woodzelma28

Smile! You’re at the best WordPress.com site ever

Basic Configuration Tutorial For the Cisco ASA 5510 Firewall

leave a comment »

Continuing our series of articles about Cisco ASA 5500 firewalls, I’m offering you here a basic configuration tutorial for the Cisco ASA 5510 security appliance. This device is the second model in the ASA series (ASA 5505, 5510, 5520 etc) and is fairly popular since is intended for small to medium enterprises. Like the smallest ASA 5505 model, the 5510 comes with two license options: The Base license and the Security Plus license. The second one (security plus) provides some performance and hardware enhancements over the base license, such as 130,000 Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50), Failover Redundancy, etc. Also, the security plus license enables two of the five firewall network ports to work as 10/100/1000 instead of only 10/100.Next we will see a simple Internet Access scenario which will help us understand the basic steps needed to setup an ASA 5510. Assume that we are assigned a static public IP address 100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0/24. Interface Ethernet0/0 will be connected on the outside (towards the ISP), and Ethernet0/1 will be connected to the Inside LAN switch.The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts. All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface. Let’s see a snippet of the required configuration steps for this basic scenario:Step1: Configure a privileged level password (enable password)By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:ASA5510(config)# enable password mysecretpasswordStep2: Configure the public outside interfaceASA5510(config)# interface Ethernet0/0ASA5510(config-if)# nameif outsideASA5510(config-if)# security-level 0ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252ASA5510(config-if)# no shutStep3: Configure the trusted internal interfaceASA5510(config)# interface Ethernet0/1ASA5510(config-if)# nameif insideASA5510(config-if)# security-level 100ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0ASA5510(config-if)# no shutStep 4: Configure PAT on the outside interfaceASA5510(config)# global (outside) 1 interfaceASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCPASA5510(config)# dhcpd dns 200.200.200.10ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 insideASA5510(config)# dhcpd enable insideThe above basic configuration is just the beginning for making the appliance operational. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc.Visit my website in my resource box below for more information about Cisco products and solutions. You can also learn how to configure any Cisco ASA 5500 Firewall Here (applicable for ALL ASA models running software versions 7.x and 8.x).

Advertisements

Written by woodzelma28

April 24, 2016 at 8:03 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: