{"id":572,"date":"2010-03-30T19:02:29","date_gmt":"2010-03-30T18:02:29","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=572"},"modified":"2010-03-30T19:02:29","modified_gmt":"2010-03-30T18:02:29","slug":"basic-cisco-asa-configuration","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=572","title":{"rendered":"Basic Cisco ASA Configuration"},"content":{"rendered":"<p>This is the base setup of a Cisco Adaptive Security Appliance:<\/p>\n<p><!--more-->Assume that we are assigned a static public IP address 100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0\/24. Interface Ethernet0\/0 will be connected on the outside (towards the ISP), and Ethernet0\/1 will be connected to the Inside LAN switch.<\/p>\n<p>The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts. All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface. Let&#8217;s see a snippet of the required configuration steps for this basic scenario:<\/p>\n<p>Step1: Configure a privileged level password (enable password)<\/p>\n<p>By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:<\/p>\n<p>ASA5510(config)# enable password mysecretpassword<\/p>\n<p>Step2: Configure the public outside interface<\/p>\n<p>ASA5510(config)# interface Ethernet0\/0<\/p>\n<p>ASA5510(config-if)# nameif outside<\/p>\n<p>ASA5510(config-if)# security-level 0<\/p>\n<p>ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252<\/p>\n<p>ASA5510(config-if)# no shut<\/p>\n<p>Step3: Configure the trusted internal interface<\/p>\n<p>ASA5510(config)# interface Ethernet0\/1<\/p>\n<p>ASA5510(config-if)# nameif inside<\/p>\n<p>ASA5510(config-if)# security-level 100<\/p>\n<p>ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0<\/p>\n<p>ASA5510(config-if)# no shut<\/p>\n<p>Step 4: Configure PAT on the outside interface<\/p>\n<p>ASA5510(config)# global (outside) 1 interface<\/p>\n<p>ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0<\/p>\n<p>Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)<\/p>\n<p>ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1<\/p>\n<p>Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP<\/p>\n<p>ASA5510(config)# dhcpd dns 200.200.200.10<\/p>\n<p>ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside<\/p>\n<p>ASA5510(config)# dhcpd enable inside<\/p>\n<p>The above basic configuration is just the beginning for making the appliance operational. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the base setup of a Cisco Adaptive Security Appliance:<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[83,13],"tags":[35],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/572"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=572"}],"version-history":[{"count":4,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/572\/revisions"}],"predecessor-version":[{"id":604,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/572\/revisions\/604"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=572"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}