Cisco ASA 5505 Basic Configuration

ASA 5505 Basic Configuration




When you power on your Cisco ASA 5505 first time you would see 
Ciscoasa>                                          Unprivileged mode

Type enable mode to move to Privileged mode it would ask for a password
just hit enter, there is no password configured on a new ASA 5505.

Ciscoasa#                      
                            
To move to configuration mode type config t
Ciscoasa(config)#

To configure privileged level password
Ciscoasa(config)# enable password abigsecret

To configure ASA hostname
Ciscoasa(config)# hostname Firewall
Firewall(config)

To configure SSH or remote access
Firewall(config)# Crypto key generate RSA modulus 1024
keypair generation process begin. please wait...

Create a username and password 
Firewall(config)# username admin password abigsecret privilege 15
Firewall(config)# aaa authentication ssh console LOCAL

To allow IP Address or network for SSH
Firewall(config)# ssh 10.10.10.1 255.255.255.255 inside    (To allow single IP address)
Firewall(config)# ssh 10.10.10.0 255.255.255.0 inside        (To allow full network) 
Firewall(config)# ssh 80.80.80.80 255.255.255.255 outside  
Firewall(config)# http server enable      ( to allow ASDM)

Configure Interface commands
Firewall(config)# interface vlan 1
Firewall(config-if)# ip address 10.10.10.254 255.255.255.0
Firewall(config-if)# nameif inside

INFO: Security level for "inside" set to 100 by default.

Configure Outside Interface
Firewall(config)# interface vlan 2
Firewall(config-if)# ip address 10.20.30.40 255.255.255.248 (Public Outside IP Address)
Firewall(config-if)# nameif outside
INFO: Security level for outside set to 0 by default.
Firewall(config-if)# exit

Firewall(config)# route outside 0.0.0.0 0.0.0.0 10.20.30.42   (Check your gateway from your ISP)

If your ISP provides you address through Dhcp then it would be configured like this.

Firewall(config)# interface vlan 2
Firewall(config-if)# ip address dhcp setroute

Firewall(config-if)# nameif outside   (no need to configure gateway with this command)

we need to link the outside VLAN to one of the interfaces of the ASA.
Firewall(config)# interface ethernet0/0
Firewall(config-if)# switchport access vlan 2
Firewall(config-if)# no shutdown

We need to link another port for inside network
Firewall(config)# interface ethernet0/1    (by default all interfaces are linked or attached to VLAN1 so there is no need to add switchport access vlan1 command)
Firewall(config-if)# no shutdown

Now we need to add NAT
Firewall(config)# global (outside) 1 interface
INFO: outside interface address added to PAT pool
Firewall(config)#nat (inside) 1 0.0.0.0 0.0.0.0
Firewall(config)#

To configure DHCP inside
Firewall(config)#dhcpd address 10.10.10.1-10.10.10.50 inside
Firewall(config)#dhcpd dns 10.10.10.254
Firewall(config)# write mem
Building configuration...
Cryptochecksum: 6015b6ea 6a3c5829 e888e434 a56f87d2

2191 bytes copied in 1.40 secs (2191 bytes/sec)
[OK]
Firewall(config)#
That's all folks. it is now ready for you to configure.



No comments:

Post a Comment

Subscribe to: Posts (Atom)