Scribd
Upload
2K views

Basic Configuration Tutorial For The Cisco ASA 5505 Firewall

The document provides a basic configuration tutorial for the Cisco ASA 5505 firewall. It explains: 1) The ASA 5505 is Cisco's smallest firewall model, suitable for small businesses and homes, with the same security capabilities as larger models. 2) It provides instructions on configuring the internal interface VLAN, external interface VLAN connected to the Internet, enabling Ethernet interfaces, configuring PAT on the outside interface, and a default route. 3) These basic steps make the firewall operational to connect a small network to the Internet, though more configuration is needed for advanced functionality.

Uploaded by

racsopineda
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views

Basic Configuration Tutorial For The Cisco ASA 5505 Firewall

The document provides a basic configuration tutorial for the Cisco ASA 5505 firewall. It explains: 1) The ASA 5505 is Cisco's smallest firewall model, suitable for small businesses and homes, with the same security capabilities as larger models. 2) It provides instructions on configuring the internal interface VLAN, external interface VLAN connected to the Internet, enabling Ethernet interfaces, configuring PAT on the outside interface, and a default route. 3) These basic steps make the firewall operational to connect a small network to the Internet, though more configuration is needed for advanced functionality.

Uploaded by

racsopineda
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Basic Configuration Tutorial For the Cisco

ASA 5505 Firewall


The Cisco ASA 5505 Firewall is the smallest model in the new 5500 Cisco series of hardware
appliances. Although this model is suitable for small businesses, branch offices or even home
use, its firewall security capabilities are the same as the biggest models (5510, 5520, 5540 etc).
The Adaptive Security technology of the ASA firewalls offers solid and reliable firewall
protection, advanced application aware security, denial of service attack protection and much
more. Moreover, the performance of the ASA 5505 appliance supports 150Mbps firewall
throughput and 4000 firewall connections per second, which is more than enough for small
networks.

In this article I will explain the basic configuration steps needed to setup a Cisco 5505 ASA
firewall for connecting a small network to the Internet. We assume that our ISP has assigned us a
static public IP address (e.g 200.200.200.1 as an example) and that our internal network range is
192.168.1.0/24. We will use Port Address Translation (PAT) to translate our internal IP
addresses to the public address of the outside interface. The difference of the 5505 model from
the bigger ASA models is that it has an 8-port 10/100 switch which acts as Layer 2 only. That is,
you cannot configure the physical ports as Layer 3 ports, rather you have to create interface
Vlans and assign the Layer 2 interfaces in each VLAN. By default, interface Ethernet0/0 is
assigned to VLAN 2 and it's the outside interface (the one which connects to the Internet), and
the other 7 interfaces (Ethernet0/1 to 0/7) are assigned by default to VLAN 1 and are used for
connecting to the internal network. Let's see the basic configuration setup of the most important
steps that you need to configure.

Step1: Configure the internal interface vlan


------------------------------------------------------
ASA5505(config)# interface Vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shut

Step 2: Configure the external interface vlan (connected to Internet)


-------------------------------------------------------------------------------------
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shut

Step 3: Assign Ethernet 0/0 to Vlan 2


-------------------------------------------------
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Step 4: Enable the rest interfaces with no shut


--------------------------------------------------
ASA5505(config)# interface Ethernet0/1
ASA5505(config-if)# no shut

Do the same for Ethernet0/1 to 0/7.

Step 5: Configure PAT on the outside interface


-----------------------------------------------------
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Step 6: Configure default route towards the ISP (assume default gateway is 200.200.200.2
---------------------------------------------------------------------------------------------------------
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 200.200.200.2 1

The above steps are the absolutely necessary steps you need to configure for making the
appliance operational. Of course there are much more configuration details that you need to
implement in order to enhance the security and functionality of your appliance, such as Access
Control Lists, Static NAT, DHCP, DMZ zones, authentication etc.

Cisco ASA 5510 Firewall : Basic


Configuration Tutorial
Continuing our series of articles about Cisco ASA 5500 firewalls, I'm offering you here a basic
configuration tutorial for the Cisco ASA 5510 security appliance. This device is the second
model in the ASA series (ASA 5505, 5510, 5520 etc) and is fairly popular since is intended for
small to medium enterprises. Like the smallest ASA 5505 model, the 5510 comes with two
license options: The Base license and the Security Plus license. The second one (security plus)
provides some performance and hardware enhancements over the base license, such as 130,000
Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50),
Failover Redundancy, etc. Also, the security plus license enables two of the five firewall network
ports to work as 10/100/1000 instead of only 10/100.

Next we will see a simple Internet Access scenario which will help us understand the basic steps
needed to setup an ASA 5510. Assume that we are assigned a static public IP address
100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0/24.
Interface Ethernet0/0 will be connected on the outside (towards the ISP), and Ethernet0/1 will be
connected to the Inside LAN switch.
The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal
hosts. All outbound communication (from inside to outside) will be translated using Port Address
Translation (PAT) on the outside public interface. Let's see a snippet of the required configuration
steps for this basic scenario:

Step1: Configure a privileged level password (enable password)


By default there is no password for accessing the ASA firewall, so the first step before doing
anything else is to configure a privileged level password, which will be needed to allow
subsequent access to the appliance. Configure this under Configuration Mode:

ASA5510(config)# enable password mysecretpassword

Step2: Configure the public outside interface


ASA5510(config)# interface Ethernet0/0
ASA5510(config-if)# nameif outside
ASA5510(config-if)# security-level 0
ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252
ASA5510(config-if)# no shut

Step3: Configure the trusted internal interface


ASA5510(config)# interface Ethernet0/1
ASA5510(config-if)# nameif inside
ASA5510(config-if)# security-level 100
ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0
ASA5510(config-if)# no shut

Step 4: Configure PAT on the outside interface


ASA5510(config)# global (outside) 1 interface
ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)
ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1

Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP
ASA5510(config)# dhcpd dns 200.200.200.10
ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside
ASA5510(config)# dhcpd enable inside

The above basic configuration is just the beginning for making the appliance operational. There
are many more configuration features that you need to implement to increase the security of your
network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ
zones, VPN etc.

Read more: http://www.articlesbase.com/networks-articles/cisco-asa-5510-firewall-basic-


configuration-tutorial-833644.html#ixzz16M9wQU6S
Under Creative Commons License: Attribution

You might also like