If you are not doing Cisco as your full time job,
the chances are you get rusty around the exact commands that are required to
perform even the easiest tasks. Luckily with Cisco ASA's you have the option to
manage the device using a graphical user interface, known as the Adaptive
Security Device Manager (or ASDM). Although the ASDM is a great tool, it does
have it's down falls, the biggest one being that it's developed in Java.
If your ASA does not currently have any operating
system you may need to boot the ASA into ROMMON mode, which can be done by
breaking the boot sequence using the ESC key when the firewall is booting.
You will also need a TFTP Server, http://tftpd32.jounin.net/tftpd32_download.html
When you get your ASDM and ASA images onto the
devices flash you can statically set them as the primary images to set a file
called asdm.bin for example as the primary use the command asdm image
flash:/asdm.bin and use show asdm image to ensure it has
set properly.
Configure the logical VLAN 1 interface;
|
interface vlan 1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
|
Enable the HTTP server for ASDM access;
|
http server enable
http 192.168.1.0 255.255.255.0 inside
|
Copy the running config to the startup config;
|
wr mem
|
Now cable your laptop or computer onto the same
physical Layer 2 broadcast domain as the ASA, you will have to manually
configure the network interface card with an IP and Subnet Mask on the same
logical network as the ASA.
Open a browser and attempt to connect to the ASA's
VLAN 1 interface IP via HTTPS. Install
the ASDM Launcher, you require valid credentials before it will allow you to
download it from here.
By default blank username and password will
successfully log you into the ASA.
From the Home screen click, Configuration.
Click Interfaces from under Device
Setup, and then click on the Switch Ports tab.
The physical interfaces you are going to use
should be Enabled. Clicking Enable SwitchPort is the equivalent
of issuing the no shutdown command at the CLI.
Click on the Interfaces tab, and then
click Add. Select the physical interface from the Switch Ports list and
use the Add button to move it into the Selected Switch Ports list.
Name the Interface, this is the internet facing
WAN port so I have named it outside. The Security Level should be the
lowest out of all your networks for the internet facing NIC's.
Depending on your ISP, select Obtain Address
via DHCP for the WAN IP config, ensure the Obtain default route using
DHCP option is selected.
