ASA Administration: Basic Commands

This document provides an overview of Cisco ASA firewall management and configuration. It discusses basic ASA administration commands, security levels, access control list entries, and sample base configuration commands for static and DHCP-assigned IP addresses on the outside interface. The document also mentions advance setup commands but does not provide details.

Uploaded by

Salahudin Dar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

114 views2 pages

ASA Administration: Basic Commands

Uploaded by

Salahudin Dar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 2

CISCO Firewall Management

ASA Administration
Basic Commands

show running access-list

security Levels

Inside Outside DMZ

100 0 50

ACLs are comprised of one or more Access Control Entries (ACEs). Each ACE is an individual line
within an ACL

Setup Commands

interface
nameif
security-level
ip address
switchport access
object network
nat
route

Sample Base Configuration #1 (Static IP

Address on Outside Interface)
ciscoasa(config)# interface vlan1
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# interface vlan2
ciscoasa(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)# interface ethernet 0/0
ciscoasa(config-if)# switchport access vlan 2
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# interface ethernet 0/1
ciscoasa(config-if)# switchport access vlan 1
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# interface vlan 2
ciscoasa(config-if)# ip address 12.3.4.5 255.255.255.0
ciscoasa(config-if)# interface vlan 1
ciscoasa(config-if)# ip address 192.168.106.1
ciscoasa(config-if)# route outside 0 0 12.3.4.6
ciscoasa(config-if)#object network net-192.168.106
ciscoasa(config-network-object)#subnet 192.168.106.0 255.255.255.0
ciscoasa(config)#nat (inside,outside) dynamic interface
ciscoasa(config)#exit

Sample Base Configuration #2 (DHCP-assigned

IP Address on Outside Interface)
ciscoasa(config)# interface vlan1
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# interface vlan2
ciscoasa(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)# interface ethernet 0/0
ciscoasa(config-if)# switchport access vlan 2
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# interface ethernet 0/1
ciscoasa(config-if)# switchport access vlan 1
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)# interface vlan 2
ciscoasa(config-if)# ip address dhcp setroute
ciscoasa(config-if)# interface vlan 1
ciscoasa(config-if)# ip address 192.168.106.1
ciscoasa(config-if)#object network net-192.168.106
ciscoasa(config-network-object)#subnet 192.168.106.0 255.255.255.0
ciscoasa(config)#nat (inside,outside) dynamic interface
ciscoasa(config)#exit