Documente Academic
Documente Profesional
Documente Cultură
Initialization Setup of ASA is similar as Router where you use a rollover cable
to connect console of ASA to com port of PC. Command Line Interface (CLI) here is
little different from IOS Router but the modes are similar as on Router, We have an
Unprivileged Mode > This is the most basic level of access to the Cisco Device,
the first mode in which you can issue very few commands. To configure your ASA
you need to get in to Privileged Mode #.
Uptime of device
Hardware Configurations
VPN-3DES-AES
Cut-through Proxy
Guards
URL Filtering
Security Contexts
GTP/GPRS
VPN Peers
License Details
: Enabled
: Enabled
:
:
:2
:
:
Enabled
Enabled
Disabled
Unlimited
From unprivileged mode we can issue few more commands like ping,
traceroute and login etc. but to make any changes on the device or to configure
device we need to get into privileged mode of that device. From Unprivileged mode
issue enable command to get into privileged mode
ciscoasa> enable
Password:
prompted
ciscoasa#
When you are in privileged mode now you can start configuring your device,
When you are in privileged mode of ASA you can issue all the commands to device,
to make some configuration on device you need to get into configure mode, you can
get into configure mode by issuing configure terminal command in privileged
mode
ciscoasa# configure terminal
ciscoasa(config)# enable password cisco123
Configuring Enable Password
ciscoasa(config)# hostname ASA
Modifying Hostname
ASA(config)#
In the description of show version command you can view the licensing
details of the device which exhibits the capabilities of device functioning. ASA
comes with two different licenses
Base License
Security plus License
By default ASA comes with Base License where few functions of ASA will be
restricted or locked. To use those functions we need to get an Activation Key from
Cisco and Install it on Device.
ASA(config)# activation-key 0x000000000x000000000x000000000x00000000
The following features available in flash activation key are NOT
available in new activation key:
Failover is different.
flash activation key: Restricted(R)
new activation key: Unrestricted(UR)
Proceed with update flash activation key? [confirm] Press Enter
WARNING: The running activation key was not updated with the requested key.
The flash activation key was updated with the requested key, and will become
active after the next reload.
Ip Address
192.168.1.1
10.1.1.1
172.16.1.1
Name
Outside
Inside
DMZ
Security Level
0
100
50
But apart from configuring ip address in ASA we even have to configure Two
more credentials i.e. Name of interface and Trustiness of interface (Security Level).
Where Name of the interface is the any logical name (Like Inside, Outside, Private
any name) given to the interface and throughout configuration the interface will be
called with that name not by their Physical names (Ethernet 0 or 1), Assigning name
to interface is mandatory. Even if you assign ip address until and unless you
configure name to it our interface will not function.
And security level is the value which defines the trustiness of an interface.
The interface with high security level value can communicate with low security
value interfaces but low valued interface cant initiate communication for high
valued interfaces by default.
ASA(config-if)# interface ethernet 0
ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# security-level 0
Verification
ASA# show running-config ip
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.1.1 255.0.0.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.1.1 255.0.0.0
!
interface Ethernet2
nameif DMZ
security-level 50
ip address 172.16.0.1 255.255.0.0
!
ASA#
Notes::--