A few days ago we had a need for a router, we did not have one handy, but we did have a Cisco ASA 5505. While I’ve configured my fair share of routers, I never had the need to configure a PIX or ASA. It turns out that while there are difference when configuring a security device and a router or switch, the commands are very similar.
Here is the scope of I what I needed to accomplish:
Inside network = 10.0.0.0/24
Outside network ip = 76.203.90.1/30
Default route via 76.203.90.2
Hostname = ASA
No DHCP
All traffic should be allowed
Exec password must be set to cisco.
Here is how we accomplish this very basic configuration – Please note that all commands are in italics.
After you get into Global configuration type the following:
ciscoasa(config)# host ASA – This will change the host name to ASA
Configure passwords:
ASA(config)#enable secret cisco – This will set our privilege mode password to cisco.
Configure the interfaces:
ASA(config)#int fa0/0 – to configure the interface Fastethernet0/0
ASA(config-int)#ip add 10.0.0.1 255.255.255.0 – This will assign 10.0.0.1/24 as the ip address of our interface.
ASA(config-int)#nameif inside – This will label that interface as our inside network.
ASA(config-int)#no shut
ASA(config-int)#int fa0/1 – this will take us to interface configuration mode for interface Fastethernet0/1
ASA(config-int)#ip add 76.203.90.1 255.255.255.252 – This will assign 76.203.90.1/30 to the interface.
ASA(config-int)#nameif outside – This will label the interface as the outisde interface.
ASA(config-int)#no shut – This will enable our interface FA0/1.
ASA(config-int)#exit – This will take us back to global configuration mode.
Configuring NAT/PAT
ASA(config)#nat (inside) 1 0.0.0.0 0.0.0.0 – This tells the ASA to translate all addresses on the inside interface.
ASA(config)#global (outside) 1 interface – This tells the ASA that all translated addresses should use the outside interface ip for PAT.
Configuring the default route:
ASA(config)#route outside 0.0.0.0 0.0.0.0 76.203.90.2 1 – This configures the default route the the specified ip using the outside interface.
Allowing traffic:
ASA(config)#access-list traffic extended permit ip any any – This will permit any traffic to and from any ip address.
ASA(config)#access-group traffic in interface inside – This will apply the access list we just created to all inbound traffic on the inside interface.
Saving your configuration to memory:
ASA(config)#wr mem
That’s it! You have now configured an ASA.
I will expand on this tutorial to make the configuration to include DHCP, timed ACLs and ASDM.
Stay tuned.
