Cisco ASA5505 quick setup guide

Notes I took while initially setting up a Cisco ASA 5505 for my house.’, ‘As this was a used device, I needed to start by resetting the password. I then dumped the current configs, just to take a look, and then reset to a factory config. I\’m hoping to do everything from the CLI so that I don\’t have to play with java and the GUI as well as trying to keep the configs as clean as possible.

So let\’s get started!

– Connect your console cable
– Power cycle the unit
– Press ESC during boot up when prompted

rommon #0> confreg 0x41
rommon #1> boot
ciscoasa> en
Password: (press enter, password is blank)
ciscoasa# copy start run
Destination filename [running-config]? (Just press enter)

This will load the current configs, at which case you can do:

ciscoasa# show run

and it will show the current configs if you want to “learn” from the previous owner.

ciscoasa# conf t
ciscoasa(config)# enable password blah (blah is whatever you want the password to be)
ciscoasa(config)# config-register 0x01
ciscoasa(config)# exit
ciscoasa# wr
ciscoasa# reload
Proceed with reload? [confirm] (Just press enter)

Now, to reset the config to factory defaults so you can start fresh. log in using the password you set above and \’enable\’.

ciscoasa# conf t
ciscoasa(config)# config factory-default
ciscoasa(config)# exit
ciscoasa# wr
ciscoasa# reload
Proceed with reload? [confirm] (Just press enter)

There you go, a fresh Cisco ASA 5505 waiting to be configured from scratch…

So, here is what we have:

VLAN1 = inside and is set to 192.168.1.1/24
VLAN2 = outside and is set to DHCP

Port 0 is on VLAN2

DHCP is enabled and handing out IPs from 192.168.1.2-192.168.1.33 on the “inside” network.

First, I want to change the default IP and DHCP range.

ciscoasa# conf t
ciscoasa(config)# no dhcpd address 192.168.1.2-192.168.1.33 inside
ciscoasa(config)# no dhcpd enable inside
ciscoasa(config)# no http server enable
ciscoasa(config)# no http 192.168.1.0 255.255.255.0 inside
ciscoasa(config)# int vlan 1
ciscoasa(config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa(config-if)# exit
ciscoasa(config)# dhcpd address 10.10.10.100-10.10.10.131 inside
ciscoasa(config)# dhcpd enable inside
ciscoasa(config)# http 10.10.10.0 255.255.255.0 inside
ciscoasa(config)# http server enable

Now, to open some pinholes (or port forward) through the firewall. In this example, SSH on port 22.

ciscoasa(config)# access-list outside_access_in extended permit tcp any interface outside eq 22
static (inside,outside) tcp interface 22 10.10.10.55 22 netmask 255.255.255.255
access-group outside_access_in in interface outside

Allow ssh access to the asa5505 on the inside.

ciscoasa(config)# username xxxx password xxxx
ciscoasa(config)# ssh 10.10.10.1 255.255.255.255 inside
ciscoasa(config)# crypto key generate rsa modulus 1024
ciscoasa(config)# aaa authentication ssh console LOCAL

Allow pings to the outside interface:

ciscoasa(config)# access-list outside_access_in permit icmp any interface outside

**** IN PROGRESS ****