Book 1: Cisco ASA Series General Operations ASDM Configuration Guide, 7.1
Using the Startup Wizard
Downloads: This chapterpdf (PDF - 125.0KB) The complete bookPDF (PDF - 24.25MB) | The complete bookePub (ePub - 6.65MB) | The complete bookMobi (Mobi - 8.66MB) | Feedback

Table of Contents

Using the Startup Wizard

Accessing the Startup Wizard

Licensing Requirements for the Startup Wizard

Guidelines and Limitations

Startup Wizard Screens

Starting Point or Welcome

Basic Configuration

Interface Screens

Interface Selection (ASA 5505)

Switch Port Allocation (ASA 5505)

Interface IP Address Configuration (ASA 5505, Routed Mode)

Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)

Outside Interface Configuration (ASA 5510 and Higher, Routed Mode)

Outside Interface Configuration - PPPoE (ASA 5510 and Higher, Routed Mode, Single Mode)

Management IP Address Configuration (Transparent Mode)

Other Interfaces Configuration (ASA 5510 and Higher)

Static Routes

Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)

DHCP Server

Address Translation (NAT/PAT)

Administrative Access

IPS Basic Configuration

ASA CX Basic Configuration (ASA 5585-X)

Time Zone and Clock Configuration

Auto Update Server (Single Mode)

Startup Wizard Summary

Feature History for the Startup Wizard

Using the Startup Wizard

The ASDM Startup Wizard guides you through the initial configuration of the ASA, and helps you define basic settings.

This chapter includes the following sections:

Accessing the Startup Wizard

To access this feature in the main ASDM application window, choose one of the following:

  • Wizards > Startup Wizard .
  • Configuration > Device Setup > Startup Wizard, and then click Launch Startup Wizard .

Licensing Requirements for the Startup Wizard

The following table shows the licensing requirements for this feature:

 

Model
License Requirement

All models

Base License.

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single mode and within a context in multiple context mode. This wizard is not supported in the System.

Firewall Mode Guidelines

Supported in routed and transparent firewall modes.

IPv6 Guidelines

Supports IPv6.

Startup Wizard Screens

The actual sequence of screens is determined by your specified configuration selections. Each screen is available for all modes or models unless otherwise noted. This section includes the following topics:

Starting Point or Welcome

  • To change the existing configuration, click the Modify existing configuration radio button.
  • To set the configuration to the factory default values, click the Reset configuration to factory defaults radio button.

To configure the IP address and subnet mask of the Management 0/0 (ASA 5510 and higher) or VLAN 1 (ASA 5505) interface to be different from the default value (192.168.1.1), check the Configure the IP address of the management interface check box.


Note If you reset the configuration to factory defaults, you cannot undo these changes by clicking Cancel or by closing this screen.


In multiple context mode, this screen does not contain any parameters.

Basic Configuration

Interface Selection (ASA 5505)

This screen lets you group the eight, Fast Ethernet switch ports on the ASA 5505 into three VLANs. These VLANs function as separate, Layer 3 networks. You can then choose or create the VLANs that define your network—one for each interface: Outside, Inside, or DMZ (DMZ is available in routed mode only). A DMZ is a separate network located in the neutral zone between a private (inside) network and a public (outside) network.

See the “Configuring VLAN Interfaces” section for more information.

Switch Port Allocation (ASA 5505)

This screen lets you allocate switch ports to Outside, Inside, or DMZ interfaces (DMZ is only available in routed mode). By default, all switch ports are assigned to VLAN 1 (Inside).

See the “Configuring VLAN Interfaces” section for more information.

Interface IP Address Configuration (ASA 5505, Routed Mode)

Configure the IP address of each VLAN interface. See the “Configuring General Interface Parameters” section for more information..

Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)

Configure the PPoE settings for each interface. See the “PPPoE IP Address and Route Settings” section for more information.

