LAB 1Basic ASA Configuration

Initialization Setup of ASA is similar as Router where you use a rollover cable
to connect console of ASA to com port of PC. Command Line Interface (CLI) here is
little different from IOS Router but the modes are similar as on Router, We have an
Unprivileged Mode > This is the most basic level of access to the Cisco Device,
the first mode in which you can issue very few commands. To configure your ASA
you need to get in to Privileged Mode #.

Task-1 Getting Started With ASA

When we boot up the device we get into unprivileged mode from where we
can view the details of ASA, its supporting features, available interfaces and its
Licensing etc...
ciscoasa>
ciscoasa>show version
Cisco ASA Security Appliance Software Version 8.4(2)

IOS Version of ASA

ciscoasa up 33 mins 30 secs

Uptime of device

Hardware: PIX-525, 256 MB RAM, CPU Pentium II 1 MHz

Flash E28F128J3 @ 0xfff00000, 16 MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Licensed features for this platform:
Maximum Physical Interfaces
: 10
Maximum VLANs
: 100
Inside Hosts
: Unlimited
Failover
: Active/Active
VPN-DES
: Enabled

Hardware Configurations

VPN-3DES-AES
Cut-through Proxy
Guards
URL Filtering
Security Contexts
GTP/GPRS
VPN Peers

License Details

: Enabled
: Enabled
:
:
:2
:
:

Enabled
Enabled
Disabled
Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: 403340212
Running Activation Key: 0x497acdef 0x39ef68ac 0x36d54110 0x2f9868d7
Configuration has not been modified since last system restart.

From unprivileged mode we can issue few more commands like ping,
traceroute and login etc. but to make any changes on the device or to configure
device we need to get into privileged mode of that device. From Unprivileged mode
issue enable command to get into privileged mode
ciscoasa> enable
Password:
prompted
ciscoasa#

The default password on ASA is Blank <null> hit Enter when

When you are in privileged mode now you can start configuring your device,
When you are in privileged mode of ASA you can issue all the commands to device,
to make some configuration on device you need to get into configure mode, you can
get into configure mode by issuing configure terminal command in privileged
mode
ciscoasa# configure terminal
ciscoasa(config)# enable password cisco123
Configuring Enable Password
ciscoasa(config)# hostname ASA
Modifying Hostname
ASA(config)#

In the description of show version command you can view the licensing
details of the device which exhibits the capabilities of device functioning. ASA
comes with two different licenses

Base License
Security plus License

By default ASA comes with Base License where few functions of ASA will be
restricted or locked. To use those functions we need to get an Activation Key from
Cisco and Install it on Device.
ASA(config)# activation-key 0x000000000x000000000x000000000x00000000
The following features available in flash activation key are NOT
available in new activation key:
Failover is different.
flash activation key: Restricted(R)
new activation key: Unrestricted(UR)
Proceed with update flash activation key? [confirm] Press Enter
WARNING: The running activation key was not updated with the requested key.
The flash activation key was updated with the requested key, and will become
active after the next reload.

Task-2 Configuring Interfaces as per following Credentials

Interface
Ethernet 0
Ethernet 1
Ethernet 2

Ip Address
192.168.1.1
10.1.1.1
172.16.1.1

Name
Outside
Inside
DMZ

Security Level
0
100
50

Simplylike a routerInterface configuration in ASA is done from interface mode

only.
ASA(config)# interface ethernet 0
ASA(config-if)# ip address 192.168.1.1 255.0.0.0
ASA(config-if)# no shutdown
ASA(config-if)# interface ethernet 1
ASA(config-if)# ip address 10.1.1.1 255.0.0.0
ASA(config-if)# no shutdown
ASA(config-if)# interface ethernet 2
ASA(config-if)# ip address 172.16.1.1
ASA(config-if)# no shutdown

But apart from configuring ip address in ASA we even have to configure Two
more credentials i.e. Name of interface and Trustiness of interface (Security Level).
Where Name of the interface is the any logical name (Like Inside, Outside, Private
any name) given to the interface and throughout configuration the interface will be
called with that name not by their Physical names (Ethernet 0 or 1), Assigning name
to interface is mandatory. Even if you assign ip address until and unless you
configure name to it our interface will not function.
And security level is the value which defines the trustiness of an interface.
The interface with high security level value can communicate with low security
value interfaces but low valued interface cant initiate communication for high
valued interfaces by default.
ASA(config-if)# interface ethernet 0
ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# security-level 0

ASA(config-if)# interface ethernet 1

ASA(config-if)# nameif inside
ASA identify only the word inside
INFO: Security level for "inside" set to 100 by default.
perfectly when
this
name
is
assigned
to
any
interface
ASA(config-if)# interface ethernet 2
automatically security level will be
ASA(config-if)# nameif DMZ
Apart from inside any other
INFO: Security level for "DMZ" set to 0 by default.
name gets security level 0 by
ASA(config-if)# security-level 50
default

Verification
ASA# show running-config ip
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.1.1 255.0.0.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.1.1 255.0.0.0
!
interface Ethernet2
nameif DMZ
security-level 50
ip address 172.16.0.1 255.255.0.0
!
ASA#

Notes::--