Skip to main content

HowTo: Basic ASA 5505 configuration

More
14 years 9 months ago #32338 by apit

Basic ASA (5505) configuration
Next time I will go into the more detailed configuration of an ASA.


Mr r0nni3,

Have you release the " detailed configuration of an ASA" version? Thanks a lot for the "Basic ASA (5505) configuration" version. Easy to understand.

Tq
More
14 years 9 months ago #32340 by r0nni3
no not yet im currently pretty busy with a network design/implementation/change. And on top of that i have my SNRS exam upcomming friday ^^;;

I'm still planning on making the other HowTo's but it can be a while.

Currently working as Cisco Engineer at Neon-Networking.

Certifications:
CCNA - Have it
CCNA Security - Have it
CCSP - Almost!!!!
CCIE Security - Not so far away dream
More
14 years 9 months ago #32342 by ZiPPy
r0nni3,

Focus on your SNRS exam first, then work on the ASA write-up. We will be here waiting for it.

Good luck on the exam!!


Cheers mate,

ZiPPy

ZiPPy
More
14 years 9 months ago #32351 by Chris
r0nni3,

Very nicely done! Simple and straight to the point! I don't see why we couldn't add this to the Cisco knowledgebase!

If you can build it up a bit more by adding a few more pointers (e.g access lists to get the NAT working but also define traffic we want to let through), we can then pass it through the technical editors and prepare to post it online!

This can be later on populated to include static outside IP address assignment with port forwarding and DMZ zone, making it a wonderful quick-guide for anyone who wants to quickly get an ASA up and running with basic functionality!

Let me know ronni3 if you would like to add the above so I can get the rest organised!

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
14 years 9 months ago #32354 by r0nni3
sure i can add those things but as Zippy said i'm gonna focus on my SNRS exam first ^^;

Currently working as Cisco Engineer at Neon-Networking.

Certifications:
CCNA - Have it
CCNA Security - Have it
CCSP - Almost!!!!
CCIE Security - Not so far away dream
More
14 years 9 months ago #32390 by KiLLaBeE
I know that the above configuration allows you to quickly setup the ASA, but is this quick configuration "secure" enough for quick release into a production environment?

As a test, I setup my network to simulate the "Internet" and LAN by connecting a single server to the outside interface (simulating the ISP DHCP & DNS server, and default gateway) and a few computers connected to the inside interfaces (simulating the local LAN). I was surprised when I noticed that when I pinged the external IP address from the outside server that I received a response. Though this isn't a huge deal, in a production environment it would reveal your availability on Internet. I was able to easily block ICMP packets on the outside interface but that got me wondering if other non-critical, but noteworthy features on the firewall need to be adjusted as well. I do plan on eventually getting a book on the ASA but for now I have to learn by trail and error and reading information here and there.

Thanks
Time to create page: 0.136 seconds