Table of Contents
Read the safety warnings in the Regulatory Compliance and Safety Information (RCSI), and follow proper safety procedures when performing the steps in this guide. See http://www.cisco.com/go/asadocs for links to the RCSI and other documents.
Power Cable (US Shown)1
1.The ASA 5585-X with SSP-10, SSP-20, or SSP-40 ships with one power supply module installed and one power cable. The ASA 5585-X with SSP-60, ships with two power supply modules installed and two power cables.
The ASA 5585-X comes with a core SSP that is installed in slot 0. The content of the other slot (slot 1) varies depending on how you ordered your ASA. For software compatibility information and guidelines for modules and SSPs, see Cisco ASA Compatibility.
Step 1 Connect a management PC to the core SSP Management 0/0 interface for use with the Adaptive Security Device Manager (ASDM).You can connect the PC directly with an Ethernet cable, or connect the PC and the ASA to the same management network. Make sure the PC is configured to obtain an IP address using DHCP.
Step 2 Connect your networks to the appropriate interfaces. If you are using the fiber interfaces, you need an SFP+ module for 10-Gigabit Ethernet (a license may be required) or an SFP module for Gigabit Ethernet. (SFP or SFP+ modules are not included.)
For example, if you install a second SSP in slot 1, you must manage each SSP separately: repeat Step 1 through Step 3. For an IPS SSP, all non-management interfaces belong to the ASA while the management interfaces belong to the IPS SSP.
The ASA ships with a default configuration that enables ASDM connectivity to the Management 0/0 interface. Using ASDM, you can use wizards to configure basic and advanced features. ASDM is a graphical user interface that allows you to manage the ASA from any location by using a web browser.
The Public Server pane automatically configures the security policy to make an inside server accessible from the Internet. As a business owner, you might have internal network services, such as a web and FTP server, that need to be available to an outside user. You can place these services on a separate network behind the ASA, called a demilitarized zone (DMZ). By placing the public servers on the DMZ, any attacks launched against the public servers do not affect your inside networks.
- Site-to-Site VPN Wizard—Creates an IPsec site-to-site tunnel between two ASAs.
- AnyConnect VPN Wizard—Configures SSL VPN remote access for the Cisco AnyConnect VPN client. AnyConnect provides secure SSL connections to the ASA for remote users with full VPN tunneling to corporate resources. The ASA policy can be configured to download the AnyConnect client to remote users when they initially connect via a browser. With AnyConnect 3.0 and later, the client can run either the SSL or IPsec IKEv2 VPN protocol.
- Clientless SSL VPN Wizard—Configures clientless SSL VPN remote access for a browser. Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN tunnel to the ASA using a web browser. After authentication, users access a portal page and can access specific, supported internal resources. The network administrator provides access to resources by users on a group basis. ACLs can be applied to restrict or allow access to specific corporate resources.
- IPsec (IKEv1) Remote Access VPN Wizard—Configures IPsec VPN remote access for the Cisco IPsec client.
Configure and run packet capture. The wizard will run one packet capture on each of the ingress and egress interfaces. After capturing packets, you can save the packet captures to your PC for examination and replay in the packet analyzer.
To continue configuring your ASA, see the documents available for your software version at: http://www.cisco.com/go/asadocs