Cisco ASA Initial Configuration
- Configure the Management Interface
ASAv(config)# interface management 0/0
ASAv(config-if)# nameif MGMT
ASAv(config-if)# security-level 100
ASAv(config-if)# ip address 192.168.100.1 255.255.255.0
2. Configure DHCP Service for Management Interface
ASAv(config)# dhcpd address 192.168.100.100–192.168.100.200 MGMT
ASAv(config)# dhcpd enable MGMT
5. Enable SSH access on inside Interface
To configure SSH access to the device, we must first create a username and password to the local device.
Commands:
ASAv(config)# username admin password cisco123
ASAv(config)# aaa authentication ssh console LOCAL
ASAv(config)# crypto key generate rsa
ASAv(config)# ssh 192.168.100.0 255.255.255.0 MGMT
TEST from the Management PC:
3. Configure the Inside interface
In order for a Cisco ASA interface to work, three things must be configured, the name of the interface, the security level, and the IP address.
Commands:
ASAv(config)# interface g0/0
ASAv(config-if)# nameif inside
INFO: Security level for “inside” set to 100 by default.
ASAv(config-if)# ip address 192.168.10.1 255.255.255.0
ASAv(config-if)# no shut
4. Configure DHCP Service for Inside Interface
Commands:
ASAv(config)# dhcpd address 192.168.10.100–192.168.10.200 inside
ASAv(config)# dhcpd enable inside
TEST:
From the VPC and Linux machine, set the IP address as DHCP, and as you can see from the image below, we got an IP address within the range that we defined on our dhcp address.
6. Configure Outside interface
ASAv(config)# interface g0/1
ASAv(config-if)# nameif outside
ASAv(config-if)# ip address 172.16.32.1 255.255.255.252
ASAv(config-if)# no shut
7. Configure default route
ASAv(config)# route outside 0 0 172.16.32.2
TEST Connectivity from ASA to Router
ASAv(config)# ping 172.16.32.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.32.2, timeout is 2 seconds:
!!!!!
8. Configure Port Address translation for Inside Network
ASAv(config)# object-group network Inside_Network
ASAv(config-network-object-group)# network-object 192.168.10.0 255.255.255.0
ASAv(config)# nat (inside,outside) source dynamic Inside_Network interface
9. Enable ICMP Traffic
Commands:
ASAv(config)# access-list ICMP permit icmp any any
ASAv(config)# access-group ICMP global
Test ICMP Traffic from VPC to Router:
VPCS> ping 172.16.32.2
84 bytes from 172.16.32.2 icmp_seq=1 ttl=255 time=23.759 ms
^C
VPCS>
ASAv(config)# show xlate
1 in use, 11 most used
Flags: D — DNS, e — extended, I — identity, i — dynamic, r — portmap,
s — static, T — twice, N — net-to-net
NAT from outside:0.0.0.0/0 to inside:0.0.0.0/0
flags sIT idle 0:00:53 timeout 0:00:00
ASAv(config)# show xlate
2 in use, 11 most used
Flags: D — DNS, e — extended, I — identity, i — dynamic, r — portmap,
s — static, T — twice, N — net-to-net
NAT from outside:0.0.0.0/0 to inside:0.0.0.0/0
flags sIT idle 0:00:00 timeout 0:00:00
ICMP PAT from inside:192.168.10.100/59162 to outside:172.16.32.1/59162 flags ri idle 0:00:00 timeout 0:00:30
Thank you! If you have learned something kindly give me a clap! :)
