Wednesday, August 8, 2012

Basic Configuration of ASA


Steps for setting up Inside and ouside interface with their ip address



interface ethernet 0/0 as Insidie : 10.0.0.1            default security level 100
interface ethernet 0/0 as Outside: 170.100.100.1 default security level 0

ciscoasa> en
Password: (there is no password for first time use)
ciscoasa# configure terminal
ciscoasa(config)# interface ethernet 0/0
ciscoasa(config-if)# ip address 10.0.0.1 255.255.255.0
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)#
ciscoasa(config-if)# interface ethernet 0/5
ciscoasa(config-if)# ip address 170.100.100.1 255.255.255.0
ciscoasa(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)# no shutdown

Confgure ASA to accept HTTPS connections from inside
Configure from global configuration

ciscoasa(config-if)# exit
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.0.0.2 255.255.255.255 inside
ciscoasa(config)#
ciscoasa(config)# copy run disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?
Cryptochecksum: a33b008e 92e77294 9d7a6088 27ff113f

1596 bytes copied in 2.420 secs (798 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed

ciscoasa(config)# username imran password cisco privilege 15
ciscoasa(config)#
ciscoasa(config)# copy run disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?

%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Cryptochecksum: 231499c4 db3e4734 3c37be8e 166f9b83

1660 bytes copied in 2.850 secs (830 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed

REMEMBER to turnoff your local computer FIREWALL

Local PC configuration
IP of loopback interface: 10.0.0.2
copy of asdm-645-204.bin file to TFTP server directory.
Install -> Start/restart of TFTP-server and listen on loopback interface

Check connection:
ASA side

ciscoasa# ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms
ciscoasa#

Local pc side

ping from local pc to ASA inside interface:


ciscoasa(config)# copy tftp: flash:

Address or name of remote host []?  10.0.0.2

Source filename []?   asdm-645-204.bin

Destination filename  [asdm-645-204.bin]?

Accessing tftp://10.0.0.2/asdm-645-204.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing current ASDM file disk0:/asdm-645-204.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17010808 bytes copied in 44.550 secs (386609 bytes/sec)
ciscoasa(config)#

Show flash memory to see the downloaded file.

ciscoasa(config)# show flash:
--#--  --length--  -----date/time------  path
    6  4096        Apr 05 2012 11:45:10  .private
    7  0           Apr 05 2012 11:23:19  .private/mode.dat
    8  0           Apr 05 2012 11:46:03  .private/DATAFILE
    9  1660        Apr 05 2012 11:46:03  .private/startup-config
   10  4096        Apr 05 2012 11:46:03  boot
   11  0           Apr 05 2012 11:46:03  boot/grub.conf
   12  17010808    Apr 05 2012 12:41:16  asdm-645-204.bin

255320064 bytes total (212803584 bytes free)

Download the ASDM file from ASA using browser. Use HTTPS and ip address: 10.0.0.1


Install and run the ASDM provide credentials

IP:10.0.0.1
Username:imran
Passwordd: cisco


After log-in

Now you can perform configuration using gui