Posts tagged asa

cisco: ASA 5510 basic setup
posted on 2016-02-29 22:49:46

This is almost the same posting as the previous one on setting up the 5505, but with some adjustments.

To have a very basic and usable ASA device after a factory reset, you might consider the commands presented in the following. These were entered into the device via a serial connection to the console port.

Usually this connection's speed is 9600 baud 8N1, in case you wonder.

ASDM will be available in LAN, not just via the Management port. Further there private IP networks being used for ingress and egress networks.

first aid

  • Use TAB to expand all the mentioned commands.
  • Use ? to show available commands.
  • In (config), use sh run to show your current configuration.

In case you need more in depth info, here is the original page from cisco.

modes

There are several modes, in very short:

  • EXEC = only most basic commands ('>' prompt)
  • privileged EXEC = you can now reboot and possibly change config ('#' prompt, enter via ena)
  • config = you can change configuration ('(config)' prompt, enter via conf t)

first steps upon fresh connect after a factory reset

! ! denotes comments and do not need being entered

! privileged mode
ena
! hit enter, initially no password needed

! now enter configure mode
conf t

! which box are we working on?
ho <hostname>

! set enable password
! can be used later for ASDM, too, which username being omitted
ena p <password>

set external and interal networks onto physical port

! maybe instead of 'E' you need 'G' for gigabit interfaces
in E 0/0
no shut
sec 0
ip ad 10.0.0.1 255.255.255.0
nameif OUTSIDE

in E 0/1
no shut
sec 100
ip ad 192.168.0.1 255.255.255.0
nameif INSIDE

! management IF, in case you want it
!in M 0/0

!exit
q

ASDM

! enable asdm...
ht s en

! ... from LAN
ht 192.168.0.0 255.255.255.0 INSIDE

save and reboot

wr mem
rel

ASA's are painful to maintain.

cisco: ASA 5505 basic setup
posted on 2016-02-29 22:49:46

To have a very basic and usable ASA device after a factory reset, you might consider the commands presented in the following. These were entered into the device via a serial connection to the console port.

Usually this connection's speed is 9600 baud 8N1, in case you wonder.

ASDM will be available in LAN, not just via the Management port. Further there private IP networks being used for ingress and egress networks.

first aid

  • Use TAB to expand all the mentioned commands.
  • Use ? to show available commands.
  • In (config), use sh run to show your current configuration.

modes

There are several modes, in very short:

  • EXEC = only most basic commands ('>' prompt)
  • privileged EXEC = you can now reboot and possibly change config ('#' prompt, enter via ena)
  • config = you can change configuration ('(config)' prompt, enter via conf t)

first steps upon fresh connect after a factory reset

! ! denotes comments and do not need being entered

! privileged mode
ena
! hit enter, initially no password needed

! now enter configure mode
conf t

! which box are we working on?
ho <hostname>

! set enable password
! can be used later for ASDM, too, which username being omitted
ena p <password>

create VLAN for external and interal network

in Vlan1
 nameif OUTSIDE
 sec 1
 ip ad 10.0.0.1 255.255.255.0

in Vlan10
 nameif INSIDE
 sec 100
 ip ad 192.168.1.1 255.255.255.0

! exit
q

set vlans for your physical interfaces

! first your uplink
in E 0/0
 no shut
 sw a v 1

! now the others
in E 0/1
 no shut
 sw a v 10

in E 0/2
 no shut
 sw a v 10

in E 0/3
 no shut
 sw a v 10

! of course you can do it for all others, too, if you want
! else:
q

ASDM

! enable asdm...
ht s en

! ... from LAN
ht 192.168.1.0 255.255.255.0 INSIDE

save and reboot

wr mem
rel

ASA's are painful to maintain.

ASA: access console via serial port
posted on 2015-02-21 18:02:56

To connect to one of Cisco's ASA's (short for Adaptive Security Appliance), you have several options.

Either use the management ethernet port (labelled MGMT) or via the serial interface (CONSOLE), which are both rj45 outlets. This methods of access are the same for most other hardware appliances.

If the ASA was not accessed in a while and the network config was lost (or if it's a leftover from an old customer), you are likely unable to access it through the management port, because you do not know the subnet you have to be in to connect to it, anymore.

If you still happen to know your credentials, you might try the serial interface.

If your computer has a serial interface, too, you only need a rs232-to-rj45 cable for the asa. If you have a laptop its much more likely that you just lack the serial port, you need an adapter from serial to ethernet, plus an adapter from serial-to-usb.

From here the steps differ, depending on your operating system.

windows

  1. plug in the adapter, which is connected to the devices CONSOLE port, too
  2. open the device manager
  3. look up which COM port just got added
  4. open putty
  5. connection destination is i.e. COM-7, if thats the one you saw
  6. enter baud rate (9600 for cisco devices AFAIK)
  7. connect

You should be greeted by a prompt of the ASA. Hit space, in case putty does not update your console window.

linux

  1. plug in the adapter connected to the ASA
  2. ls -alh /dev/tty*
  3. You should see a device called something like /dev/ttyUSB0
  4. sudo screen /dev/ttyUSB0 9600, with baud rate of 9600 like mentioned in the windows manual above
  5. you should be connected, hit spacebar if nothing is shown.

If you happen to have problems to find out which device is added when you insert the adapter into your usb port, try:

watch --differences -n.2 ls /dev/tty*

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas