How to do basic set-up of ASA firewall.

Last Updated - April 4, 2023

Setting up a ASA firewall is pretty straightforward. All we need to do is

Assign a public IP address to one of the ports as an outside interface with the lowest security level.
Assign a private IP to one of the ports as an inside interface with the highest security level.
Provide a route to the internet from the inside interface.
Create a NAT so that the private IPs on the inside interface are converted to the public IP and the internet is accessed from the inside interface.

For more information you can check Cisco website.

These are the four basic steps that are needed to set up the firewall. Here we are using ASA 5506x using a console cable in global config mode. In addition, we will set up a hostname, user, allowing SSH, allowing ASDM, and DHCP addresses in case no server is available for DHCP and DNS. The process will be the same for all firewalls.

				
					!Changing Hostname
#hostname ciscoasa
!Changing timezome
#clock timezone EST -5
!password encryption
#service password-encryption
!Enable password
#enable password W@rr10r!!
!User creation
#username admin password W@rr10r!! privilege 15
!allowing authencation for SSH
#aaa authentication ssh console LOCAL

!setting up IP for outside interface
#interface GigabitEthernet1/1
#nameif outside
#security-level 0
#ip address 45.124.58.28 255.255.255.252
#exit

!setting up IP for inside interface
#interface GigabitEthernet1/2
#nameif inside
#security-level 100
#ip address 192.168.11.5 255.255.255.0
#exit

!route outside
#route outside 0.0.0.0 0.0.0.0 45.124.58.28 1

!Setting up NAT
#object network obj_any
#subnet 0.0.0.0 0.0.0.0
#nat (any,outside) dynamic interface

!Setting up DHCPD
#dhcpd address 192.168.11.50-192.168.11.250 inside
#dhcpd dns 8.8.8.8 8.8.4.4 interface inside
#dhcpd enable inside

!Allowing ADSM from inside
#http server enable
#http 192.168.11.0 255.255.255.0 inside

!Allowing SSH from inside and specific IP from outside
#ssh stricthostkeycheck
#ssh 192.168.11.0 255.255.255.0 inside
#ssh 45.124.48.29 255.255.255.255 outside

To upgrade ASA and ASDM images you can check here.

KB170093

How to resolve sync error between two Domain Controller – exceeded the tombstone lifetime

Table of Contents Introduction In my lab set-up, I found that the domain controllers were not syncing and I suspect it was because of the

How to use two-factor authentication for SSH on Ubuntu

Contents Introduction When we access a device using SSH we generally do it by either using a username/password or using SSH keys. So if an

How to setup WireGuard VPN on an iPhone

Many a time we are in public places like the airport and use the public internet on our phones which is easy to eavesdrop on.

How to install specific apps of Microsoft Office on Windows

In the older version of Microsoft Office like MS 2010,2013, which used offline installers there was an option to install the app of your choice.

How to do basic set-up of ASA firewall.

Related Posts

How to resolve sync error between two Domain Controller – exceeded the tombstone lifetime

How to use two-factor authentication for SSH on Ubuntu

How to setup WireGuard VPN on an iPhone

How to install specific apps of Microsoft Office on Windows