I’ve just starred a new item in Google Reader
The Cisco ASA 5505 is great for small to medium businesses. Below are the steps you will have to complete to configure your ASA to communicate with the internet. There are many more steps, options, and features to these devices (which later there will be more articles in regards to some of these features).
Bring your device into configuration mode
318ASA>en
Brings the device into enable mode
318ASA#config t
Change to configuration terminal mode
318ASA(config)#
The ASA is now ready to be configured when you see (config)#Configure the internal interface VLAN (ASA’s use VLAN’s for added security by default)
318ASA(config)# interface Vlan 1Configure interface VLAN 1
318ASA(config-if)# nameif inside
Name the interface inside
318ASA(config-if)#security-level 100
Set’s the security level to 100
318ASA(config-if)#ip address 192.168.5.1 255.255.255.0
Assign your IP address
318ASA(config-if)#no shut
Make sure the interface is enabled and activeConfigure the external interface VLAN (This is your WANinternet connection)
318ASA(config)#interface Vlan 2
Creates the VLAN2 interface
318ASA(config-if)# nameif outside
Name’s the interface outside
318ASA(config-if)#security-level 0
Assigns the most strict security level to the outside interface (lower the number the higher the security).
318ASA(config-if)#ip address 76.79.219.82 255.255.255.0
Assign your Public Address to the outside interface
318ASA(config-if)#no shut
Enable the outside interface to be active.Enable and assign the external WAN to Ethernet 0/0 using VLAN2
318ASA(config)#interface Ethernet0/0
Go to the Ethernet 0/0 interface settings
318ASA(config-if)#switchport access vlan 2
Assign the interface to use VLAN2
318ASA(config-if)#no shut
Enable the interface to be active.Enable and assign the internal LAN interface Ethernet 0/1 (note ports 0/1-0/7 act as a switch but all interfaces are disabled by default).
318ASA(config)#interface Ethernet0/1
Go to the Ethernet 0/1 interface settings
318ASA(config-if)#no shut
Enable the interface to be active.
If you need multiple LAN ports you can do the same for Ethernet0/2 to 0/7.To have traffic route from LAN to WAN you must configure Network Address Translation on the outside interface
318ASA(config)#global (outside) 1 interface
318ASA(config)#nat (inside) 1 0.0.0.0 0.0.0.0***NOTE for ASA Version 8.3 and later***
Cisco announced the new Cisco ASA software version 8.3. This version introduces several important configuration changes, especially on the NAT/PAT mechanism. The “global” command is no longer supported. NAT (static and dynamic) and PAT are configured under network objects. The PAT configuration below is for ASA 8.3 and later:
318ASA(config)#nat (inside,outside) dynamic interface
For more info you can reference this article from Cisco with regards to the changes – http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.htmlConfigure the default route (for this example default gateway is 76.79.219.81)
318ASA(config)#route outside 0.0.0.0 0.0.0.0 76.79.219.81 2 1Last but not least verify and save your configurations. If you do not save your configurations you will have to.
Verify your settings are working. Once you have verified your configurations write to memory to save the configuration. If you do not write to memory your configurations will be lost upon the next reboot.
318ASA(config)#wr mem
from 318 Tech Journal http://techjournal.318.com http://techjournal.318.com/general-technology/configuring-a-cisco-asa-5505-with-the-basics/