Wednesday 24 May 2017

Cisco ASA basic configuration

STEP 0) Set hostname and domain
ASA5505(config)# hostname dhkgateway
dhkgateway(config)# domain-name dhaka.vantage.com
STEP 1) See the current IP configuration
dhkgateway(config)# show run
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
description outside
switchport access vlan 2
!
interface Ethernet0/1
description inside
STEP 2) Disable DHCP server otherwise you will get error
dhkgateway(config)# no dhcpd enable inside
dhkgateway(config)# no dhcpd address 192.168.1.100-192.168.1.131 inside
dhkgateway(config)# no dhcpd dns 8.8.8.8 8.8.4.4 interface inside
STEP 3) Configure inside static IP
dhkgateway(config)# interface ethernet 0/1
dhkgateway(config-if)# ip address 10.0.0.3 255.255.255.0
ERROR: This command can only be configured on VLAN interfaces
Assign IP to inside VLAN
dhkgateway(config)# interface vlan 1
dhkgateway(config-if)# ip address 10.0.0.3 255.255.255.0
Waiting for the earlier webvpn instance to terminate…
Previous instance shut down. Starting a new one.
dhkgateway(config-if)# no shutdown
STEP 4) Assign IP to outside VLAN
dhkgateway(config-if)# exit
dhkgateway(config)# interface vlan 2
dhkgateway(config-if)# ip address x.x.x.x 255.255.255.248
dhkgateway(config-if)# no shutdown
dhkgateway(config-if)# exit
dhkgateway(config)# wr mem
Building configuration…
Cryptochecksum: 48a765c7 d1b32583 a09b0f2e ea23d1f6
3430 bytes copied in 1.440 secs (3430 bytes/sec)
[OK]
STEP 5) Configure default gateway on outside interface
dhkgateway(config)# route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
STEP 6) Configure DNS server address
Check existing DNS setup
————————-
dhkgateway# show run dns
DNS server-group DefaultDNS
domain-name dhaka.vantage.com
dhkgateway# show running-config dns server-group
DNS server-group DefaultDNS
domain-name dhaka.vantage.com
Provide DNS server address
—————————
dhkgateway(config)# dns domain-lookup inside
dhkgateway(config)# dns name-server 10.0.0.21
dhkgateway(config)# exit
dhkgateway# show run dns
dns domain-lookup inside
DNS server-group DefaultDNS
name-server 10.0.0.21
domain-name dhaka.vantage.com
Test DNS is working
————————
dhkgateway# ping http://www.yahoo.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 98.139.180.149, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 300/320/370 ms
STEP 7) Configure SSH access
Provide password for remote access
———————————-
dhkgateway(config)# password 123456
Generate crypto key
———————
dhkgateway(config)# crypto key generate rsa modulus 1024
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait…
dhkgateway(config)# wr mem
Building configuration…
Cryptochecksum: df88a1f3 a250110e b1233fd6 df929576
3433 bytes copied in 1.440 secs (3433 bytes/sec)
[OK]
SSH specific Information
——————————
dhkgateway(config)# ssh 10.0.0.0 255.255.255.0 inside
dhkgateway(config)# ssh timeout 30
dhkgateway(config)# ssh version 2
dhkgateway(config)# wr mem
How to access
——————–
login as: pix
pix@10.0.0.3’s password:
ssh pix@10.0.0.3
password:123456
Type help or ‘?’ for a list of available commands.
dhkgateway> en
Password: Cisco

No comments:

PAN-OS Supported ciphers

Following is a list of supported ciphers for PAN-OS 7.1 and later: SSLv3 Ciphers Supported (No change from PAN-OS 7.0) Non-FIPS mod...