Cisco ASA 5500 Series Configuration Guide using ASDM, 6.4 and 6.6
Using the Startup Wizard
Downloads: This chapterpdf (PDF - 139.0KB) The complete bookPDF (PDF - 26.27MB) | Feedback

Using the Startup Wizard

Table Of Contents

Using the Startup Wizard

Information About the Startup Wizard

Licensing Requirements for the Startup Wizard

Guidelines and Limitations

Startup Wizard Screens

Starting Point or Welcome

Basic Configuration

Interface Screens

Interface Selection (ASA 5505)

Switch Port Allocation (ASA 5505)

Interface IP Address Configuration (ASA 5505, Routed Mode)

Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)

Outside Interface Configuration (ASA 5510 and Higher, Routed Mode)

Outside Interface Configuration - PPPoE (ASA 5510 and Higher, Routed Mode, Single Mode)

Management IP Address Configuration (Transparent Mode)

Other Interfaces Configuration (ASA 5510 and Higher)

Static Routes

Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)

DHCP Server

Address Translation (NAT/PAT)

Administrative Access

IPS Basic Configuration (IPS SSP)

Time Zone and Clock Configuration (ASA 5585-X)

Auto Update Server (Single Mode)

Startup Wizard Summary

Feature History for the Startup Wizard


Using the Startup Wizard


The ASDM Startup Wizard guides you through the initial configuration of the ASA, and helps you define basic settings.

This chapter includes the following sections:

Information About the Startup Wizard

Licensing Requirements for the Startup Wizard

Guidelines and Limitations

Startup Wizard Screens

Feature History for the Startup Wizard

Information About the Startup Wizard

To access this feature in the main ASDM application window, choose one of the following:

Wizards > Startup Wizard.

Configuration > Device Setup > Startup Wizard, and then click Launch Startup Wizard.

Licensing Requirements for the Startup Wizard

The following table shows the licensing requirements for this feature:

Model
License Requirement

All models

Base License.


Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single mode and within a context in multiple context mode. This wizard is not supported in the system context.

Firewall Mode Guidelines

Supported in routed and transparent firewall modes.

IPv6 Guidelines

Supports IPv6.

Startup Wizard Screens

The actual sequence of screens is determined by your specified configuration selections. Each screen is available for all modes or models unless otherwise noted. This section includes the following topics:

Starting Point or Welcome

Basic Configuration

Interface Screens

Static Routes

Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)

DHCP Server

Address Translation (NAT/PAT)

Administrative Access

IPS Basic Configuration (IPS SSP)

Time Zone and Clock Configuration (ASA 5585-X)

Auto Update Server (Single Mode)

Startup Wizard Summary

Starting Point or Welcome

To change the existing configuration, click the Modify existing configuration radio button.

To set the configuration to the factory default values, click the Reset configuration to factory defaults radio button.

To configure the IP address and subnet mask of the Management 0/0 (ASA 5510 and higher) or VLAN 1 (ASA 5505) interface to be different from the default value (192.168.1.1), check the Configure the IP address of the management interface check box.


Note If you reset the configuration to factory defaults, you cannot undo these changes by clicking Cancel or by closing this screen.


In multiple context mode, this screen does not contain any parameters.

Basic Configuration

(ASA 5505) To specify a group of configuration settings for a remote worker, check the Configure the device for Teleworker usage check box. See the "Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)" section for more information.

For information about the hostname, domain name, and enable password, see the "Configuring the Hostname, Domain Name, and Passwords" section.

Interface Screens

The interface screens depend on the mode and model. This section includes the following topics:

Interface Selection (ASA 5505)

Switch Port Allocation (ASA 5505)

Interface IP Address Configuration (ASA 5505, Routed Mode)

Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)

Outside Interface Configuration - PPPoE (ASA 5510 and Higher, Routed Mode, Single Mode)

Interface Selection (ASA 5505)

Other Interfaces Configuration (ASA 5510 and Higher)

Interface Selection (ASA 5505)

This screen lets you group the eight, Fast Ethernet switch ports on the ASA 5505 into three VLANs. These VLANs function as separate, Layer 3 networks. You can then choose or create the VLANs that define your network—one for each interface: Outside, Inside, or DMZ (DMZ is available in routed mode only). A DMZ is a separate network located in the neutral zone between a private (inside) network and a public (outside) network.

See the "Configuring VLAN Interfaces" section for more information.

Switch Port Allocation (ASA 5505)

This screen lets you allocate switch ports to Outside, Inside, or DMZ interfaces (DMZ is only available in routed mode). By default, all switch ports are assigned to VLAN 1 (Inside).

See the "Configuring VLAN Interfaces" section for more information.

Interface IP Address Configuration (ASA 5505, Routed Mode)

Configure the IP address of each VLAN interface. See the "Configuring General Interface Parameters" section for more information..

Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)

Configure the PPoE settings for each interface. See the "PPPoE IP Address and Route Settings" section for more information.

Outside Interface Configuration (ASA 5510 and Higher, Routed Mode)

Configure the IP address of the outside interface (the interface with the lowest security level). See the "Configuring General Interface Parameters" section for more information..

To configure the IPv6 address, see the "Configuring IPv6 Addressing" section.

Outside Interface Configuration - PPPoE (ASA 5510 and Higher, Routed Mode, Single Mode)

Configure the PPoE settings for the outside interface. See the "PPPoE IP Address and Route Settings" section for more information.

