The following are the components needed to begin the configurations on the Adaptive Security Appliance (ASA) :
- Cisco ASA
- Console cable
- USB-to-serial converter (optional)
- Ethernet cables (optional)
- Terminal emulation program: PuTTY, SecureCRT, or TeraTerm
- Laptop/PC
Before we get started, there are several methods for setting up and managing the ASA. The common method, which you may already know, is via the CLI using a Terminal-emulation program. However there is another, using the Adaptive Security Device Manager (ASDM), which provides a Graphical User Interface for the ASA. There is also the Cisco Security Manager (CSM), which is a commercial tool created by Cisco for enterprise management of their routers, switches, and security devices.
For the remainder of this book, we'll be using both the CLI and the ASDM to administer and manage the ASA.
With the purchase of an ASA, in the contents of the box you'll receive a console cable (light blue color). This cable is used to initially access and configure the ASA. The cable has two different ends, an RS-232 (DB-9) connector and an RJ-45 connector. Modern laptops/PCs no longer ship with an RS-232 port, therefore you will need a USB-to-serial adapter for bridging the cables together.
The following is an picture of the console cable:
The following is a picture of USB to Serial converter cable:
Take the RJ-45 end of the console cable and plug it into the console port of the ASA (located at the back of the device). Now take the other end and plug it into your laptop/PC. Ensure the power supply is connected properly on the ASA and power on the device. The following picture shows the console port of a Cisco ASA 5505:
Download PuTTY from https://www.putty.org/ and open it. The Connection type should be set to Serial and Speed 9600. Then click Open:
If you are using SecureCRT (https://www.vandyke.com/), use the following settings (be sure to adjust the COM port accordingly):
When the ASA boots for the first time, you'll receive a system message asking whether you want to use the interactive wizard to assist in getting your ASA up and ready. If you type yes and hit Enter, the following options will be provided:
Please note that by hitting the Enter key, the default values in the square brackets [] will be applied for each line. In the preceding capture, the date and time were left as the default values on the ASA.
If we had entered no, the ASA goes into a default state and uses ciscoasa as the default hostname. This brings us to the user EXEC mode, indicated with a > symbol:
ciscoasa>
The following is a screenshot of the CLI:
Next, we are going to type enable to access the privilege EXEC mode. You will be prompted for a password; because this the initial boot without any prior configuration, the password is blank, simply hit Enter again and you will notice the prompt has changed. The privilege EXEC mode is indicated using a # symbol:
ciscoasa> enable
Password:
ciscoasa#
Let's look at various information about the ASA device using the show version command. The show version will provide us with the device uptime, ASDM version, operating system version, model, serial, available features, processor type, amount of RAM, interfaces, and licenses:
ciscoasa# show version
As we can see in the preceding screenshot, the system version is 8.2, the ASDM version 7.6, the location of the system image and the device up time:
The following is a show version output from an ASA 5505 from the Cisco Packet Tracer program:
ciscoasa#show version
Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 6.4(5)
Compiled on Wed 15-Jun-11 18:17 by mnguyen
System image file is "disk0:/asa842-k8.bin
Config file at boot was "startup-config"
ciscoasa up 27 seconds
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is 44d3.caef.1e22, irq 11
1: Ext: Ethernet0/0 : address is 0001.9692.AE01, irq 255
2: Ext: Ethernet0/1 : address is 0001.9692.AE02, irq 255
3: Ext: Ethernet0/2 : address is 0001.9692.AE03, irq 255
4: Ext: Ethernet0/3 : address is 0001.9692.AE04, irq 255
5: Ext: Ethernet0/4 : address is 0001.9692.AE05, irq 255
6: Ext: Ethernet0/5 : address is 0001.9692.AE06, irq 255
7: Ext: Ethernet0/6 : address is 0001.9692.AE07, irq 255
8: Ext: Ethernet0/7 : address is 0001.9692.AE08, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 10 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Serial Number: JMX15361AKD
Running Permanent Activation Key: 0x77E8213D 0x81D8D4DA 0x7CDDD6CE 0x5C6827E3 0x6AB8A1E4
Configuration register is 0x1
Configuration has not been modified since last system restart.