How to Setup a Basic Firewall on a Cisco ASA 5505

  • en
  • config t
  • write erase
  • config factory-default (space through all the pages)
  • reload (Don’t save current config)
  • Say no to interactive prompts
  • en (There’s no password)
  • config t
  • enable password [specify enable password]
  • hostname [Your Hostname]
  • interface vlan 1
    • description [VLAN 1 free-form description]
    • security-level 0
    • nameif outside
    • ip address [public ip] [mask] (If you’re using DHCP, replace with “ip address dhcp setroute”)
  • interface vlan 2
    • description [VLAN 2 free-form description]
    • security-level 100
    • ip address [internal ip] [mask]
    • nameif inside
  • interface ethernet0/0
    • description [Insert description]
    • switchport access vlan 1
    • no shutdown
  • interface ethernet0/1
    switchport access vlan 2
    no shutdown
    interface ethernet0/2
    switchport access vlan 2
    no shutdown
    interface ethernet0/3
    switchport access vlan 2
    no shutdown
    interface ethernet0/4
    switchport access vlan 2
    no shutdown
    interface ethernet0/5
    switchport access vlan 2
    no shutdown
    interface ethernet0/6
    switchport access vlan 2
    no shutdown
    interface ethernet0/7
    switchport access vlan 2
    no shutdown
    show switch vlan
  • crypto key generate rsa modulus 1024 (type yes for confirmation)
  • ssh [network allowed to ssh] [mask] inside
  • ssh timeout 10
  • ssh version 2
  • username [specify username] password [specify password] privilege 15
  • aaa authentication ssh console LOCAL
  • show run ssh
  • route outside 0 0 [ISP Gateway] 1 (This setups the default route)
  • global (outside) 1 interface
  • nat (inside) 1 [IP address/network for PAT] [mask]
  • http server enable (requires port if accessing from outside)
  • http [Allow IP Address(s)] [Mask]
  • policy-map global_policy
    • class inspection_default
    • inspect icmp
  • end
  • wr m
  • reload
  • show running-config (To check that everything is ok)

Leave a Reply

Your email address will not be published. Required fields are marked *