Configure the PIX Security Appliance with Adaptive Security Device Manager

Step 1:   SMB Support Assistant Site Survey     Step 2:   Set Up Your PIX Security Appliance Hardware     Step 3:   Prepare to Configure Your PIX Security Appliance     Step 4:   Configure the PIX Security Appliance with PIX Device Manager     Step 5:  Configure the PIX Security Appliance with Adaptive Security Device Manager                       Introduction                       Requirements                       Connect to the PIX                            Change the IP Address on the PC                            Connect with ASDM                            Verify License                       Configure the PIX                            Create an Administrative Account                            Configure a Time Server                            Enable Access                            Complete the Startup Wizard                            Add an ACL Rule                            Configure for Telnet access                            Configure for SSH access                            Disconnect from the PIX                       Next Step                       Troubleshoot the Procedure                       Related Information     Step 6:   Set Up Internet Security on the PIX Security Appliance

Download PDF   Step 5: Configure the PIX Security Appliance with Adaptive Security Device Manager    Set Up Your PIX Security Appliance

Introduction

This document provides instructions on how to configure your PIX 515 and PIX 515E security appliance with Adaptive Security Device Manager (ASDM). This document is based on ASDM version 5.2 and PIX version 7.2.

Back to Top

Requirements

This section lists the items that you need, to use the Adaptive Security Device Manager (ASDM) to access and configure your PIX:

• PIX 515/515E with at least 64 MB of RAM which runs PIX software version 7.0 or later and ASDM version 5.0 or later. To upgrade your PIX and ASDM software versions, refer to the Upgrade the Software Image on the PIX Security Appliance.

  Note: ASDM maintains compatibility across minor versions (for example, ASDM 5.2.1 works with PIX Versions 7.2.1 and 7.2.2, but ASDM Version 5.2.1 does not work with PIX Version 7.1.1). So, you can upgrade the platform image with the new ASDM version.

• Ensure that your PIX 515E/515E is connected properly to your PC. If you have not installed your PIX hardware, refer to Hardware Setup Procedure for the PIX Security Appliance for instructions.

• A straight-through Ethernet cable.

• Complete Prepare to Configure Your PIX Security Appliance document.

• Complete the Worksheets as instructed in the Site Survey namely:

  • Security Appliance Worksheet

  • Internet Worksheet

  • LAN Addressing Worksheet

Back to Top

Connect to the PIX

Follow these steps to connect to the PIX:

Change the IP Address on the PC

Your PC must have a compatible IP address in order to communicate with the PIX Security Appliance. Before you change your TCP/IP settings, make a note of your current settings.

1. In order to configure the IP address on your PC, select Start > Settings > Control Panel > Network and Dialup Connections.

2. Right-click on your network connection icon and select Properties from the shortcut menu.

3. Select Internet Protocol (TCP/IP) and click Properties.

4. Enter the IP address between 92.168.10.50 through 192.168.10.250 with a subnet mask of 255.255.255.0.

5. Refer to Configure an IP Address on Your PC for more instructions.

Connect with ASDM

ASDM is a browser-based tool designed to help you set up, configure, and monitor the PIX Security Appliance.

Follow these steps to connect to the PIX with ASDM:

1. Use a straight-over Ethernet cable to connect your PC to the inside port (Ethernet 1) on the rear panel of the PIX Security Appliance.

2. Check the ACT LED on the PIX front panel to verify that your PC has basic connectivity to the inside port-Ethernet 1. When connectivity occurs, the ACT LED on the front of the PIX lights up solid green.

3. Open a browser window and type https://192.168.10.1 in your browser address field. This IP address is found on line R12 of the Security Appliance Worksheet.

   Note: Ensure that you add the "s" to "https" to launch the web browser. HTTPS (HTTP over SSL) provides a secure connection between your browser and the PIX Security Appliance.

4. If your browser displays a security alert, click Yes to continue.

5. ASDM displays an authentication screen. Leave both the fields blank and click Ok.

   

6. On the Cisco ASDM 5.2 screen, click Run ASDM Applet.

   

7. If your browser displays a security alert, click Yes to continue.

8. If your browser displays a second password prompt, click Yes.

Verify License

Follow these steps to verify the license on your security appliance:

1. Click Home, and click the License tab.

   

2. If you have Unrestricted (UR) license in the Device information screen, you have additional configuration options that this document does not cover. Contact the SMB Technical Assistance Center (SMB TAC) for more information.

