Home / / Cisco ASA : Initial Device Setup

Cisco ASA : Initial Device Setup

The Cisco ASA Family of security devices protects corporate networks and data centers of all sizes. It provides users with highly secure access to data and network resources – anytime, anywhere, using any device. Cisco ASA devices represent more than 15 years of proven firewall and network security engineering and leadership, with more than 1 million security appliances deployed throughout the world.

Initial Setup via Console

First, we need to connect to the console port of the firewall appliance.  Once you are connected, enter the configuration terminal.

configure terminal

Now that you are in configuration mode, you need to assign an IP address to the LAN or “inside” interface.

!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 172.16.20.1 255.255.255.0 
 no shutdown
!

Next, we are going to assign a username and password. This will allow us to access the Cisco Adaptive Security Device Manager (ASDM) application via the client.

!
username admin password {{password}}
aaa authentication http console LOCAL
!

Now that we have the username and password assigned, we are going to enable the ASDM application and allow access to our “inside” address range.

!
http server enable
http 172.16.20.0 255.255.255.0 inside
!

From this point, you can access the ASDM to continue the configuration of your firewall appliance.
To access the ASDM, simple open a web browser to the secure HTTPS address of the firewall appliance.

https://172.16.20.1/

You will be prompted for your username and password.  Once entered, you will then have access to download the ASDM Client Application that can be installed on your Windows Desktop PC.

If you want to simply get your firewall connected to the internet, you can continue to provision the WAN or “outside” interface via the console.

To add the WAN IP address (assumed static), simply configure the interface with the static IP address, assign the default route, or next hop for all “unknown” traffic and then configure NAT to use the “outside” interface as the translation overload interface.

!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address {{ip-address}} {{subnet-mask}} 
 no shutdown
!
route outside 0.0.0.0 0.0.0.0 {{next-hop-gateway}}
!
nat (inside,outside) after-auto source dynamic any interface
!

If you would like to enable DHCP services on the LAN (inside) interface, you can enable the DHCPd Server.

!
dhcpd address 172.16.20.10-172.16.20.100 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd enable inside
!