Thursday 4 February 2016

ASA 5505 / 5510 Quickstart Guide

Firstly hook up a DB9 to Ethernet cable (RS232) to the management port of the ASA.

Use a terminal emulator such as PuTTY to connect via the COM port of your computer - by default you should connect at a baud rate of 9600.

To reset the ASA back to it's factory default we should issue:

config factory-default
write memory

We should ensure that the relevant version of ASDM is stored in the flash memory:

show flash

......
asa708-k8.bin
......

In my case we have a pretty old version and would want to use a later version.

We can also verify the existing version with something like:

show version | include image

To do this we should setup the management interface:

conf t
interface Management0/0
nameif management
security-level 100
ip address 192.168.20.1 255.255.255.0
management-only
no shutdown
exit

route management 192.168.20.0 255.255.255.0 192.168.20.1

Now we should obtain the ASDM / IOS images (the latest as it stands for an ASA5510 is asa841-k8.bin and asdm-752.bin) we require and hook up a P2P connection between a computer and our ASA through the management interface and setup a TFTP server on the computer.

We proceed by running the following to grab the images:

copy tftp flash

And then instruct the ASA to boot the images:

boot system flash:/asa841-k8.bin
asdm image flash:/asdm-752.bin

*ensure you remove your old images when you have confirmed the firmware images work after reload!*

and reload:

write memory
reload

When rebooted we can check the IOS version with:

show version | include image

Setup hostname etc.:

conf t
hostname myhostname
enable secret

and proceed to configure the interfaces:

conf t
interface Management0/0
nameif management
security-level 100
ip address 192.168.20.1 255.255.255.0
management-only
no shutdown
exit

interface e0/0
nameif outside
security-level 0
ip address 80.81.82.83 255.255.255.240
no shutdown
exit

interface e0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
no shutdown
exit

and then setup SSH access and the HTTPS interface:
crypto key generate rsa general-keys modulus 2048
username yourusername password yousecurepassword privilege 15
username yourusername attributes
service-type admin
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
ssh verson 2
http server enable

and ensure we can access the services from the management subnet:

ssh 192.168.0.0 255.255.255.0 management
http 192.168.20.0 255.255.255.0 management

enable ICMP to inner networks:
icmp permit any inside

We will also want to verify (and set if necessary) what version of ASDM the device will push out to users:

show asdm image

and finally ensure all of our changes have been saved:

write memory

We can then connect to the web-based interface to download ASDM from:

https://192.168.20.1



0 comments:

Post a Comment