Cisco ASA – Brief Configuration

Cisco ASA – Brief Configuration

This is a configuration to save my setup path for a Cisco ASA 5505 so I don’t have to keep looking all of it up. You can check out my cisco router 4300 setup HERE.
It will include TFTP server setup to upload current images, SSH setup, asdm setup, and basic configs to get it the asa in a working condition.

Step 1)

Connect your console port to the ASA

Configure a username/password for enable

Step 2)

Connect an ethernet cable to computer and configure asa port interface 0/6 > ip add 10.0.0.1 255.255.255.0.

Then configure windows nic > 10.0.0.2 255.255.255.0. This allows your computer to talk to the ASA.

Install TFTP client 

http://www.winagents.com/en/downloads/download-tftp-server.php

Now download newest version of asa image (or latest needed)

copy tftp://10.0.0.2/asa(version).bin disk0:/asa(version).bin

boot system disk0:/asa(version).bin

wr mem

reload

 

Step 3) SSH

If you have an older license like I did with 3des-aes disabled you can go to the cisco page and get a license for it for free https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

They will email you an activation key which will allow you to enable ssh version 2

 

ASA(config)# ssh version 2
ASA(config)# enable password %password%
ASA(config)# username %username% password $password%
ASA(config)# aaa authentication ssh console LOCAL
ASA(config)# crypto key generate rsa modulus 2048

Now specify only particular hosts or network to connect to the device using SSH.

ASA(config)# ssh 192.168.1.0 255.255.255.0 inside
ASA(config)# ssh 172.16.1.0 255.255.255.0 inside

Step 4) ASDM

Personally I prefer doing most of the more complex configs from the ASDM. ACLs, NATs, and VPNs make more sense to me when I can picture where they
sit and what they effect. It’s also easier for me to build Object groups and Name objects for future reference. It’s important to know the CLI though if the asdm isn’t available to you or
if you need to troubleshoot. Troubleshooting is always easier from the CLI. You’ll need to load the ASDM version that
matches the image you have and then load it using asdm image (image version).

http server enable
http 10.0.0.0 255.255.255.0 inside
http 0.0.0.0 255.255.255.0 outside (change this to specify public IPs that you own)

I was having issues with connection to the asdm and finally found an article showing how to allow different encryption methods which fixed my connection using the below command
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Comments are closed.
%d bloggers like this: