Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500-X Series Quick Start Guide

  • Viewing Options

  • PDF (1.0 MB)
  • Feedback

Table of Contents

Cisco ASA 5500-X Series Quick Start Guide

1. Package Contents

2. Power On the ASA

3. Modify the Initial Configuration for the Software Module (Optional)

4. Launch ASDM

5. Run ASDM Wizards and Advanced Configuration

Cisco ASA 5500-X Series Quick Start Guide

For the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Updated: February 18, 2015

1. Package Contents

This section lists the package contents of each chassis. Note that contents are subject to change, and your exact contents might contain additional or fewer items.

ASA 5512-X, ASA 5515-X, or ASA 5525-X

 

 

1

ASA 5512-X, ASA 5515-X, or ASA 5525-X Chassis

2

Blue Console Cable and Serial PC Terminal Adapter (DB-9 to RJ-45)

3

Power Cord

4

Power Cord Retainer

5

4 10-32 Phillips Screws for rack mounting

6

4 12-24 Phillips Screws for rack mounting

7

4 M6 Phillips Screws for rack mounting

ASA 5545-X and ASA 5555-X

 

 

1

ASA 5545-X or ASA 5555-X Chassis (one power supply shown)

2

Blue Console Cable and Serial PC Terminal Adapter (DB-9 to RJ-45)

3

Power Cord

4

Power Cord Retainer

5

Slide Rail Kit

2. Power On the ASA

1. Attach the power cable to the ASA and connect it to an electrical outlet.

The power turns on automatically when you plug in the power cable; do not press the power button on the front panel. (For older models, the power does not turn on automatically; check the hardware installation guide for more information).

2. Check the Power LED on the front of the ASA; if it is solid green, the device is powered on.

3. Check the Status LED on the front of the ASA; after it is solid green, the system has passed power-on diagnostics.

3. Modify the Initial Configuration for the Software Module (Optional)

The ASA ships with a default configuration that enables Adaptive Security Device Manager (ASDM) connectivity to the Management 0/0 interface. When you use a software module such as the ASA FirePOWER module, we recommend that you do not use the default configuration, which can preclude the module from reaching the Internet for updates. This section describes how to apply a new configuration so the module can access the Internet. This configuration also enables a basic usable configuration for an inside and outside network.

The following figure shows the suggested network deployment for the ASA 5500-X with a software module:

 

Note: If you have an inside router instead of a switch, you can skip this section and instead configure the ASA to route between management and an inside network. In this case, configure the ASA and the module Management 0/0 IP addresses to be on the same network. Be sure to configure appropriate routes on the ASA and on the module so the management network can reach the inside network, and vice versa.

This procedure lets you connect to the ASA console port and paste in a new configuration that configures the following behavior:

  • inside --> outside traffic flow
  • outside IP address from DHCP
  • DHCP for clients on inside
  • Management 0/0 interface is Up, but otherwise unconfigured. The software module can then use this interface to access the ASA inside network and use the inside interface as the gateway to the Internet.
  • ASDM access on the inside interface

To achieve the above configuration, perform the following steps.

Procedure

1. Connect your computer to the ASA console port with the supplied console cable. You might need to use a third party serial-to-USB cable to make the connection.

2. Launch a terminal emulator and connect to the ASA.

3. Press the Enter key to see the following prompt:

ciscoasa>

4. Access privileged EXEC mode:

enable

The following prompt appears:

Password:

5. Press Enter. By default, the password is blank.

6. Access global configuration mode:

configure terminal

7. Clear the configuration:

clear configure all

8. Copy and paste the following configuration at the prompt:

interface gigabitethernet0/0
nameif outside
ip address dhcp setroute
no shutdown
interface gigabitethernet0/1
nameif inside
ip address 192.168.1.1 255.255.255.0
security-level 100
no shutdown
interface management0/0
no shutdown
object network obj_any
subnet 0 0
nat (any,outside) dynamic interface
http server enable
http 192.168.1.0 255.255.255.0 inside
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational

9. Save the new configuration:

write memory

10. Cable the inside GigabitEthernet 0/1 interface, Management 0/0 interface, and your computer to a Layer 2 Ethernet switch.

11. Connect the outside GigabitEthernet 0/0 interface to your upstream router or WAN device.

12. For software module configuration, see the ASA FirePOWER quick start guide, ASA CX quick start guide, or IPS quick start guide. Use the following network settings for the module:

Management interface: 192.168.1.2

Management subnet mask: 255.255.255.0

Gateway IP: 192.168.1.1

4. Launch ASDM

Using ASDM, you can use wizards to configure basic and advanced features. ASDM is a graphical user interface that allows you to manage the ASA using a web browser. See the ASDM release notes on Cisco.com for the requirements to run ASDM.

Procedure

1. On the computer connected to the ASA, launch a web browser. If you are using the default configuration and did not use 3. Modify the Initial Configuration for the Software Module (Optional), you need to connect the computer to the Management 0/0 interface.

2. In the Address field, enter the following URL: https://192.168.1.1/admin. The Cisco ASDM web page appears.

3. Click one of the available options: Install ASDM Launcher, Run ASDM, or Run Startup Wizard.

4. Follow the onscreen instructions to launch ASDM according to the option you chose. The Cisco ASDM-IDM Launcher appears.

5. Leave the username and password fields empty, and click OK. The main ASDM window appears.

5. Run ASDM Wizards and Advanced Configuration

ASDM includes many wizards to configure your security policy. See the Wizards menu for all available wizards, including the Startup Wizard for initial deployment. To continue configuring your ASA, see the documents available for your software version at Navigating the Cisco ASA Series Documentation.

© 2015 Cisco Systems, Inc. All rights reserved.