Table Of Contents
Quick Start Guide
Cisco ASA 5500-X Series
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X
Regulatory Compliance and Safety Information
Read the safety warnings in the Regulatory Compliance and Safety Information (RCSI), and follow proper safety procedures when performing the steps in this guide. See http://www.cisco.com/go/asadocs for links to the RCSI and other documents.Revised: October 30, 2013
1 Powering On the ASA
Step 1 Attach the power cable to the ASA and connect it to an electrical outlet.
The power turns on automatically when you plug in the power cable; do not press the power button on the front panel. (For older models, the power does not turn on automatically; check the hardware installation guide for more information).
Step 2 Check the Power LED on the front of the ASA; if it is solid green, the device is powered on.
Step 3 Check the Status LED on the front of the ASA; after it is solid green, the system has passed power-on diagnostics.
2 Connecting Interface Cables and Verifying Connectivity
Step 1 Connect a management PC to the Management 0/0 interface for use with the Adaptive Security Device Manager (ASDM).You can connect the PC directly with an Ethernet cable, or connect the PC and the ASA to the same management network. Make sure the PC is configured to obtain an IP address using DHCP.
If you want to use the CLI, connect your PC to the console port, and see the CLI configuration guide for more information.
Step 2 Connect your networks to the appropriate ports.
(Optional) I/O Card. If you have a fiber I/O card, you need to use SFP modules (not included). See the hardware installation guide for information.
Management 0/0 interface (RJ-45)
Step 3 Check the LINK/ACT indicators to verify interface connectivity.
3 Launching ASDM
The ASA ships with a default configuration that enables ASDM connectivity to the Management 0/0 interface. Using ASDM, you can use wizards to configure basic and advanced features. ASDM is a graphical user interface that allows you to manage the ASA from any location by using a web browser.
See the ASDM release notes on Cisco.com for the requirements to run ASDM.
Step 1 On the PC connected to the ASA, launch a web browser.
Step 2 In the Address field, enter the following URL: https://192.168.1.1/admin. The Cisco ASDM web page appears.
Step 3 Click Run Startup Wizard.
Step 4 Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears.
Step 5 Leave the username and password fields empty, and click OK. The main ASDM window appears and the Startup Wizard opens.
4 Running the Startup Wizard
Run the Startup Wizard to modify the default configuration so that you can customize the security policy to suit your deployment. Using the startup wizard, you can set the following:
•Network address translation rules
Step 1 If the wizard is not already running, in the main ASDM window, choose Wizards > Startup Wizard.
Step 2 Follow the instructions in the Startup Wizard to configure your ASA.
Step 3 While running the wizard, you can accept the default settings or change them as required. (For information about any wizard field, click Help.)
5 (Optional) Allowing Access to Public Servers Behind the ASA
The Public Server pane automatically configures the security policy to make an inside server accessible from the Internet. As a business owner, you might have internal network services, such as a web and FTP server, that need to be available to an outside user. You can place these services on a separate network behind the ASA, called a demilitarized zone (DMZ). By placing the public servers on the DMZ, any attacks launched against the public servers do not affect your inside networks.
Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The Public Server pane appears.
Step 2 Click Add, then enter the public server settings in the Add Public Server dialog box. (For information about any field, click Help.)
Step 3 Click OK. The server appears in the list.
Step 4 Click Apply to submit the configuration to the ASA.
6 (Optional) Running VPN Wizards
You can configure VPN using the following wizards:
•Site-to-Site VPN Wizard—Creates an IPsec site-to-site tunnel between two ASAs.
•AnyConnect VPN Wizard—Configures SSL VPN remote access for the Cisco AnyConnect VPN client. AnyConnect provides secure SSL connections to the ASA for remote users with full VPN tunneling to corporate resources. The ASA policy can be configured to download the AnyConnect client to remote users when they initially connect via a browser. With AnyConnect 3.0 and later, the client can run either the SSL or IPsec IKEv2 VPN protocol.
•Clientless SSL VPN Wizard—Configures clientless SSL VPN remote access for a browser. Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN tunnel to the ASA using a web browser. After authentication, users access a portal page and can access specific, supported internal resources. The network administrator provides access to resources by users on a group basis. ACLs can be applied to restrict or allow access to specific corporate resources.
•IPsec (IKEv1) Remote Access VPN Wizard—Configures IPsec VPN remote access for the Cisco IPsec client.
Step 1 In the main ASDM window, choose Wizards > VPN Wizards, then choose one of the following:
•Site-to-Site VPN Wizard
•AnyConnect VPN Wizard
•Clientless VPN Wizard
•IPsec (IKEv1) Remote Access VPN Wizard
Step 2 Follow the wizard instructions. (For information about any wizard field, click Help.)
7 (Optional) Running Other Wizards in ASDM
You can optionally run the following additional wizards in ASDM:
•High Availability and Scalability Wizard
Configure active/active or active/standby failover, or VPN cluster load balancing.
•Unified Communications Wizard
Configure a proxy on the ASA for remote access or business-to-business communications. (Special licenses may apply. See the CLI configuration guide for information about ASA licensing.)
•Packet Capture Wizard
Configure and run packet capture. The wizard will run one packet capture on each of the ingress and egress interfaces. After capturing packets, you can save the packet captures to your PC for examination and replay in the packet analyzer.
8 Advanced Configuration
To continue configuring your ASA, see the documents available for your software version at: http://www.cisco.com/go/asadocs