Cisco ASA – Brief Configuration

Cisco ASA – Brief Configuration

This is a configuration to save my setup path for a Cisco ASA 5505 so I don’t have to keep looking all of it up. You can check out my cisco router 4300 setup HERE.
It will include TFTP server setup to upload current images, SSH setup, asdm setup, and basic configs to get it the asa in a working condition.

Step 1)

Connect your console port to the ASA

Configure a username/password for enable

Step 2)

Connect an ethernet cable to computer and configure asa port interface 0/6 > ip add

Then configure windows nic > This allows your computer to talk to the ASA.

Install TFTP client

Now download newest version of asa image (or latest needed)

copy tftp:// disk0:/asa(version).bin

boot system disk0:/asa(version).bin

wr mem



Step 3) SSH

If you have an older license like I did with 3des-aes disabled you can go to the cisco page and get a license for it for free

They will email you an activation key which will allow you to enable ssh version 2


ASA(config)# ssh version 2
ASA(config)# enable password %password%
ASA(config)# username %username% password $password%
ASA(config)# aaa authentication ssh console LOCAL
ASA(config)# crypto key generate rsa modulus 2048

Now specify only particular hosts or network to connect to the device using SSH.

ASA(config)# ssh inside
ASA(config)# ssh inside

Step 4) ASDM

Personally I prefer doing most of the more complex configs from the ASDM. ACLs, NATs, and VPNs make more sense to me when I can picture where they
sit and what they effect. It’s also easier for me to build Object groups and Name objects for future reference. It’s important to know the CLI though if the asdm isn’t available to you or
if you need to troubleshoot. Troubleshooting is always easier from the CLI. You’ll need to load the ASDM version that
matches the image you have and then load it using asdm image (image version).

http server enable
http inside
http outside (change this to specify public IPs that you own)

I was having issues with connection to the asdm and finally found an article showing how to allow different encryption methods which fixed my connection using the below command
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Comments are closed.
%d bloggers like this: