Cisco ASA Series Getting Started
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Firewall
  5. Cisco ASA Series
  6. Getting started
Cisco ASA Series Getting Started

Cisco ASA Series Getting Started

Hide thumbs Also See for Cisco ASA Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual

Getting Started

This chapter describes how to get started with your Cisco ASA.
Access the Console for the Command-Line Interface
For initial configuration, access the CLI directly from the console port. Later, you can configure remote access
using Telnet or SSH according to
then accessing the console port places you in the system execution space.
Note
For ASAv console access, see the ASAv quick start guide.
Access the Appliance Console
Follow these steps to access the appliance console.
Procedure
Step 1
Connect a computer to the console port using the provided console cable, and connect to the console using a
terminal emulator set for 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control.
See the hardware guide for your ASA for more information about the console cable.
Access the Console for the Command-Line Interface, page 1
Configure ASDM Access, page 9
Start ASDM, page 15
Factory Default Configurations, page 16
Work with the Configuration, page 24
Apply Configuration Changes to Connections, page 28
Reload the ASA, page 28
CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5
Management
Access. If your system is already in multiple context mode,
1

Advertisement

Table of Contents
loading

Related Manuals for Cisco Cisco ASA Series

Summary of Contents for Cisco Cisco ASA Series

  • Page 1: Getting Started

    9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. See the hardware guide for your ASA for more information about the console cable. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 2: Access The Asa Console On The Firepower 9300 Chassis

    (either to the console port or remotely using Telnet or SSH) and then connecting to the ASA security module. Procedure Step 1 Connect to the Firepower 9300 chassis supervisor CLI (console or SSH), and then session to the ASA: connect module slot console CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 3 Escape character is '~'. CISCO Serial Over LAN: Close Network Connection to Exit Firepower-module1> connect asa asa> enable Password: asa# configure terminal asa(config)# asa(config)# [Ctrl-A-D] Firepower-module1> ~ telnet> quit Connection closed. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 4: Access The Asa Services Module Console

    ASASM, the connection may exist longer than intended. If someone else wants to log in, they will need to kill the existing connection. • Telnet connection—Using the session command, you create a Telnet connection to the ASASM. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 5: Log Into The Asa Services Module

    • Available after you configure a login password—From the switch CLI, enter this command to Telnet to the ASASM over the backplane: session [switch {1 | | 2}] slot number processor 1 CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 6: Log Out Of A Console Session

    CLI, perform the following steps. To kill another user’s active connection, which may have been unintentionally left open, see Kill an Active Console Connection, on page CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 7: Kill An Active Console Connection

    For example: Router# clear line 0 Log Out of a Telnet Session To end the Telnet session and access the switch CLI, perform the following steps. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 8: Access The Software Module Console

    Access the ASA 5506W-X Wireless Access Point Console To access the wireless access point console, perform the following steps. Procedure Step 1 From the ASA CLI, session to the access point: session wlan console CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 9: Configure Asdm Access

    ◦ASAv—You set the management interface IP address during deployment. ◦ASA on the Firepower 9300 chassis—You set the management interface IP address during deployment. • The clients allowed to access ASDM: CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 10: Customize Asdm Access

    Procedure Step 1 Access the CLI at the console port. Step 2 (Optional) Enable transparent firewall mode: This command clears your configuration. firewall transparent CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 11 Example: ciscoasa(config)# http 192.168.1.0 255.255.255.0 management Step 8 Save the configuration: write memory Step 9 (Optional) Set the mode to multiple mode: mode multiple CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 12: Configure Asdm Access For The Asa Services Module

    This command clears your configuration. Step 3 Do one of the following to configure a management interface, depending on your mode: • Routed mode—Configure an interface in routed mode: interface vlan number CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 13 Make sure you do not include the management address in the range. Step 5 (For remote management hosts) Configure a route to the management hosts: route management_ifc management_host_ip mask gateway_ip 1 CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 14 1 ip address 192.168.1.1 255.255.255.0 interface vlan 1 bridge-group 1 nameif inside security-level 100 dhcpd address 192.168.1.3-192.168.1.254 inside dhcpd enable inside http server enable http 192.168.1.0 255.255.255.0 inside CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 15: Start Asdm

    Even without authentication, if you enter a username and password at the login screen (instead of leaving the username blank), ASDM checks the local database for a match. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 16: Factory Default Configurations

    Start Java Web Start from the shortcut. d) Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears. e) Leave the username and password fields empty (for a new installation), and click OK. With no HTTPS authentication configured, you can gain access to ASDM with no username and the enable password, which is blank by default.

  • Page 17: Restore The Factory Default Configuration

    Restore the ASAv Deployment Configuration This section describes how to restore the ASAv deployment (Day 0) configuration. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 18 • NAT—Interface PAT for all traffic from inside, wifi, and management to outside. The configuration consists of the following commands: interface Management1/1 management-only no nameif no security-level no ip address no shutdown CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 19 The configuration consists of the following commands: interface management 0/0 ip address 192.168.1.1 255.255.255.0 nameif management security-level 100 no shutdown asdm logging informational asdm history enable http server enable http 192.168.1.0 255.255.255.0 management CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 20: Asa On The Firepower 9300 Chassis Default Configuration

    GigabitEthernet 1/1 (outside1), GigabitEthernet 1/2 (inside1), GigabitEthernet 1/3 (outside2), GigabitEthernet 1/4 (inside2) • All inside and outside interfaces can communicate with each other. • Management 1/1 interface—192.168.1.1/24 for ASDM access. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 21 GigabitEthernet 1/1-1/2 hardware-bypass GigabitEthernet 1/3-1/4 http server enable http 192.168.1.0 255.255.255.0 management dhcpd address 192.168.1.5-192.168.1.254 management dhcpd enable management CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 22: Asav Deployment Configuration

    • (Optional) SSH management settings: ◦ Client IP addresses ◦ Local username and password ◦ Authentication required for SSH using the LOCAL database • (Optional) REST API enabled or disabled CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 23 Getting Started ASAv Deployment Configuration To successfully register the ASAv with the Cisco Licensing Authority, the ASAv requires Internet access. Note You might need to perform additional configuration after deployment to achieve Internet access and successful license registration. See the following sample configuration for a standalone unit:...

  • Page 24: Work With The Configuration

    URL, except for an HTTP or HTTPS URL, which do not let you save the configuration to the server. The copy running-config startup-config command is equivalent to the write memory command. Note CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 25 Unable to save the configuration for the following contexts as these contexts have read-only config-urls: CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 26: Copy The Startup Configuration To The Running Configuration

    Clears all the configuration for a specified command. If you only want to clear the configuration for a specific version of the command, you can enter a value for level2configurationcommand. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 27: Create Text Configuration Files Offline

    Alternatively, you can download a text file to the ASA internal flash memory. See Software and Configurations for information on downloading the configuration file to the ASA. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

  • Page 28: Apply Configuration Changes To Connections

    IP address, destination IP address, port, and/or protocol, you can specify the desired options. Reload the ASA To reload the ASA, complete the following procedure. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 29 Getting Started Reload the ASA Procedure Reload the ASA: reload Note In multiple context mode, you can only reload from the system execution space. CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...
  • Page 30 Getting Started Reload the ASA CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5...

Table of Contents