manualshive.com logo in svg

Cisco Cisco ASA Series, Getting Started

Get started with Cisco ASA Series by easily accessing the free user manual download. Our comprehensive manual provides step-by-step instructions and essential information to maximize the potential of your Cisco ASA Series. Find and download it for free from manualshive.com to kickstart your networking journey.

Share
Download
background image

access-list sfrAccessList extended permit ip any any
class-map sfrclass

match access-list sfrAccessList

policy-map global_policy

class sfrclass
sfr fail-open monitor-only

service-policy global_policy global

ASAv Deployment Configuration

When you deploy the ASAv, you can pre-set many parameters that let you connect to the Management 0/0
interface using ASDM. A typical configuration includes the following settings:

Routed or Transparent firewall mode

Management 0/0 interface:

Named

management

IP address or DHCP

Security level 0

Management-only

For the ASAv on Microsoft Azure, the Management 0/0 interface allows through traffic,
so the Management-only setting is not enabled.

Note

Static route for the management host IP address (if it is not on the management subnet)

HTTP server enabled or disabled

HTTP access for the management host IP address

(Optional) Failover link IP addresses for GigabitEthernet 0/8, and the Management 0/0 standby IP
address

DNS server

Smart licensing ID token

Smart licensing Throughput Level and Standard Feature Tier

(Optional) Smart Call Home HTTP Proxy URL and port

(Optional) SSH management settings:

Client IP addresses

Local username and password

Authentication required for SSH using the LOCAL database

(Optional) REST API enabled or disabled

   CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5

22

Getting Started

ASAv Deployment Configuration

Summary of Contents for Cisco ASA Series

Page 1: ...ccess using Telnet or SSH according to Management Access If your system is already in multiple context mode then accessing the console port places you in the system execution space For ASAv console access see the ASAv quick start guide Note Access the Appliance Console Follow these steps to access the appliance console Procedure Step 1 Connect a computer to the console port using the provided cons...

Page 2: ...ged mode enter the disable exit or quit command Step 5 To access global configuration mode enter the following command ciscoasa configure terminal The prompt changes to the following ciscoasa config You can begin to configure the ASA from global configuration mode To exit global configuration mode enter the exit quit or end command Access the ASA Console on the Firepower 9300 Chassis For initial c...

Page 3: ...minal Example asa configure terminal asa config To exit global configuration mode enter the disable exit or quit command Step 4 Exit the ASA console session by typing to exit to the Telnet application then quit to exit to the FXOS supervisor CLI If you want to exit first to the FXOS module CLI for troubleshooting purposes enter Ctrl A D Example Firepower connect module 1 console Telnet escape char...

Page 4: ...s command in conjunction with a terminal server where Ctrl Shift 6 x is the escape sequence to return to the terminal server prompt Ctrl Shift 6 x is also the sequence to escape the ASASM console and return to the switch prompt Therefore if you try to exit the ASASM console in this situation you instead exit all the way to the terminal server prompt If you reconnect the terminal server to the swit...

Page 5: ... or SSH and then connecting to the ASASM If your system is already in multiple context mode then accessing the ASASM from the switch places you in the system execution space Later you can configure remote access directly to the ASASM using Telnet or SSH Procedure Step 1 From the switch perform one of the following Available for initial access From the switch CLI enter this command to gain console ...

Page 6: ...able Password ciscoasa Enter the enable password at the prompt By default the password is blank To exit privileged EXEC mode enter the disable exit or quit command Step 3 Access global configuration mode configure terminal To exit global configuration mode enter the disable exit or quit command Related Topics Set the Hostname Domain Name and the Enable and Telnet Passwords Log Out of a Console Ses...

Page 7: ...ion if you do not properly log out of the ASASM the connection may exist longer than intended If someone else wants to log in they will need to kill the existing connection Procedure Step 1 From the switch CLI show the connected users using the show users command A console user is called con The Host address shown is 127 0 0 slot0 where slot is the slot number of the module show users For example ...

Page 8: ...sole If you have a software module installed such as the ASA FirePOWER module on the ASA 5506 X you can session to the module console You cannot access the hardware module CLI over the ASA backplane using the session command Note Procedure From the ASA CLI session to the module session sfr cxsc ips console Example ciscoasa session sfr console Opening console session with module sfr Connected to mo...

Page 9: ...ent interface depends on your model ASA 5506 X ASA 5508 X and ASA 5516 X The interface to which you connect to ASDM is GigabitEthernet 1 2 ASA 5512 X and higher The interface to which you connect to ASDM is Management 0 0 ASAv The interface to which you connect to ASDM is Management 0 0 ISA 3000 The interface to which you connect to ASDM is Management 1 1 ASA on the Firepower 9300 chassis The inte...

Page 10: ...r more of the following conditions applies You do not have a factory default configuration You want to change the management IP address You want to change to transparent firewall mode You want to change to multiple context mode For routed single mode for quick and easy ASDM access we recommend applying the factory default configuration with the option to set your own management IP address Use the ...

Page 11: ...coasa config dhcpd address 192 168 1 2 192 168 1 254 management ciscoasa config dhcpd enable management Make sure you do not include the interface address in the range Step 5 For remote management hosts Configure a route to the management hosts route management_ifc management_host_ip mask gateway_ip 1 Example ciscoasa config route management 10 1 1 0 255 255 255 0 192 168 1 50 1 Step 6 Enable the ...

Page 12: ... on page 1 Start ASDM on page 15 Configure ASDM Access for the ASA Services Module Because the ASASM does not have physical interfaces it does not come pre configured for ASDM access you must configure ASDM access using the CLI on the ASASM To configure the ASASM for ASDM access perform the following steps Before You Begin Assign a VLAN interface to the ASASM according to ASASM quick start guide P...

Page 13: ... interface vlan 1 ciscoasa config if bridge group 1 ciscoasa config if nameif inside ciscoasa config if security level 100 The security level is a number between 1 and 100 where 100 is the most secure Step 4 For directly connected management hosts Enable DHCP for the management host on the management interface network dhcpd address ip_address ip_address interface_name dhcpd enable interface_name E...

Page 14: ...les ASDM for a management host interface vlan 1 nameif inside ip address 192 168 1 1 255 255 255 0 security level 100 dhcpd address 192 168 1 3 192 168 1 254 inside dhcpd enable inside http server enable http 192 168 1 0 255 255 255 0 inside The following configuration converts the firewall mode to transparent mode configures the VLAN 1 interface and assigns it to BVI 1 and enables ASDM for a mana...

Page 15: ...aunch ASDM This section describes how to connect to ASDM initially and then launch ASDM using the Launcher or the Java Web Start ASDM stores files in the local Users user_id asdm directory including cache log and preferences and also in the Temp directory including AnyConnect profiles Procedure Step 1 On the computer that you specified as the ASDM client enter the following URL https asa_ip_addres...

Page 16: ...th which you can then complete your configuration ASA on the Firepower 9300 chassis When you deploy the standalone or cluster of ASAs the factory default configuration configures an interface for management so that you can connect to it using ASDM with which you can then complete your configuration ASAv Depending on your hypervisor as part of deployment the deployment configuration the initial vir...

Page 17: ...specify the ip_address then you set the inside or management interface IP address depending on your model instead of using the default IP address of 192 168 1 1 The http command uses the subnet you specify Similarly the dhcpd address command range consists of addresses within the subnet that you specify This command also clears the boot system command if present along with the rest of the configur...

Page 18: ...y unit ASA 5506 X 5508 X and 5516 X Default Configuration The default factory configuration for the ASA 5506 X series 5508 X and 5516 X configures the following inside outside traffic flow GigabitEthernet 1 1 outside GigabitEthernet 1 2 inside outside IP address from DHCP inside IP address 192 168 1 1 ASA 5506W X wifi inside wifi outside traffic flow GigabitEthernet 1 9 wifi ASA 5506W X wifi IP ad...

Page 19: ...ress 192 168 10 2 192 168 10 254 wifi dhcpd enable wifi ASA 5512 X 5515 X 5525 X and Above Default Configuration The default factory configuration for the ASA 5512 X 5515 X 5525 X and above configures the following Management interface Management 0 0 management IP address The management address is 192 168 1 1 24 DHCP server Enabled for management hosts so that a computer connecting to the manageme...

Page 20: ...mask ipv6 address ipv6_address ipv6 enable nameif management security level 0 no shutdown http server enable http 0 0 0 0 0 0 0 0 management http 0 management route management 0 0 0 0 0 0 0 0 gateway_ip 1 ipv6 route management 0 gateway_ipv6 ISA 3000 Default Configuration The default factory configuration for the ISA 3000 configures the following Transparent firewall mode A transparent firewall is...

Page 21: ...thernet1 1 bridge group 1 nameif outside1 security level 0 no shutdown interface GigabitEthernet1 2 bridge group 1 nameif inside1 security level 100 no shutdown interface GigabitEthernet1 3 bridge group 1 nameif outside2 security level 0 no shutdown interface GigabitEthernet1 4 bridge group 1 nameif inside2 security level 100 no shutdown interface Management1 1 management only no shutdown nameif m...

Page 22: ... interface allows through traffic so the Management only setting is not enabled Note Static route for the management host IP address if it is not on the management subnet HTTP server enabled or disabled HTTP access for the management host IP address Optional Failover link IP addresses for GigabitEthernet 0 8 and the Management 0 0 standby IP address DNS server Smart licensing ID token Smart licens...

Page 23: ...ress mask management rest api image boot path rest api agent See the following sample configuration for a primary unit in a failover pair nameif management security level 0 ip address ip_address standby standby_ip management only no shutdown route management management_host_IP mask gateway_ip 1 http server enable http managemment_host_IP mask management dns server group DefaultDNS name server ip_a...

Page 24: ...ve the running configuration to the startup configuration write memory The copy running config startup config command is equivalent to the write memory command Note Save Configuration Changes in Multiple Context Mode You can save each context and system configuration separately or you can save all context configurations at the same time Save Each Context and System Separately Use the following pro...

Page 25: ...llowing information for errors For contexts that are not saved because of low memory the following message appears The context context a could not be saved due to Unavailability of resources For contexts that are not saved because the remote destination is unreachable the following message appears The context context a could not be saved due to non reachability of destination For contexts that are...

Page 26: ...the startup configuration and discards the running configuration clear configure all and then copy startup config running config Loads the startup configuration and discards the running configuration without requiring a reload View the Configuration The following commands let you view the running and startup configurations show running config Views the running configuration show running config com...

Page 27: ...figure all from the system configuration you also remove all contexts and stop them from running The context configuration files are not erased and remain in their original location This command also clears the boot system command if present along with the rest of the configuration The boot system command lets you boot from a specific image including an image on the external flash memory card The ...

Page 28: ... the new policy To disconnect connections enter one of the following commands clear local host ip_address all This command reinitializes per client run time states such as connection limits and embryonic limits As a result this command removes any connection that uses those limits See the show local host all command to view all current connections per host With no arguments this command clears all...

Page 29: ...Reload the ASA reload In multiple context mode you can only reload from the system execution space Note CLI Book 1 Cisco ASA Series General Operations CLI Configuration Guide 9 5 29 Getting Started Reload the ASA ...

Page 30: ...CLI Book 1 Cisco ASA Series General Operations CLI Configuration Guide 9 5 30 Getting Started Reload the ASA ...

Reviews:

No comments

Related manuals for Cisco ASA Series

NETGEAR FWG114P - ProSafe 802.11g Wireless Firewall Reference Manual preview
FWG114P - ProSafe 802.11g Wireless Firewall
Brand: NETGEAR Pages: 70
Global Technology Associates Firewall GB-2000 Product Specifications preview
Firewall GB-2000
Brand: Global Technology Associates Pages: 2

Brands by name

Popular brands

Load more brands