Firstly hook up a DB9 to Ethernet cable (RS232) to the management port of the ASA.
Use a terminal emulator such as PuTTY to connect via the COM port of your computer - by default you should connect at a baud rate of 9600.
To reset the ASA back to it's factory default we should issue:
config factory-default
write memory
We should ensure that the relevant version of ASDM is stored in the flash memory:
show flash
......
asa708-k8.bin
......
In my case we have a pretty old version and would want to use a later version.
We can also verify the existing version with something like:
show version | include image
To do this we should setup the management interface:
conf t
interface Management0/0
nameif management
security-level 100
ip address 192.168.20.1 255.255.255.0
management-only
no shutdown
exit
route management 192.168.20.0 255.255.255.0 192.168.20.1
Now we should obtain the ASDM / IOS images (the latest as it stands for an ASA5510 is asa841-k8.bin and asdm-752.bin) we require and hook up a P2P connection between a computer and our ASA through the management interface and setup a TFTP server on the computer.
We proceed by running the following to grab the images:
copy tftp flash
And then instruct the ASA to boot the images:
boot system flash:/asa841-k8.bin
asdm image flash:/asdm-752.bin
*ensure you remove your old images when you have confirmed the firmware images work after reload!*
and reload:
write memory
reload
When rebooted we can check the IOS version with:
show version | include image
Setup hostname etc.:
conf t
hostname myhostname
enable secret
and proceed to configure the interfaces:
conf t
interface Management0/0
nameif management
security-level 100
ip address 192.168.20.1 255.255.255.0
management-only
no shutdown
exit
interface e0/0
nameif outside
security-level 0
ip address 80.81.82.83 255.255.255.240
no shutdown
exit
interface e0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
no shutdown
exit
and then setup SSH access and the HTTPS interface:
crypto key generate rsa general-keys modulus 2048
username yourusername password yousecurepassword privilege 15
username yourusername attributes
service-type admin
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
ssh verson 2
http server enable
and ensure we can access the services from the management subnet:
ssh 192.168.0.0 255.255.255.0 management
http 192.168.20.0 255.255.255.0 management
enable ICMP to inner networks:
icmp permit any inside
We will also want to verify (and set if necessary) what version of ASDM the device will push out to users:
show asdm image
and finally ensure all of our changes have been saved:
write memory
We can then connect to the web-based interface to download ASDM from:
https://192.168.20.1
0 comments:
Post a Comment