This is a configuration to save my setup path for a Cisco Router 4300 so I don’t have to keep looking up all the steps.
It will include TFTP server setup to upload current images, SSH setup, asdm setup, and basic configs to get it the asa in a working condition.
Console port to ASA
Configure username/password enable
Copy backup config if available
Ethernet cable to computer
Configure asa port interface 0/6 > ip add 10.0.0.1 255.255.255.0
Configure windows nic > 10.0.0.2 255.255.255.0
Install TFTP client
Download newest version of asa image (or latest needed)
copy tftp://10.0.0.2/asa(version).bin disk0:/asa(version).bin boot system disk0:/asa(version).bin wr mem reload
Step 3) SSH
If you have an older license like I did with 3des-aes disabled you can go to the cisco page and get a license for it for free https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
They will email you an activation key which will allow you to enable ssh version 2
ip ssh rsa keypair-name crypto key generate rsa label ssh_key modulus 2048 Router(config)# ssh version 2 Router(config)# enable password %password% Router(config)# username %username% password $password% Router(config)# aaa authentication ssh console LOCAL Router(config)# crypto key generate rsa modulus 2048
Now specify only particular hosts or network to connect to the device using SSH.
Step 4) ASDM
Personally I prefer doing most of the more complex configs from the ASDM. ACLs, NATs, and VPNs make more sense to me when I can picture where they sit and what they effect. It’s also easier for me to build Object groups and Name objects for future reference. It’s important to know the CLI though if the asdm isn’t available to you or if you need to troubleshoot. Troubleshooting is always easier from the CLI. You’ll need to load the ASDM version that matches the image you have and then load it using asdm image (image version).
http server enable http 10.20.20.0 255.255.255.0 inside http 0.0.0.0 255.255.255.0 outside
I was having issues with connection to the asdm and finally found an article showing how to allow different encryption methods which fixed my connection using the below command
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1