The process of adding a contract would allow you to enter
the serial number. Provided that the sale got registered through to
Cisco then the adding would be allowed and that would result in
the switch being flipped that allowed you full regular CCO access (until
the 90 day warrantee ran out.)


>My two other questions -- how is the 10 inside host limit calculated? I'm
>assuming unique internal IPs with connections, but I'm also assuming that
>there's some kind of timer/expiration so that host x.x.x.1 shutting down
>and going away doesn't hold a slot permanently.

Right.

Walter Roberson wrote:

> Possibly, but looking around it appears that possibly you are mistaken.
> The information I find suggests that the 1 year warranty is a
> limited parts/labour warranty, and that the standard limited warranty
> on the box (that would give you TAC support and temporary rights
> to software upgrades) appears to be 90 days.

Thanks. I'll just have to be more motivated to do it now, versus later.
My understanding is that critical security updates that fix problems are
free down the road, even outside the 90 days?

> I last did anything along these lines about 3 years ago, at which
> time the process was to sign up for a CCO account, and once logged
> on to there, find the appropriate section to add a contract to the

I should probably just call the TAC. The Cisco web site kind of drives me
nuts.

In article <>,
Howard Beale <> wrote:

>Thanks. I'll just have to be more motivated to do it now, versus later.
>My understanding is that critical security updates that fix problems are
>free down the road, even outside the 90 days?

That has been the policy for the PIX and ASA, but I have never
seen it written into the sales literature so it is potentially subject
to change.

Also, any particular minor release train such as 7.2 eventually
tires out with Cisco: they keep it going for awhile after they are
into the next release (e.g., 8.1 now), but at some point they
stop doing security fixes for it. In all of the PIX security release
notes that I have gone through, I have only -once- seen Cisco
put in anything that could be argued as allowing you a free update
to a different minor release, and I have never seen them allow
free updates to a different major release (first digit.) But major
releases don't seem to last as long these days...

Walter Roberson wrote:
> In article <>,
> Howard Beale <> wrote:
>
>> Thanks. I'll just have to be more motivated to do it now, versus later.
>> My understanding is that critical security updates that fix problems are
>> free down the road, even outside the 90 days?
>
> That has been the policy for the PIX and ASA, but I have never
> seen it written into the sales literature so it is potentially subject
> to change.

I guess I'll chance it and see what happens. The worst thing that happens
is that I have to buy a cheapie smartnet to get some significant software
release. But I'm largely protecting a home LAN I got just a little too
lazy to protect with a FreeBSD firewall.

Thusfar I pretty much have it configured the way I want, although I've got
translation errors on the SSL VPN session. I get the session up, but I'm
missing some translation rule which isn't mentioned in the docs I've seen
thusfar.

For those following this through an archived Google groups thread, I ended
up opening a case with the TAC through the 800 number, and the engineer had
to make a special file download for me for ASDM 6.0(3) and the ASA 8.x image.

What's a bit missing is whether or not I can get the AnyConnect VPN client.