cisco asa router set up

How to Set Up a Cisco ASA Router

Make sure your administrative Workstation if Remote has two Network Connections, then ask the Onsite to connect the Console Cable, this is just in case so need to help yourself if working remote.

You now have two connections to the router: The console and the browser, but before we are done we’ll get SSH going too. You will also need to plan your address space and make sure they do not overlap.

First: make sure using Putty you can access the console.
 

putty config

Once the console comes up, hit enter a few times to make sure your connected you should see feedback text in the console window.

If the hostname is anything other than ciscoasa - this means that the ASA is not set to factory defaults let’s do that now.

Type into the command prompt: Config factory-default

You will see scroll and resetting feedback. Now to save the configuration and reload

Type: Reload save-config noconfirm into the command prompt.

Sweet, you are done! Now the new ASA host name should say ciscoasa
 

com3 putty

The default configuration turns DHCP on 192.168.1.1/24 you should have an IP address to access the ADSM - Adaptive Security Device Manager

In a browser hit https://192.168.1.1/admin

You should see a screen something like this:
 

cisco asdm

Next it’s time to login. You can install an ASDM Launcher which will go in X86 Program Files or Run from the Java Web Start.
 

asdm



No username no password on the login just the IP.
 

cisco asdm

 

 

Now that you are logged in it’s time to setup the default stuff.
 

cisco asdm

 

 

For the basic configuration you really only need to fill out the ASA Host Name, click on the change “Privileged Mode (enable) Password” and leave the “Old Password Blank” (because it is blank) then fill in your new password.
 

cisco asdm 7.1

 

 

Leave the “VLAN” section default.
 

cisco asdm

 

 

Leave the “Switch Port” allocation the same.
 

cisco asdm

 

 

Next, “Interface IP Address Configuration” is where you enter your IP addressing for the Public WAN interface, Internal Management IP and DMZ. Make sure to select DHCP settings and subnet masks correctly to ISP and internal use scenarios.
 

cisco asdm

 

 

In most cases your ASA will not be DHCP, but if it is this is where you want to enable it and define your IP Address Pool and server options.
 

cisco asdm

 

 

Make sure you turn on “PAT Port Address Translation.”
 

cisco asdm

 

 

You will wish you created these next rules correctly if you lock yourself out. On the “Administrative Access” (step 8 of 9) page define the type of access to the ASA and from where.
 

cisco asdm

 

 

I always define a static IP or set of IP's with access not the whole network to SSH and ASDM.
 

add administrative

 

 

Now, hit next and finish and access the ASDM or Console because SSH is not yet setup. Now setup the Default Route or First hop to the gateway for your ISP.

Click on device setup > Routing > Static Routes. This is called the Quad 0 route
 

static routes

 

 

Click “Add” to add your external WAN Gateway Address.
 

add static route

 

 

While you are in the “Device Setup” configure your clock and NTP servers, I am not going to screen shot this out, you can do it promise. Now head over to device management click on “Command Line” (CLI) so we can set some security banners and add something scary to let people know you do not want them in there and that you will use the Law to come after them if they don’t get out!
 

config

# banner motd #Unauthorized access to this device is prohibited!#

or

##########################################

#    No Unauthorized Access                                    #

#     All activity is logged and will                              #

#     be prosecuted by law.                                       #

#     Unauthorized users prohibited                          #

##########################################

Now it’s time to setup your admin user and password and SSH. It is good practice to setup separate users for console and SSH. From device management click: Users/AAA > User Accounts. Add your new user here.
 

config

 

 

 Next let’s allow SSH to use the local user Database Store. Click on “AAA Access”, then check SSH and Apply.

Now click “Save” at the top of the screen to save all your changes to memory.
 

config

 

 

From the console run this command: "crypto key generate rsa modulus 2048"

Now head over to putty and start your SSH session! Your new ASA has a basic configuration and is ready for the internets!

Comments
 
comments powered by Disqus

Author

Wiz E. Wig, Mascot & Director of Magic
Wiz E. Wig

Director of Magic

Read more