Outside Interface Configuration (ASA 5510 and Higher, Routed Mode)

Outside Interface Configuration - PPPoE (ASA 5510 and Higher, Routed Mode, Single Mode)

Configure the PPoE settings for the outside interface. See the “PPPoE IP Address and Route Settings” section for more information.

Management IP Address Configuration (Transparent Mode)

For IPv4, a management IP address is required for each bridge group for both management traffic and for traffic to pass through the ASA. This screen sets the IP address for BVI 1.

See the “Configuring Bridge Groups” section for more information.

Other Interfaces Configuration (ASA 5510 and Higher)

Static Routes

Configure static routes. See “Configuring Static and Default Routes,” for more information.


Note For the ASA 5505, to access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration.


Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)

The ASA can act as an Easy VPN remote device to enable deployment of VPNs to remote locations. See the “Easy VPN Remote” section in the VPN configuration guide.


Note To access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration and unchecked the Enable Auto Update check box in Auto Update Server (Single Mode).


DHCP Server

Configure the DHCP server. See the “Configuring the DHCP Server” section for more information.

Address Translation (NAT/PAT)

Configures NAT or PAT for inside addresses (the interface with the highest security level) when accessing the outside (the interface with the lowest security level). See the “Configuring Dynamic NAT or Dynamic PAT Using a PAT Pool” section or the “Configuring Dynamic PAT (Hide)” section in the firewall configuration guide for more information.

Administrative Access

IPS Basic Configuration

In single context mode, you can use the Startup Wizard in ASDM to configure basic IPS network configuration. These settings are saved to the IPS configuration, not the ASA configuration. See the “Configuring Basic IPS Module Network Settings” section in the firewall configuration guide.

ASA CX Basic Configuration (ASA 5585-X)

You can use the Startup Wizard in ASDM to configure the ASA CX management address and Auth Proxy Port. These settings are saved to the ASA CX configuration, not the ASA configuration. Note : You will also need to set additional network settings at the ASA CX CLI. See the “(ASA 5585-X) Changing the ASA CX Management IP Address” section in the firewall configuration guide for information about this screen.

Time Zone and Clock Configuration

Configure the clock parameters. See the “Setting the Date and Time” section for more information.

Auto Update Server (Single Mode)

  • Configure an auto update server by checking the Enable Auto Update Server for ASA check box. See the “Configuring Auto Update” section for more information.
  • If you have an IPS module, you can check the Enable Signature and Engine Updates from Cisco.com check box. Set the following additional parameters:

Enter your Cisco.com username and password, and then confirm the password.

Enter the start time in hh:mm:ss format, using a 24-hour clock.


Note For the ASA 5505, to access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration.


Startup Wizard Summary

This screen summarizes all of the configuration settings that you have made for the ASA.

  • To change any of the settings in previous screens, click Back.
  • Choose one of the following:

If you ran the Startup Wizard directly from a browser, when you click Finish , the configuration settings that you created through the wizard are sent to the ASA and saved in flash memory automatically.

If you ran the Startup Wizard from within ASDM, you must explicitly save the configuration in flash memory by choosing File > Save Running Configuration to Flash .

Feature History for the Startup Wizard

Table 7-1 lists each feature change and the platform release in which it was implemented. ASDM is backwards-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.

 

Table 7-1 Feature History for the Startup Wizard

Feature Name
Platform Releases
Feature Information

Startup Wizard

7.0(1)

This feature was introduced.

We introduced the Wizards > Startup Wizard screen.

IPS Configuration

8.4(1)

For the IPS module, the IPS Basic Configuration screen was added to the startup wizard. Signature updates for the IPS module were also added to the Auto Update screen. The Time Zone and Clock Configuration screen was added to ensure the clock is set on the ASA; the IPS module gets its clock from the ASA.

We introduced or modified the following screens:
Wizards > Startup Wizard > IPS Basic Configuration
Wizards > Startup Wizard > Auto Update
Wizards > Startup Wizard > Time Zone and Clock Configuration