New ASA 5505 -- software upgrades, 10 inside host limit &

Discussion in 'Cisco' started by Howard Beale, Feb 13, 2008.

  1. Howard Beale

    Howard Beale Guest

    I just bought a 10 user base license 5505 to use at home. My
    understanding is that this comes with a year of TAC support, including
    software updates.

    How exactly do I get this -- does it actually involve calling the TAC? Is
    there some online registration process? I totally struck out on the Cisco
    web site, there seemed to be little access for a CCO login with no contracts.

    I'm mainly interested in the software updates -- the configuration seems
    fairly straightforward and I had it running in a couple of hours with a
    static NAT, dynamic NAT, etc.

    My two other questions -- how is the 10 inside host limit calculated? I'm
    assuming unique internal IPs with connections, but I'm also assuming that
    there's some kind of timer/expiration so that host x.x.x.1 shutting down
    and going away doesn't hold a slot permanently. Is this tweakable at all?
    I doubt I'll hit the limit, but it'd be nice to know if I did.

    Is there any way to increase the ssh connection timeout past 60 minutes? 0
    isn't an option and "no ssh timeout" leaves "ssh timeout 5" in the running
    config.
     
    Howard Beale, Feb 13, 2008
    #1
    1. Advertising

  2. In article <>,
    Howard Beale <> wrote:
    >I just bought a 10 user base license 5505 to use at home. My
    >understanding is that this comes with a year of TAC support, including
    >software updates.


    Possibly, but looking around it appears that possibly you are mistaken.
    The information I find suggests that the 1 year warranty is a
    limited parts/labour warranty, and that the standard limited warranty
    on the box (that would give you TAC support and temporary rights
    to software upgrades) appears to be 90 days.

    >How exactly do I get this -- does it actually involve calling the TAC? Is
    >there some online registration process? I totally struck out on the Cisco
    >web site, there seemed to be little access for a CCO login with no contracts.


    I last did anything along these lines about 3 years ago, at which
    time the process was to sign up for a CCO account, and once logged
    on to there, find the appropriate section to add a contract to the
    account. The process of adding a contract would allow you to enter
    the serial number. Provided that the sale got registered through to
    Cisco then the adding would be allowed and that would result in
    the switch being flipped that allowed you full regular CCO access (until
    the 90 day warrantee ran out.)


    >My two other questions -- how is the 10 inside host limit calculated? I'm
    >assuming unique internal IPs with connections, but I'm also assuming that
    >there's some kind of timer/expiration so that host x.x.x.1 shutting down
    >and going away doesn't hold a slot permanently.


    Right.
     
    Walter Roberson, Feb 13, 2008
    #2
    1. Advertising

  3. Howard Beale

    Howard Beale Guest

    Walter Roberson wrote:

    > Possibly, but looking around it appears that possibly you are mistaken.
    > The information I find suggests that the 1 year warranty is a
    > limited parts/labour warranty, and that the standard limited warranty
    > on the box (that would give you TAC support and temporary rights
    > to software upgrades) appears to be 90 days.


    Thanks. I'll just have to be more motivated to do it now, versus later.
    My understanding is that critical security updates that fix problems are
    free down the road, even outside the 90 days?

    > I last did anything along these lines about 3 years ago, at which
    > time the process was to sign up for a CCO account, and once logged
    > on to there, find the appropriate section to add a contract to the


    I should probably just call the TAC. The Cisco web site kind of drives me
    nuts.
     
    Howard Beale, Feb 13, 2008
    #3
  4. In article <>,
    Howard Beale <> wrote:

    >Thanks. I'll just have to be more motivated to do it now, versus later.
    >My understanding is that critical security updates that fix problems are
    >free down the road, even outside the 90 days?


    That has been the policy for the PIX and ASA, but I have never
    seen it written into the sales literature so it is potentially subject
    to change.

    Also, any particular minor release train such as 7.2 eventually
    tires out with Cisco: they keep it going for awhile after they are
    into the next release (e.g., 8.1 now), but at some point they
    stop doing security fixes for it. In all of the PIX security release
    notes that I have gone through, I have only -once- seen Cisco
    put in anything that could be argued as allowing you a free update
    to a different minor release, and I have never seen them allow
    free updates to a different major release (first digit.) But major
    releases don't seem to last as long these days...
     
    Walter Roberson, Feb 13, 2008
    #4
  5. Howard Beale

    Howard Beale Guest

    Walter Roberson wrote:
    > In article <>,
    > Howard Beale <> wrote:
    >
    >> Thanks. I'll just have to be more motivated to do it now, versus later.
    >> My understanding is that critical security updates that fix problems are
    >> free down the road, even outside the 90 days?

    >
    > That has been the policy for the PIX and ASA, but I have never
    > seen it written into the sales literature so it is potentially subject
    > to change.


    I guess I'll chance it and see what happens. The worst thing that happens
    is that I have to buy a cheapie smartnet to get some significant software
    release. But I'm largely protecting a home LAN I got just a little too
    lazy to protect with a FreeBSD firewall.

    Thusfar I pretty much have it configured the way I want, although I've got
    translation errors on the SSL VPN session. I get the session up, but I'm
    missing some translation rule which isn't mentioned in the docs I've seen
    thusfar.
     
    Howard Beale, Feb 14, 2008
    #5
  6. Howard Beale

    Howard Beale Guest

    For those following this through an archived Google groups thread, I ended
    up opening a case with the TAC through the 800 number, and the engineer had
    to make a special file download for me for ASDM 6.0(3) and the ASA 8.x image.

    What's a bit missing is whether or not I can get the AnyConnect VPN client.
     
    Howard Beale, Feb 15, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jonnah
    Replies:
    1
    Views:
    1,360
    mcaissie
    Apr 21, 2004
  2. Replies:
    1
    Views:
    3,460
  3. chairuou
    Replies:
    0
    Views:
    1,382
    chairuou
    Oct 29, 2008
  4. 7echno7im
    Replies:
    1
    Views:
    3,436
    7echno7im
    Nov 6, 2008
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    733
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page