   Note: Unrestricted (UR) license allows you to install and use the maximum number of interfaces and RAM supported by the platform. Whereas, a Restricted (R) license limits the number of interfaces supported and the amount of RAM available within the system.

   Proceed to the next section Configure the PIX.

Back to Top

Configure the PIX

Follow these steps to configure the PIX:

Note: This procedure uses the public IP addresses 64.0.0.1 to 64.0.0.4 as examples. Be sure to replace any examples that contain 64.0.0.x addresses with public IP addresses that your ISP provides as entered in field B40 of the Internet Worksheet.

Create an Administrative Account

To create an administrative account to manage the PIX, follow these steps to enable login on the PIX:

1. Click Configuration.

   

2. Click Properties.

   

3. Click Device Administration > User Accounts.

   

   Note: If you use ASDM version 5.0, click Configuration > Device Administration > Administration > User Accounts to go to User Accounts.

4. On the User Accounts screen, click Add.

   

5. In the Add User Account window, enter these values:

   • Username: admin

   • Password: Enter the password from field R19 of the Security Appliance Worksheet.

   • Confirm Password: Re-type the password.

   • Privilege Level: 15

   

   Click OK.

6. Click Apply.

   Note: If the ASDM displays a login window, log in with the new username and password.

Configure a Time Server

Follow these steps to configure a time server on the security appliance:

1. Click Configuration.

   

2. Click Properties.

   

3. Click Device Administration > NTP.

   

   Note: If you use ASDM version 5.0, click Configuration > Device Administration > Administration > NTP to go to NTP.

4. On the NTP screen, click Add.

   

5. In the Add NTP Server Configuration window, enter these values:

   • IP Address: Enter the IP address of the router than you entered in field L6A of the LAN Addressing Worksheet.

   • Interface: Inside

   • Check the Preferred check box.

   • Leave the remaining fields blank.

   

   Click Ok.

   

   Click Apply.

Enable Access

Follow these steps to enable login to the PIX:

1. Click Configuration > Properties > Device Access > AAA Access.

   

   Note: If you use ASDM version 5.0, click Configuration > Device Administration > Administration > AAA Access to go to AAA Access.

2. In the Authentication tab of the Authentication/Authorization/Accounting screen, check the HTTP/ASDM check box, and select LOCAL from the Server Group list.

   

3. Click the Authorization tab, and check the Enable check box.

   

   Click Apply.

   

   The ASDM Defined User Roles Setup screen appears. Click No.

Complete the Startup Wizard

Follow these steps to complete the startup wizard in ASDM:

1. Click Wizards > Startup Wizard.

   

2. Select Modify existing configuration and click Next.

   

3. On the Basic Configuration screen, follow these steps:

   • In the PIX Host Name field, type the device name that you entered in field R1 of the Security Appliance Worksheet.

   • In the Domain Name field, enter the domain name that you entered in field B48 of the Internet Worksheet.

   • In the Privileged Mode (Enable) Password section, check Change privileged mode (enable) password.

   • Leave the Old Password field blank.

   • In the New Password and Confirm New Password fields, type the password from field R20 of the Security Appliance Worksheet.

     Note: If you have already created a password for the PIX, type that password in the Old Password field.

   

   Click Next.

4. Ensure that the Enable Auto Update check box is not checked.

   

   Note: If you use ASDM 5.0 or 5.1, you are not allowed to perform step 4.

   Click Next.

5. On the Outside Internet Configuration screen, follow these steps:

   • Click the Enable Interface button, and select Ethernet0 from the list.

   • In the IP Address section, select Use the following IP address option.

   • In the IP Address field, type the IP address that you specified in field R10 of the Security Appliance Worksheet.

   • In the Subnet mask field, select the mask associated with the IP address that your ISP provides. Ensure that this value matches the value in field B41 of the Internet Worksheet.

   

   Click Next.

