Make sure your administrative Workstation if Remote has two Network Connections, then ask the Onsite to connect the Console Cable, this is just in case so need to help yourself if working remote.
You now have two connections to the router: The console and the browser, but before we are done we’ll get SSH going too. You will also need to plan your address space and make sure they do not overlap.
First: make sure using Putty you can access the console.
Once the console comes up, hit enter a few times to make sure your connected you should see feedback text in the console window.
If the hostname is anything other than ciscoasa - this means that the ASA is not set to factory defaults let’s do that now.
Type into the command prompt: Config factory-default
You will see scroll and resetting feedback. Now to save the configuration and reload
Type: Reload save-config noconfirm into the command prompt.
Sweet, you are done! Now the new ASA host name should say ciscoasa
The default configuration turns DHCP on 192.168.1.1/24 you should have an IP address to access the ADSM - Adaptive Security Device Manager
In a browser hit https://192.168.1.1/admin
You should see a screen something like this:
Next it’s time to login. You can install an ASDM Launcher which will go in X86 Program Files or Run from the Java Web Start.
No username no password on the login just the IP.
Now that you are logged in it’s time to setup the default stuff.
For the basic configuration you really only need to fill out the ASA Host Name, click on the change “Privileged Mode (enable) Password” and leave the “Old Password Blank” (because it is blank) then fill in your new password.
Leave the “VLAN” section default.
Leave the “Switch Port” allocation the same.
Next, “Interface IP Address Configuration” is where you enter your IP addressing for the Public WAN interface, Internal Management IP and DMZ. Make sure to select DHCP settings and subnet masks correctly to ISP and internal use scenarios.
In most cases your ASA will not be DHCP, but if it is this is where you want to enable it and define your IP Address Pool and server options.
Make sure you turn on “PAT Port Address Translation.”
You will wish you created these next rules correctly if you lock yourself out. On the “Administrative Access” (step 8 of 9) page define the type of access to the ASA and from where.
I always define a static IP or set of IP's with access not the whole network to SSH and ASDM.
Now, hit next and finish and access the ASDM or Console because SSH is not yet setup. Now setup the Default Route or First hop to the gateway for your ISP.
Click on device setup > Routing > Static Routes. This is called the Quad 0 route
Click “Add” to add your external WAN Gateway Address.
While you are in the “Device Setup” configure your clock and NTP servers, I am not going to screen shot this out, you can do it promise. Now head over to device management click on “Command Line” (CLI) so we can set some security banners and add something scary to let people know you do not want them in there and that you will use the Law to come after them if they don’t get out!
# banner motd #Unauthorized access to this device is prohibited!#
or
##########################################
# No Unauthorized Access #
# All activity is logged and will #
# be prosecuted by law. #
# Unauthorized users prohibited #
##########################################
Now it’s time to setup your admin user and password and SSH. It is good practice to setup separate users for console and SSH. From device management click: Users/AAA > User Accounts. Add your new user here.
Next let’s allow SSH to use the local user Database Store. Click on “AAA Access”, then check SSH and Apply.
Now click “Save” at the top of the screen to save all your changes to memory.
From the console run this command: "crypto key generate rsa modulus 2048"
Now head over to putty and start your SSH session! Your new ASA has a basic configuration and is ready for the internets!