Cisco Router 4300 – Basic Setup

Cisco Router 4300 – Basic Setup

This is a configuration to save my setup path for a Cisco Router 4300 so I don’t have to keep looking up all the steps.

It will include TFTP server setup to upload current images, SSH setup, asdm setup, and basic configs to get it the asa in a working condition.

Step 1)

Console port to ASA

Configure username/password enable

Copy backup config if available

Step 2)

Ethernet cable to computer

Configure asa port interface 0/6 > ip add 10.0.0.1 255.255.255.0

Configure windows nic > 10.0.0.2 255.255.255.0

Install TFTP client 

http://www.winagents.com/en/downloads/download-tftp-server.php

Download newest version of asa image (or latest needed)

copy tftp://10.0.0.2/asa(version).bin disk0:/asa(version).bin

boot system disk0:/asa(version).bin

wr mem

reload

 

Step 3) SSH

If you have an older license like I did with 3des-aes disabled you can go to the cisco page and get a license for it for free https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

They will email you an activation key which will allow you to enable ssh version 2

ip ssh rsa keypair-name
crypto key generate rsa label ssh_key modulus 2048
Router(config)# ssh version 2
Router(config)# enable password %password%
Router(config)# username %username% password $password%
Router(config)# aaa authentication ssh console LOCAL
Router(config)# crypto key generate rsa modulus 2048

Now specify only particular hosts or network to connect to the device using SSH.
 


Step 4) ASDM

Personally I prefer doing most of the more complex configs from the ASDM. ACLs, NATs, and VPNs make more sense to me when I can picture where they sit and what they effect. It’s also easier for me to build Object groups and Name objects for future reference. It’s important to know the CLI though if the asdm isn’t available to you or if you need to troubleshoot. Troubleshooting is always easier from the CLI. You’ll need to load the ASDM version that matches the image you have and then load it using asdm image (image version).

http server enable
http 10.20.20.0 255.255.255.0 inside
http 0.0.0.0 255.255.255.0 outside

I was having issues with connection to the asdm and finally found an article showing how to allow different encryption methods which fixed my connection using the below command
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Comments are closed.
%d bloggers like this: