Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.

Published byJulianna Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College."— Presentation transcript:

1 Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College

2 Some Terminology Cisco states in Chapter 3 of the Getting Started Guide: Cisco states in Chapter 3 of the Getting Started Guide: Grouping ports into logical VLANs on the ASA 5505 enables you to segment large private networks and provide additional protection to critical network segments that may host resources such as servers, corporate computers, and IP phones. Grouping ports into logical VLANs on the ASA 5505 enables you to segment large private networks and provide additional protection to critical network segments that may host resources such as servers, corporate computers, and IP phones. This chapter describes the options of deploying the ASA 5505 in a VLAN configuration and how to determine how many VLANs you need. It also describes allocating ports for each of the VLANS. This chapter describes the options of deploying the ASA 5505 in a VLAN configuration and how to determine how many VLANs you need. It also describes allocating ports for each of the VLANS.

3 Maximum Number and Types of VLANs The Cisco ASA 5505 comes pre-configured with 2 VLANS. The Cisco ASA 5505 comes pre-configured with 2 VLANS. Cisco is basically saying that Port 0 (external interface) is one VLAN, and the remaining ports (internal interfaces) are the second VLAN. Cisco is basically saying that Port 0 (external interface) is one VLAN, and the remaining ports (internal interfaces) are the second VLAN. You can configure as many as 3 VLANs (internal, external and DMZ) You can configure as many as 3 VLANs (internal, external and DMZ) The license determines how many active VLANs you have. We don’t have the Security Plus license so you can not configure full DMZ configuration. The license determines how many active VLANs you have. We don’t have the Security Plus license so you can not configure full DMZ configuration.

4 Hardware Setup Basically the ASA 5505 by default is a firewall with built in switch. You connect Port 0 (external interface) to the “Internet” and all other ports are considered (internal interfaces). Basically the ASA 5505 by default is a firewall with built in switch. You connect Port 0 (external interface) to the “Internet” and all other ports are considered (internal interfaces). To begin configuration simply plug Port 0 into the uplink to the Internet and plug your system into any of the remaining Ports 1-7. To begin configuration simply plug Port 0 into the uplink to the Internet and plug your system into any of the remaining Ports 1-7. You many need to ipconfig /release and /renew before you get the correct ip address. You many need to ipconfig /release and /renew before you get the correct ip address.

5 Software Setup - ASDM ASDM – Adaptive Security Device Manager ASDM – Adaptive Security Device Manager GUI configuration utility for the ASA GUI configuration utility for the ASA The ASA 5505’s internal interface is 192.168.1.1 and it is setup by default to assign 192.168.1.2- 254 dynamically. This can be problematic if you’re using static IP’s on servers/printers etc. The ASA 5505’s internal interface is 192.168.1.1 and it is setup by default to assign 192.168.1.2- 254 dynamically. This can be problematic if you’re using static IP’s on servers/printers etc. Configure the device BEFORE you plug it into the network! Configure the device BEFORE you plug it into the network!

6 Software Setup - ASDM You’ll need to know the following BEFORE you setup your system. You’ll need to know the following BEFORE you setup your system. Hostname Hostname Domain Name Domain Name IP Address of External Interface, Internal Interface and DMZ if it will be setup IP Address of External Interface, Internal Interface and DMZ if it will be setup IP Address of the host that will have administrative access to the ASA 5505. IP Address of the host that will have administrative access to the ASA 5505. Privaleged Mode password Privaleged Mode password IP addresses for NAT or PAT IP addresses for NAT or PAT IP address range for DHCP server IP address range for DHCP server IP address for the WINS server IP address for the WINS server Static routes that may need to be configured Static routes that may need to be configured 3 rd VLAN assigned Ports 3 rd VLAN assigned Ports Whether or not interfaces should have access to each other & VPN issues Whether or not interfaces should have access to each other & VPN issues

7 Launching the ASDM The ASDM can be installed onto the workstation The ASDM can be installed onto the workstation The ASDM can be run through a browser that allows Java and JavaScript. The ASDM can be run through a browser that allows Java and JavaScript. Using your browser visit: https://192.168.1.1/admin Using your browser visit: https://192.168.1.1/admin https://192.168.1.1/admin You will then receive “invalid certificate” errors, click through them. You will then receive “invalid certificate” errors, click through them.

8 ASDM 6.0 Screen

9 ASDM You will need to open and run the previous clicked on utilities. You will need to open and run the previous clicked on utilities. The default Username and Password fields should be left blank. The default Username and Password fields should be left blank.

10 ASDM Interface

11 ASDM Startup Wizard

12 ASDM – Step 1 of 9

13 ASDM – Step 2 of 9

14 ASDM – Step 3 of 9

15 ASDM – Step 4 of 9

16 ASDM – Step 5 of 9

17 ASDM – Step 6 of 9

18 ASDM – Step 7 of 9

19 ASDM – Step 8 of 9

20 ASDM – Step 9 of 9

21 ASDM - Wizard By default your internal systems should be able to access external resources now. By default your internal systems should be able to access external resources now.

22 Configuration Tab

23 Firewall Properties

24 Adding/Modifying Rules

25 Services that use TCP & UDP

26 Defined Rules

27 Restoring Original Config… Restoring to factory defaults via the ASDM does not work. Restoring to factory defaults via the ASDM does not work. There is a button on the back of the device that says ‘Reset’. This button appears to be entirely for looks. There is a button on the back of the device that says ‘Reset’. This button appears to be entirely for looks.

28 Using the Console Port Use hyperterminal, click Start, Programs, Accessories, Communications, Hyperterminal, create a connection on Com1 using the terminal settings: Use hyperterminal, click Start, Programs, Accessories, Communications, Hyperterminal, create a connection on Com1 using the terminal settings: Bits per second: 9600 Bits per second: 9600 Data bits: 8 Data bits: 8 Parity: None Parity: None Stop bits: 1 Stop bits: 1 Flow control: None Flow control: None After you open your connection, press enter a couple times, and you should get a prompt like: ‘ciscoasa>’, or ‘nameofyourdevice>’ After you open your connection, press enter a couple times, and you should get a prompt like: ‘ciscoasa>’, or ‘nameofyourdevice>’ type ‘ena’ to go to enable mode. Enter the password, or just press enter if there is no password set. type ‘ena’ to go to enable mode. Enter the password, or just press enter if there is no password set. type ‘config t’ type ‘config t’ type ‘config factory-default’ type ‘config factory-default’ hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’ hit spacebar when the ‘more’ thing happens. You want to get back to the prompt that looks like: ‘ciscoasa(config)#’ type ‘reload save-config noconfirm’ type ‘reload save-config noconfirm’ make sure that the outside line is plugged into port zero, and your pc is plugged into any of the ports 1-7. make sure that the outside line is plugged into port zero, and your pc is plugged into any of the ports 1-7. The Cisco ASA has been reset to factory settings. DHCP is enabled on the cisco device, and it’s internal IP address is now 192.168.1.1! The Cisco ASA has been reset to factory settings. DHCP is enabled on the cisco device, and it’s internal IP address is now 192.168.1.1!

29 ASDM Pitfalls The following lists some issues you may run into should the ASDM web interface fail to work and how you can work around them: The following lists some issues you may run into should the ASDM web interface fail to work and how you can work around them: Disable the Windows Firewall. Disable the Windows Firewall. Clear the Java cache from Windows Control Panel – Java Clear the Java cache from Windows Control Panel – Java Upgrade/Downgrade your Java version to JRE6u7. Upgrade/Downgrade your Java version to JRE6u7.

30 ASDM Pitfalls Reloading the appliance may fix the "1 year uptime" ASDM java bug Reloading the appliance may fix the "1 year uptime" ASDM java bug Verify that http server is running on the device Verify that http server is running on the device cli command: http server enable or issue "http server enable XXX" cli command: http server enable or issue "http server enable XXX" where XXX is a custom port number where XXX is a custom port number Verify that you can access the device via https Verify that you can access the device via https cli command: http 192.168.1.0 255.255.255.0 inside cli command: http 192.168.1.0 255.255.255.0 inside where 192.168.1.0 is your LAN network where 192.168.1.0 is your LAN network

31 ASDM Pitfalls Reissue the local keys (SSL Certificate) Reissue the local keys (SSL Certificate) asa cli : crypto key zeroize asa cli : crypto key zeroize asa cli : crypto key generate rsa general-keys asa cli : crypto key generate rsa general-keys Verify the ASDM startup-config pointer Verify the ASDM startup-config pointer cli command: dir find the line listing the asdm image filename "asdm- xxx.bin“ cli command: dir find the line listing the asdm image filename "asdm- xxx.bin“ cli command: show run find and compare the filename with the asdm load command "asdm image disk0:/asdm-xxx.bin" cli command: show run find and compare the filename with the asdm load command "asdm image disk0:/asdm-xxx.bin"

32 ASDM Pitfalls Try downloading a new ASDM copy from Cisco. Try downloading a new ASDM copy from Cisco. Upload the new file to the ASA flash memory Upload the new file to the ASA flash memory Remove the old pointer issuing the command cli command: no asdm image disk0:/asdm-xxx.bin Remove the old pointer issuing the command cli command: no asdm image disk0:/asdm-xxx.bin Add the new filename to the configuration cli command: asdm image disk0:/asdm-yyy.bin Add the new filename to the configuration cli command: asdm image disk0:/asdm-yyy.bin

33 Caveats The last time checked there was over 50 open caveats and hundreds of resolved caveats with the ASDM. Don’t expect it to work perfectly. The last time checked there was over 50 open caveats and hundreds of resolved caveats with the ASDM. Don’t expect it to work perfectly.

34 Questions / Comments

Download ppt "Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College."

Similar presentations

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.
DSL-2730B, DSL-2740B, DSL-2750B.

DSL-2730B, DSL-2740B, DSL-2750B.
1 Basic Installation and GUI Tech 130. 2 Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.

1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
CCNA2 MODULE 5.

CCNA2 MODULE 5.
Ch. 6 – Switch Configuration CCNA 3 version 3.0. 2 Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.

Ch. 6 – Switch Configuration CCNA 3 version Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Ch. 7 – Switch Configuration

Ch. 7 – Switch Configuration
CCNA Guide to Cisco Networking Fundamentals Fourth Edition

CCNA Guide to Cisco Networking Fundamentals Fourth Edition
Introduction to XTMv WatchGuard Training.

Introduction to XTMv WatchGuard Training.
DVG-N5402SP.

DVG-N5402SP.
6 February 20041 LAN-50/500 Ethernet Communication.

6 February LAN-50/500 Ethernet Communication.
hotEx RADIUS Manager Installation

hotEx RADIUS Manager Installation
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )

Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen

1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Advanced Networking for DVRs

Advanced Networking for DVRs

Similar presentations

Ads by Google