![]() As for starting from scratch, regardless of if you used write erase or configure factory-default your configuration won’t be empty. I usually just choose no and configure it by myself. Pre-configure Firewall now through interactive prompts ? Once the firewall has reloaded after issuing write erase you are presented with a prompt. I can’t really remember ever using the ‘configure factory-default’ command and use the ‘write erase’ option instead. Also on the 5505 NAT is configured from the start so the small device can function more as a plug and play device. The ASA 5505 default configuration also sets vlan2 to outside and configures it as a DHCP client. If you are using an ASA 5505 which doesn’t have a management0/0 interface, vlan1 will be used instead but as the inside interface. The command also configures the internal dhcp server. It configures the interface called “management0/0” with an ip address of 192.168.1.1/24, enables the http server and allowed ASDM access from the 192.168.1.0/24 network. Just looking at the output from the command tells you what it does. INFO: Security level for "management" set to 0 by default.Įxecuting command: ip address 192.168.1.1 255.255.255.0Įxecuting command: http 192.168.1.0 255.255.255.0 managementĮxecuting command: dhcpd address 192.168.1.2-192.168.1.254 managementĮxecuting command: dhcpd enable managementĮxecuting command: logging asdm informationalįactory-default configuration is completed WARNING: DHCPD bindings cleared on interface 'management', address pool removedĮxecuting command: interface management0/0 Verify there is a valid image on disk0:/ or the system willīegin to apply factory-default configuration: The first image found in disk0:/ will be used to boot the WARNING: The boot system configuration will be cleared. Pool size is reduced to 253 from the platform limit 256 ![]() ciscoasa(config)# configure factory-defaultīased on the management IP address and mask, the DHCP address I would advice against using any of these commands in a production environment if you don’t know what you are doing. ![]() The config factory default command does basically the same but does it in memory. The write erase command removes the startup configuration and once you have rebooted your ASA (with the reload command) and chosen not to save the configuration you will have a fresh config. To start with a fresh configuration you execute any of these: write erase In order to make changes on the ASA you have to enter the configuration mode which is done by the ‘configure terminal’ command. ‘show curpriv’ shows that you are at level 15, the highest priviledge. If you again type a question mark you will note that you have access to a lot more commands compared to the unpriviledged mode. Now you are in priviledged or enable mode. Press enter or type “cisco” at the password prompt, it should be blank by default. In order to go to the priviledged mode you type enable. ‘show curpriv’ for example lets you know that you are at priviledge level 1 which doesn’t really grant you much access. You can ping other devices and have a few show commands at your disposal. This is a mode where your access is limited, if you type a question mark you will see that you only have a few commands available. The “>” character lets you know that you have entered the asa in unpriviledged mode. If it’s a used device you might be prompted for a username and password, if you don’t have it you can perform a password reset. Set your COM port to 9600 bauds and connect through Putty or another console application. If you don’t have any other way of accessing the device you can reach it through the console port. However overall the configuration is the same on all ASA platforms. Aside from the appliances you also have the ASA services module which you can use in a Catalyst 6500 switch, on those the interfaces are also configured differently. For the other ASA appliances the names of the interfaces will differ, i.e fastethernet or gigabitethernet. The main difference is the baby ASA, or 5505 which is a quietish table top device, where you configure vlan interfaces instead of physical interfaces. There are a few different ASA models, however in terms on configuration they are mostly the same. Though the ASA can do a lot of things, in this post I will cover the basics such as how you set it up and connect the device to the Internet. The ASA is Ciscos firewall or VPN device. Another reason is that people just haven’t taken the time to get familiar with firewalls. I think some of this comes from the fact that “it’s not a router”. Even with people who work in networking, as soon as you say the word “firewall” a lot of people tend to stare at that far away place that only exists in their minds.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |