Well lets get started with a easy guide, this is based on a Cisco ASA 5505 running 9.1(2), asumes you have basic network knowledge and understand how to use a terminal emulator such as putty or hyperterminal.
Lets get started......
So plug connect the console cable from the console port on the ASA to your serial port, start your desired terminal emulator and apply power to the ASA.
Serial settings are: 9600 baud, 8 data bits, no parity and 1 stop bit (9600/8-N-1)
Watch the bootup sequence.
Once the ASA has booted you will see the following.
INFO: Power-On Self-Test in process.
...........................................................
INFO: Power-On Self-Test complete.
Pre-configure Firewall now through interactive prompts [yes]?
...........................................................
INFO: Power-On Self-Test complete.
Pre-configure Firewall now through interactive prompts [yes]?
Now follow the following configuration steps, understanding that we are using the defaults (listed in the brackets) wherever possible to make it easy.
I have highlighted in bold the config that is required to be entered and cannot be skipped.
Pre-configure Firewall now through interactive prompts [yes]? Firewall Mode [Routed]:
Enable password [<use current password>]:
Allow password recovery [yes]?
Clock (UTC):
Year [2013]:
Month [Jul]:
Day [16]:
Time [02:22:40]:
Management IP address: 192.168.0.1
Management network mask: 255.255.255.0
Host name: ciscoasa
Domain name: home.local
IP address of host running Device Manager: 192.168.0.2
The following configuration will be used:
Enable password: <current password>
Allow password recovery: yes
Clock (UTC): 02:22:40 Jul 16 2013
Firewall Mode: Routed
Management IP address: 192.168.0.1
Management network mask: 255.255.255.0
Host name: ciscoasa
Domain name: home.local
IP address of host running Device Manager: 192.168.0.2
Use this configuration and save to flash? [yes]
INFO: Security level for "management" set to 0 by default.
WARNING: http server is not yet enabled to allow ASDM access.
Cryptochecksum: 9e00a9bd f4f514fe d913ec58 f011fff2
2520 bytes copied in 1.60 secs (2520 bytes/sec)
Type help or '?' for a list of available commands.
ciscoasa>
Enable password [<use current password>]:
Allow password recovery [yes]?
Clock (UTC):
Year [2013]:
Month [Jul]:
Day [16]:
Time [02:22:40]:
Management IP address: 192.168.0.1
Management network mask: 255.255.255.0
Host name: ciscoasa
Domain name: home.local
IP address of host running Device Manager: 192.168.0.2
The following configuration will be used:
Enable password: <current password>
Allow password recovery: yes
Clock (UTC): 02:22:40 Jul 16 2013
Firewall Mode: Routed
Management IP address: 192.168.0.1
Management network mask: 255.255.255.0
Host name: ciscoasa
Domain name: home.local
IP address of host running Device Manager: 192.168.0.2
Use this configuration and save to flash? [yes]
INFO: Security level for "management" set to 0 by default.
WARNING: http server is not yet enabled to allow ASDM access.
Cryptochecksum: 9e00a9bd f4f514fe d913ec58 f011fff2
2520 bytes copied in 1.60 secs (2520 bytes/sec)
Type help or '?' for a list of available commands.
ciscoasa>
Not finished yet......
So now connect your ASA up to your network / workstation via any port except eth0/0 as this is what most people use for their WAN connections and as such Cisco have left this interface shutdown.
You should be able to ping the ASA from your workstation and if you can't, there is no point continuing on till this has been rectified.
Once you can ping your workstation you can start configuring up the http (ASDM) service as well as configuring a user that can access the http server.
Note, if you remember from the above steps the enable password is left blank (just hit "Enter").
Also I have turned off call-home reporting as you can see in the next few steps.
ciscoasa> enable
Password:
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: N
In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".
Please remember to save your configuration.
ciscoasa(config)# http server enable
ciscoasa(config)# username admin password changeme privilege 15
ciscoasa(config)# http 192.168.0.0 255.255.255.0 management
ciscoasa(config)# wr m
Building configuration...
Cryptochecksum: 3ad2e4f6 a0fa2cc2 8f21ee6e 0013624c
3211 bytes copied in 0.980 secs
[OK]
ciscoasa(config)#
Password:
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: N
In the future, if you would like to enable this feature,
issue the command "call-home reporting anonymous".
Please remember to save your configuration.
ciscoasa(config)# http server enable
ciscoasa(config)# username admin password changeme privilege 15
ciscoasa(config)# http 192.168.0.0 255.255.255.0 management
ciscoasa(config)# wr m
Building configuration...
Cryptochecksum: 3ad2e4f6 a0fa2cc2 8f21ee6e 0013624c
3211 bytes copied in 0.980 secs
[OK]
ciscoasa(config)#
You should now be able to access the web interface from the 192.168.0.0/24 network, with the username: admin and password: changeme.
So, login to the device via https://192.168.0.1/admin and you will see the following.
_login.jpg)
Success!
We are now reached the end of this configuration guide, you can now run the startup wizard or simply bounce straight into configuring via ASDM.
Please leave a comment if you have any questions or if you have found this guide to be useful. I will attempt to get back to you in a timely manner.
No comments:
Post a Comment