6. In the Other Interfaces Configuration screen, click Next.

   

7. On the Static Routes screen, click Add.

   

   Note: If you use ASDM 5.0 or 5.1, you are not allowed to perform step 7,8 and 9.

8. In the Add Static Route window, enter these values:

   • Interface Name: Outside

   • IP Address: 0.0.0.0

   • Mask: 0.0.0.0

   • Gateway IP: Enter the ISP router IP Address that you entered in field R10 of the Security Appliance Worksheet.

   • Metric: 1

   

   Click OK.

   

   Click Next.

9. On the DHCP Server screen, follow these steps:

   1. Check Enable DHCP Server on the inside interface.

   2. Under DHCP Address Pool:

      • Next to Starting IP Address field, enter the starting range of the DHCP server pool from line L50A on the LAN Addressing Worksheet.

      • Next to Ending IP Address field, enter the ending range of the DHCP server pool from line L51A on the LAN Addressing Worksheet.

   3. Under DHCP Parameters:

      • Enter the IP address of the DNS server next to DNS Server 1 field, from line L4 on the LAN Addressing Worksheet.

      • Enter the IP address of the alternate DNS server next to DNS Server 2 field, from line L5 on the LAN Addressing Worksheet.

      • Enter the value 3600 next to Lease Length field.

      • Enter the domain name of the DNS server next to Domain Name field, from line B48 of the Internet Worksheet.

   

   Click Next.

10. On the Address Translation (NAT/PAT) screen:

    • Click the Use Port Address Translation (PAT) radio button.

    • Click Specify an IP address, and type the PAT IP address that you entered in field R13 of the Security Appliance Worksheet.

    

    Click Next.

11. On the Administrative Access screen, Click Add.

    

12. In the Add Administrative Access Entry window, enter these values:

    • Access Type: HTTPS/ASDM

    • Interface Name: default_vlan

    • IP Address: Enter the subnet from field L1A of the LAN Addressing Worksheet.

    • Subnet Mask: 255.255.255.0

    

    Click OK.

13. Click Next.

    

14. On the Startup Wizard Summary screen, click Finish.

    

Add an ACL Rule

Follow these steps to add an ACL rule to the incoming LAN interface of the PIX:

1. Click Security Policy.

   

2. Click the Access Rules tab, and click Add to add a new Access Rule.

   

3. Follow these steps in the Add Access Rule window:

   1. In the Interface and Action section, enter these values:

      • Interface: Inside

      • Direction: incoming

      • Action: Permit

   2. In the Source section, enter these values:

      • Type: Interface IP

      • Interface: Inside

   3. In the Destination section, select Any.

   4. In the Protocol and Service section, select IP.

   5. In the Description text box next to the Options section, enter a descriptive name for this rule.

   6. Use the default values in all other fields and click OK.

   

4. Click Apply.

   

5. Click Save to save your configuration.

   

6. Click Yes to confirm.

   

Configure for Telnet access

Follow these steps to configure for telnet:

1. Click Configuration.

   

2. Click Properties.

   

3. Click Device Access.

   

4. Click Telnet.

   

5. Click Add.

   

6. Select the interface and then type IP address and give subnet mask.

   

   Click OK.

7. Change the timeout from default 5 minutes if required and then click Apply.

   

Configure for SSH access

Follow these steps to configure for SSH:

1. Click Configuration.

   

2. Click Properties.

   

3. Click Device Access.

   

4. Click Secure Shell.

   

5. Click Add.

   

6. Select the interface and type IP address and give subnet mask.

   

   Click OK.

7. Change the timeout from default 5 minutes if required and then click on Apply.

   

Disconnect from the PIX

Follow these steps to disconnect from the PIX:

1. Disconnect the PC from the inside port (Ethernet 1) of the PIX.

2. Connect a straight-over Ethernet cable from inside port (Ethernet 1) of the PIX to port 4 of the Root Switch.

Back to Top

Next Step

You have now configured your PIX security appliance.

To make further changes to the PIX, refer to the Security Appliance Support Page.

To configure other devices in your network, refer to the Configuration Overview Page.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Related Information

• Site Survey
• Create a HyperTerminal Connection
• Set Up Your PIX Security Appliance Hardware
• Cable Descriptions