Management IP Address Configuration (Transparent Mode)

For IPv4, a management IP address is required for each bridge group for both management traffic and for traffic to pass through the ASA. This screen sets the IP address for BVI 1.

See the "Configuring Bridge Groups" section for more information.

Other Interfaces Configuration (ASA 5510 and Higher)

You can configure parameters for other interfaces. See the "Configuring General Interface Parameters" section for more information.

See the "Allowing Same Security Level Communication" section for information about the Enable traffic between... check boxes.

Static Routes

Configure static routes. See Chapter 25 "Configuring Static and Default Routes," for more information.


Note For the ASA 5505, to access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration.


Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)

The ASA can act as an Easy VPN remote device to enable deployment of VPNs to remote locations. See the "Easy VPN Remote" section.


Note To access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration and unchecked the Enable Auto Update check box in Auto Update Server (Single Mode).


DHCP Server

Configure the DHCP server. See the "Configuring a DHCP Server" section for more information.

Address Translation (NAT/PAT)

Configures NAT or PAT for inside addresses (the interface with the highest security level) when accessing the outside (the interface with the lowest security level). See the "Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool" section or the "Configuring Dynamic PAT (Hide)" section for more information.

Administrative Access

Configures ASDM, Telnet, or SSH access. See the "Configuring Management Access" section for more information.

To enable a secure connection to an HTTP server to access ASDM, check the Enable HTTP server for HTTPS/ASDM access check box. See the "Configuring Management Access" section for more information.

To allow ASDM to collect and display statistics, check the Enable ASDM history metrics check box. See the "Enabling History Metrics" section for more information.

IPS Basic Configuration (IPS SSP)

Configure the basic IPS SSP network configuration. These settings are saved to the IPS SSP configuration, not the ASA configuration. You must configure initial settings for the IPS SSP using this screen before you can complete your configuration from the Configuration > IPS pane.

To configure the IPS basic settings, perform the following steps:


Step 1 In the Network Settings area, configure the following:

IP Address—The management IP address. By default, the address is 192.168.1.2.

Subnet Mask—The subnet mask for the management IP address.

Gateway—The IP address of the upstream router. By default, this IP address is the ASA management IP address, 192.168.1.1.

HTTP Proxy Server—(Optional) The HTTP proxy server address. You may need a proxy server to download global correlation updates if your network uses proxy.

HTTP Proxy Port—(Optional) The HTTP proxy server port.

DNS Primary—(Optional) The primary DNS server address. If you are using a DNS server, you must configure at least one DNS server and it must be reachable for global correlation updates to be successful.

For global correlation to function, you must have either a DNS server or an HTTP proxy server configured at all times. DNS resolution is supported only for accessing the global correlation update server.

Step 2 In the Management Access List area, enter an IP address and subnet mask for any hosts that are allowed to access the IPS SSP management interface, and click Add. You can add multiple IP addresses.

Step 3 In the Cisco Account Password area, set the password for the username "cisco" and confirm it. The username "cisco" and this password are used for Telnet sessions from hosts specified by the management access list and when accessing the IPS module from ASDM (Configuration > IPS). By default, the password is cisco.

Step 4 In the Network Participation area, which you use to have the IPS module participate in SensorBase data sharing, click Full, Partial, or Off.


Time Zone and Clock Configuration (ASA 5585-X)

Configure the clock parameters. See the "Setting the Date and Time" section for more information.

Auto Update Server (Single Mode)

Configure an auto update server by checking the Enable Auto Update Server for ASA check box. See the "Configuring Auto Update" section for more information.

If you have an ASA 5585-X with an IPS SSP, you can check the Enable Signature and Engine Updates from Cisco.com check box. Set the following additional parameters:

Enter your Cisco.com username and password, and then confirm the password.

Enter the start time in hh:mm:ss format, using a 24-hour clock.


Note For the ASA 5505, to access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration.


Startup Wizard Summary

This screen summarizes all of the configuration settings that you have made for the ASA.

To change any of the settings in previous screens, click Back.

Choose one of the following:

If you ran the Startup Wizard directly from a browser, when you click Finish, the configuration settings that you created through the wizard are sent to the ASA and saved in flash memory automatically.

If you ran the Startup Wizard from within ASDM, you must explicitly save the configuration in flash memory by choosing File > Save Running Configuration to Flash.

Feature History for the Startup Wizard

Table 5-1 lists each feature change and the platform release in which it was implemented. ASDM is backwards-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.

Table 5-1 Feature History for the Startup Wizard

Feature Name
Platform Releases
Feature Information

Startup Wizard

7.0(1)

This feature was introduced.

We introduced the Wizards > Startup Wizard screen.

IPS Configuration

8.4(1)

For the IPS SSP in the ASA 5585-X, the IPS Basic Configuration screen was added to the startup wizard. Signature updates for the IPS SSP were also added to the Auto Update screen. The Time Zone and Clock Configuration screen was added to ensure the clock is set on the ASA; the IPS SSP gets its clock from the ASA.

We introduced or modified the following screens:
Wizards > Startup Wizard > IPS Basic Configuration
Wizards > Startup Wizard > Auto Update
Wizards > Startup Wizard > Time Zone and Clock Configuration