Cisco ASA5505 Setup (Via ASDM)

KB ID 0000067 Dtd 09/11/09

Problem

Regular visitors to PNL will know I much prefer to do things at command line, but I appreciate most people trying to set up a new firewall will want to use the GUI.

Before you start you will need to know what IP addresses you want to use, what password you want to use etc.

Solution

1. You get two network cables in the box, connect your PC/Laptop to Ethernet port 1 (See the photo, that’s the second one in from the right – By default Ethernet port 0 is used for outside on an ASA, though this can be changed). Power on the ASA.

ASA 5505

2. Your PC has to be set to get an IP address dynamically, the ASA will lease it an address, and the ASA will take the ip address of 192.168.1.1 on its inside interface. here’s the result of an “ipconfig” command to prove it worked.

ASA Setup

3. Open an IE (Or Firefox) window and navigate to https://192.168.1.1

ASA Setup

4. Standard stuff, click “Continue to this website”.

ASA Setup

5. Leave both box’s blank and click OK.

ASA Setup

6.Click “Run Startup Wizard Applet”.

ASA Setup

7.Click Yes (Isn’t Java annoying!)

ASA Setup

8. More annoying Java just click OK.

ASA Setup

9. After some time we will at last arrive at the startup wizard. We want to modify it so > Next.

ASA Setup

10. Give the firewall a hostname, domain name and set the password (note it uses the names to generate an RSA Key remember this if you ever change them in future) > Next.

ASA Setup

11. We don’t want this > Next.

ASA Setup

12. OK We now set the outside IP address, don’t mess with the VLAN information, in this case my outside Interface is going to get its IP address automatically via DHCP, if yours is static then Select “Use the following IP address and type in the IP address and subnet mask > Next.

ASA Setup

13 Now the inside interface, TRUST ME leave it on 192.168.1.1. Even if that’s NOT want you want, if you change it here then when you get to the end it will all fail, because you have a DHCP address leased on an IP that’s on a different range. We will change the IP address of this interface at the end! > Next.

ASA <p>Setup” width=”200″ height=”100″ border=”0″ hspace=”5″ vspace=”5″ /></a></p>

<div align=

14. This page is for setting up a DMZ, which (unless you’ve purchased the Security Plus Licence) you wont be using anyway. > Next.

ASA Setup

15. Leave Interface 0 on the outside and everything elapse on the inside VLAN (unless you want to allocate ports to your DMZ) > Next.

ASA Setup

16 Tick the bottom option > Next.

ASA Setup

17 On the route page – you have the option to enter internal and external routes – if your outside interface gets its IP details by DHCP then you can leave all blank, if your on a static then you will need to supply the IP of your ISP router as the default route outside (route 0.0.0.0 0.0.0.0). If it make more sense think of this as the firewall’s default gateway.

ASA Setup

18 Mines DHCP so I’ll just click Next..

ASA Setup

19. Once again TRUST ME leave this alone we will change this later > Next.

ASA Setup

20. There about 2 chapters of textbook on this subject – we are going to use PAT and use the IP address of the outside interface. (all internal traffic will appear to the outside world to have come from that IP address.) > Next.

ASA Setup

21 On administrative access click Add > Now add ASDM access for either a client or the network that the firewall IS GOING TO connect to >OK.

ASA Setup

22. You might also want to add Telnet access for the the above as well.

ASA Setup

23. Notice we have access for the 192.168.1.0 network AND the network we are going to be on when we are finished. > Next.

ASA Setup

24. We are not going to be using this > Next.

ASA Setup

25. Have a quick review > Tick “Launch ASDM after configuring ASA” > Finish

ASA Setup

Remember when you log into the ASA now you have changed the password! (Leave the username blank)

 

26. Now we will sort the inside interface out > From the ASDM > Configuration > Properties > DHCP Server > Inside > Edit.

ASA Setup

27 Un tick the “Enable DHCP Server” > (Or set according to your DHCP requirements > OK

ASA Setup

28. Apply

ASA Setup

29. Configuration > Interfaces > Inside > Edit

ASA Setup

30. Set the correct IP address and subnet mask > OK.

ASA Setup

31. .Apply. > At the warning click OK

ASA Setup

32.Settings will be applied. DO NOT TURN OFF THE FIREWALLS POWER SUPPLY.

ASA Setup

33. Fair enough we cant talk to it because we changed its IP address :).

ASA Setup

34. Change your IP address so you can communicate with the firewall on its new IP address.

ASA Setup

35. As before launch your browser and connect to the internal IP address (remember its https).

ASA Setup

36. Username = blank > Password you set earlier > OK.

ASA Setup

37. File > Save running config to flash.

ASA Setup

38. Apply > All Finished.

ASA Setup

 

Do the same thing from command line

hostname Petes-ASA
domain-name petenetlive.com
interface vlan1
ip address 192.268.1.1 255.255.255.0
interface vlan2
ip address dhcp setroute
http 10.254.254.0 255.255.255.0 inside
telnet 10.254.254.0 255.255.255.0 inside
interface vlan3
no shutdown
ip address 172.16.254.1 255.255.0.0
nameif DMZ
same-security-traffic permit intra-interface
enable password password123
no dhcp address 192.168.1.1-192.168.1.254 inside
 

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On