Saturday, May 21, 2011

Basic ASA Configuration



Configure ASA hostname
   ASA# config t
   ASA(config)# hostname TestASA

Configure enable password
   TestASA(config)# enable password THISISPASSWORDTEXT
Configure DNS on ASA
   TestASA(config)# domain-name MyTest.com

Configure uploading ASDM image on ASA and enabling access to ASDM
   TestASA(config)# asdm image disk0:/asdm-524.bin
   TestASA(config)# http server enable

Configure the interfaces
   TestASA# config t
   TestASA(config)# interface Vlan1
   TestASA(config-if)# nameif inside
   TestASA(config-if)# security-level 100
   TestASA(config-if)# ip address 192.168.2.1 255.255.255.0
   TestASA(config-if)# no shutdown
   TestASA(config-if)# exit
   TestASA(config)# interface Vlan2
   TestASA(config-if)# nameif outside
   TestASA(config-if)# security-level 0
   TestASA(config-if)# ip address 192.168.1.254 255.255.255.0
   TestASA(config-if)# no shutdown
   TestASA(config-if)# exit

Assign physical interface ETH0/0 to VLAN2 or Outside interface
   TestASA(config)# interface ethernet 0/0
   TestASA(config-if)# switchport access vlan 2

The rest of the physical interfaces are assigned to VLAN1 by default

Configure access to ASA device, for SSH please read this link.
   TestASA(config)# username USER_1 password PASSWORD_1 privilege 15
   TestASA(config)# username USER_2 password PASSWORD_2 privilege 5
   TestASA(config)# aaa authenticate ssh console LOCAL
   TestASA(config)# aaa authenticate telnet console LOCAL
   TestASA(config)# aaa authenticate http console LOCAL
   TestASA(config)# crypto key generate rsa modulus 1024
   !- generates an RSA key pair which is required for SSH
   TestASA(config)# ssh 192.168.2.0 255.255.255.0 inside
   TestASA(config)# ssh timeout 30
   !- allow putty to connect using SSH
   TestASA(config)# telnet 192.168.2.0 255.255.255.0 inside
  TestASA(config)# telnet timeout 30
   !- allow putty to connect using Telnet
   TestASA(config)# http 192.168.2.0 255.255.255.0 inside
   !- allow user to connect using ASDM

Configure clock
   TestASA(config)# clock set hh:mm:ss {month day} year

--------------------------------------------------------------------------------Good CLI to use:
   # show curpriv

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)