Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500-X Series Quick Start Guide

  • Viewing Options

  • EPUB (247.4 KB)
  • MOBI (280.1 KB)
  • PDF (1.2 MB)
  • Feedback

Table of Contents

Cisco ASA 5500-X Series

Package Contents

ASA 5512-X, ASA 5515-X, or ASA 5525-X

ASA 5545-X and ASA 5555-X

Powering On the ASA

Connecting Interface Cables and Verifying Connectivity

Launching ASDM

Running the Startup Wizard

(Optional) Allowing Access to Public Servers Behind the ASA

(Optional) Running VPN Wizards

(Optional) Running Other Wizards in ASDM

Advanced Configuration

Quick Start Guide

Cisco ASA 5500-X Series

ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Package Contents

Powering On the ASA

Connecting Interface Cables and Verifying Connectivity

Launching ASDM

Running the Startup Wizard

(Optional) Allowing Access to Public Servers Behind the ASA

(Optional) Running VPN Wizards

(Optional) Running Other Wizards in ASDM

Advanced Configuration

Regulatory Compliance and Safety Information

Read the safety warnings in the Regulatory Compliance and Safety Information (RCSI), and follow proper safety procedures when performing the steps in this guide. See http://www.cisco.com/go/asadocs for links to the RCSI and other documents.

Revised: May 1, 2014

Package Contents

This section lists the package contents of each chassis. Note that contents are subject to change, and your exact contents might contain additional or fewer items.

ASA 5512-X, ASA 5515-X, or ASA 5525-X

 

 

1

ASA 5512-X, ASA 5515-X, or ASA 5525-X Chassis

2

Blue Console Cable and Serial PC Terminal Adapter (DB-9 to RJ-45)

3

Power Cord

4

Power Cord Retainer

5

4 10-32 Phillips Screws for rack mounting

6

4 12-24 Phillips Screws for rack mounting

7

4 M6 Phillips Screws for rack mounting

ASA 5545-X and ASA 5555-X

 

 

1

ASA 5545-X or ASA 5555-X Chassis (one power supply shown)

2

Blue Console Cable and Serial PC Terminal Adapter (DB-9 to RJ-45)

3

Power Cord

4

Power Cord Retainer

5

Slide Rail Kit

Powering On the ASA


Step 1 Attach the power cable to the ASA and connect it to an electrical outlet.

The power turns on automatically when you plug in the power cable; do not press the power button on the front panel. (For older models, the power does not turn on automatically; check the hardware installation guide for more information).

Step 2 Check the Power LED on the front of the ASA; if it is solid green, the device is powered on.

Step 3 Check the Status LED on the front of the ASA; after it is solid green, the system has passed power-on diagnostics.


 

Connecting Interface Cables and Verifying Connectivity


Step 1 Connect a management PC to the Management 0/0 interface for use with the Adaptive Security Device Manager (ASDM).You can connect the PC directly with an Ethernet cable, or connect the PC and the ASA to the same management network. Make sure the PC is configured to obtain an IP address using DHCP.

If you want to use the CLI, connect your PC to the console port, and see the CLI configuration guide for more information.

Step 2 Connect your networks to the appropriate ports.

 

 

1

(Optional) I/O Card. If you have a fiber I/O card, you need to use SFP modules (not included). See the hardware installation guide for information.

2

Management 0/0 interface (RJ-45)

Step 3 Check the LINK/ACT indicators to verify interface connectivity.


 

Launching ASDM

The ASA ships with a default configuration that enables ASDM connectivity to the Management 0/0 interface. Using ASDM, you can use wizards to configure basic and advanced features. ASDM is a graphical user interface that allows you to manage the ASA from any location by using a web browser.

See the ASDM release notes on Cisco.com for the requirements to run ASDM.


Step 1 On the PC connected to the ASA, launch a web browser.

Step 2 In the Address field, enter the following URL: https://192.168.1.1/admin . The Cisco ASDM web page appears.

 

Step 3 Click Run Startup Wizard .

Step 4 Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears.

Step 5 Leave the username and password fields empty, and click OK . The main ASDM window appears and the Startup Wizard opens.


 

Running the Startup Wizard

Run the Startup Wizard to modify the default configuration so that you can customize the security policy to suit your deployment. Using the startup wizard, you can set the following:

  • Hostname
  • Domain name
  • Administrative passwords
  • Interfaces
  • IP addresses
  • Static routes
  • DHCP server
  • Network address translation rules
  • and more...

 


Step 1 If the wizard is not already running, in the main ASDM window, choose Wizards > Startup Wizard .

Step 2 Follow the instructions in the Startup Wizard to configure your ASA.

Step 3 While running the wizard, you can accept the default settings or change them as required. (For information about any wizard field, click Help .)


 

(Optional) Allowing Access to Public Servers Behind the ASA

The Public Server pane automatically configures the security policy to make an inside server accessible from the Internet. As a business owner, you might have internal network services, such as a web and FTP server, that need to be available to an outside user. You can place these services on a separate network behind the ASA, called a demilitarized zone (DMZ). By placing the public servers on the DMZ, any attacks launched against the public servers do not affect your inside networks.

 


Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers . The Public Server pane appears.

Step 2 Click Add , then enter the public server settings in the Add Public Server dialog box. (For information about any field, click Help .)

Step 3 Click OK . The server appears in the list.

Step 4 Click Apply to submit the configuration to the ASA.


 

(Optional) Running VPN Wizards

You can configure VPN using the following wizards:

  • Site-to-Site VPN Wizard—Creates an IPsec site-to-site tunnel between two ASAs.
  • AnyConnect VPN Wizard—Configures SSL VPN remote access for the Cisco AnyConnect VPN client. AnyConnect provides secure SSL connections to the ASA for remote users with full VPN tunneling to corporate resources. The ASA policy can be configured to download the AnyConnect client to remote users when they initially connect via a browser. With AnyConnect 3.0 and later, the client can run either the SSL or IPsec IKEv2 VPN protocol.
  • Clientless SSL VPN Wizard—Configures clientless SSL VPN remote access for a browser. Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN tunnel to the ASA using a web browser. After authentication, users access a portal page and can access specific, supported internal resources. The network administrator provides access to resources by users on a group basis. ACLs can be applied to restrict or allow access to specific corporate resources.
  • IPsec (IKEv1) Remote Access VPN Wizard—Configures IPsec VPN remote access for the Cisco IPsec client.

 


Step 1 In the main ASDM window, choose Wizards > VPN Wizards , then choose one of the following:

    • Site-to-Site VPN Wizard
    • AnyConnect VPN Wizard
    • Clientless VPN Wizard
    • IPsec (IKEv1) Remote Access VPN Wizard

Step 2 Follow the wizard instructions. (For information about any wizard field, click Help .)


 

(Optional) Running Other Wizards in ASDM

You can optionally run the following additional wizards in ASDM:

  • High Availability and Scalability Wizard

Configure active/active or active/standby failover, or VPN cluster load balancing.

  • Unified Communications Wizard

Configure a proxy on the ASA for remote access or business-to-business communications. (Special licenses may apply. See the CLI configuration guide for information about ASA licensing.)

  • Packet Capture Wizard

Configure and run packet capture. The wizard will run one packet capture on each of the ingress and egress interfaces. After capturing packets, you can save the packet captures to your PC for examination and replay in the packet analyzer.

Advanced Configuration

To continue configuring your ASA, see the documents available for your software version at: http://www.cisco.com/go/asadocs