Scribd
Upload
225 views

ASA Basic Initial Configuration

This document provides instructions for configuring basic security settings on an Adaptive Security Appliance (ASA) firewall. It describes how to configure an IP address and security settings for the ASA interface, set the hostname and login passwords, and configure the ASA to use a local username/password database for authentication. The key steps are to bring up the interface, assign an IP address and subnet mask, assign a name and security level, set the hostname and enable/login passwords, and configure a local username and password database for authentication.

Uploaded by

Deepak Kardam
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
225 views

ASA Basic Initial Configuration

This document provides instructions for configuring basic security settings on an Adaptive Security Appliance (ASA) firewall. It describes how to configure an IP address and security settings for the ASA interface, set the hostname and login passwords, and configure the ASA to use a local username/password database for authentication. The key steps are to bring up the interface, assign an IP address and subnet mask, assign a name and security level, set the hostname and enable/login passwords, and configure a local username and password database for authentication.

Uploaded by

Deepak Kardam
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Basic configuration of Adaptive Security

Appliance (ASA)
Prerequisite – Adaptive security appliance (ASA)
Adaptive Security Appliance (ASA) is a Cisco security appliance which combines classic
firewall features with VPN, Intrusion Prevention and antivirus capabilities. It has the capability
to provide threat defense before the attacks spread into the networks.

As an administrator, we have to ensure protection against unauthorised access to our firewall.


We can set login passwords, enable passwords for this. Also, we will discuss about configuring
an IP address on ASA interface.

Administrative Configuration –

Bring up the interface and assigning an IP address to ASA.


To configure an IP address on the interface of an ASA, we have to configure 4 things:

1. Bring up the interface –


After entering into global interface mode, use the command no shut to bring up the
interface.
2. Assign an IP address to the interface of ASA –
After bringing up the interface, assign an IP address by the command

IP address IP_address Subnet_Mask

Its the same way by which we assign an IP address to the router’s interface. But the
difference is that we can assign an IP address to ASA interface without the subnet mask
also.

IP address IP_address

Now, if we don’t give a subnet mask, it automatically takes a classful subnet mask.for
example if we assign 192.168.1.1 to the ASA interface the it will automatically takes
255.255.255.0 as subnet mask.

3. Assign a nameif to the ASA interface –


In ASA, we also assign a name to the interface otherwise the interface will be down. The
most common names are INSIDE, OUTSIDE or DMZ. These names are used while
applying a policy but has no role for forwarding the traffic.
We can assign a name to an ASA interface by the command:

nameif NAME
NAME is the name you want to give to an interface.

4. Assign a security level to the interface –


Security level is an integer value ranging from 0 to 100. It tells the trustworthiness of an
interface i.e which interface is most trusted. 0 means less trusted while 100 means the
most trusted.
If we provide the name INSIDE to an interface, it will automatically provide security
level 100 to it and if we provide any other name like OUTSIDE or DMZ, it will assign
automatically 0 to it but can be changed manually.
We can assign security level to an interface by the command:

Security-level {value}

Here is an example where we will provide IP address 192.268.1.1 and subnet mask
255.255.255.0, name as INSIDE and security-level as 100.

asa(config)#int e0
asa(config-if)#no shut
asa(config-if)#ip address 192.168.1.1 255.255.255.0
asa(config-if)#nameif INSIDE
asa(config-if)#security level 100

Giving hostname to ASA –


It is used to set a name to a device stating an identity to a device.It is given by the same
command that is used on the router :-

asa(config)#hostname ciscoasa
ciscoasa(config)#

Setting passwords –
As ASA is a security device, by default it will ask for password while we try to enter privilege
mode. By default, no password is set therefore by simply clicking enter, we can enter the
privilege mode.

enable password –
The enable password is used for securing privilege mode. In routers, this password is shown in
clear text in running-configuration but in ASA, this password is encrypted (therefore no enable
secret required.) The password is a case-sensitive password of up to 16 alphanumeric and special
characters. We can set an enable password by

asa(config)#enable password GeeksforGeeks

Or by the command

asa(config)#enable passwd GeeksforGeeks


Where GeeksforGeeks is the password.
If we want to disable this password or set password to default then simply enter the command.

asa(config)#enable password

login password –
This password is used for taking access of ASA by using Telnet or SSH. By default, the login
password is “Cisco”. We can change it by the command

asa(config)#password GeeksforGeeks
or
asa(config)#passwd GeeksforGeeks

Where GeeksforGeeks is the login password.

Using local database for login:


A local database is configured on the device (username and password) so that it can be used for
the login purpose. It is configured in the same manner as it is configured on the router. A local
database can be configured on the device using the command

asa(config)#username SAURABH password GeeksforGeeks

Where SAURABH is username and password is GeeksforGeeks.


If we want the ASA to use its local database for its login purpose then we can use the command

asa(config)#aaa authentication serial console LOCAL

Here, note that LOCAL is case-sensitive

You might also like