Basic configuration for ASA 5505 running IOS 8.4 and higher

Posted: October 3, 2013 in Cisco Security - Firewalls

Configure the internal interface vlan

ASA1 (config)# interface Vlan 1
ASA1(config-if)# nameif inside
ASA1(config-if)# security-level 100
ASA1(config-if)# ip address 192.168.1.1 255.255.255.0
ASA1(config-if)# no shut

Configure the external interface vlan (connected to Internet)
ASA1 (config)# interface Vlan 2
ASA1(config-if)# nameif outside
ASA1(config-if)# security-level 0
ASA1(config-if)# ip address 200.200.200.1 255.255.255.0
ASA1(config-if)# no shut

Assign Ethernet 0/0 to Vlan 2
ASA1 (config)# interface Ethernet0/0
ASA1(config-if)# switchport access vlan 2
ASA1(config-if)# no shut

Enable the rest interfaces with no shut
ASA1 (config)# interface Ethernet0/1
ASA1(config-if)# no shut

Do the same for Ethernet0/1 to 0/7.

Configure PAT on the outside interface
ASA1 (config)# global (outside) 1 interface
ASA1 (config)# nat (inside) 1 0.0.0.0 0.0.0.0
ASA1 (config)#object network obj_any
ASA1 (config)#subnet 0.0.0.0 0.0.0.0
ASA1 (config)#nat (inside, outside) dynamic interface

Configure default route towards the ISP (assume default gateway is 200.200.200.2)
ASA1 (config)# route outside 0.0.0.0 0.0.0.0 200.200.200.2 1

The above steps are the absolutely necessary steps you need to configure for making the appliance operational. The next steps would include Access Control Lists, Static NAT, DHCP, DMZ zones, authentication etc.

################################################################

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s