Monday, August 10, 2015

Cisco ASA5505 Config from ASDM (Start to finish)

I have been known in my 15 years of the IT industry among my friends as a "GUI Girl".  This is something that never bothers me, even though I have gotten extremely comfortable in the CLI of Cisco routers and switches of the last 5 years.  However, if you are not in the CLI of a Cisco Security appliance daily, it can still be tough to setup the likes of an ASA appliance from start to finish.  I have administered and configured lots of ASA devices in my career, but mostly from the ASDM and have not found much help online on how to do so.  I took the opportunity on my last configuration to document the process for others to use if they so choose!  This process assumes you know the basic ins & outs of the ASDM interface.  This process is also for a basic configuration and for access to manage from the WAN.  DO THIS AT YOUR OWN RISK!!!  I am not suggesting someone leaves management access from the WAN on, but when your deploying a new appliance, its nice to be able to quickly access it after deployment to clean up and configurations or issues that come up.

Steps to Setup Appliance from ASDM

- Change management interface to allow from all networks (0.0.0.0)
- Change inside IP for device. (Will need to set static IP on laptop for that subnet to reconnect).
- Change DHCP server range to match subnet if necessary.  Set lease time to: 432000 (5 days)
- Change outside IP for ISP
- Change management interfaces for networks you want to allow and remove previous 0.0.0.0
- Set static route for next hop to ISP:
   
- Set device name and password
- Set system time
- Set NTP servers
- add users (admin) with passwords.  Access level 15
- configure the dns client for the asa if its doing dhcp
- Make sure under file access SCP is enabled
- Set default NAT

- For SSH & Telnet access, under AAA authentication set the following:

- Send the following command for the RSA: #crypto key gen rsa gen mod 1024

Update iOS and ASDM

- copy the new ASA iOS and ASDM files to the local storage.  Current versions: ASA922-4-k8.bin & asdm-732.bin  (I like to use WinSCP to copy files to the appliance).
- run the following command: #boot system flash:asa922-4-k8.bin
- run the following command: #asdm image flash:/asdm-732.bin
- The following are basic services and rules to setup for the trust network:





Cheers!



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)