- Find Out More About:
- Automatic Gate Faac
Cisco ASA 5505 setup – Basic configuration tutorial for ASA 5505
The Cisco ASA 5505 Firewall is the smallest model in the new 5500 Cisco series of hardware appliances. Although this model is suitable for small businesses, branch offices or even home use, its firewall security capabilities are the same as the biggest models (5510, 5520, 5540 etc). The Adaptive Security technology of the ASA firewalls offers solid and reliable firewall protection, advanced application aware security, denial of service attack protection and much more. Moreover, the performance of the ASA 5505 appliance supports 150Mbps firewall throughput and 4000 firewall connections per second, which is more than enough for small networks.
In this article I will explain the basic configuration steps needed to setup a Cisco 5505 ASA firewall for connecting a small network to the Internet. We assume that our ISP has assigned us a static public IP address (e.g 18.104.22.168 as an example) and that our internal network range is 192.168.1.0/24. We will use Port Address Translation (PAT) to translate our internal IP addresses to the public address of the outside interface. The difference of the 5505 model from the bigger ASA models is that it has an 8-port 10/100 switch which acts as Layer 2 only. That is, you can not configure the physical ports as Layer 3 ports, rather you have to create interface Vlans and assign the Layer 2 interfaces in each VLAN. By default, interface Ethernet0/0 is assigned to VLAN 2 and it’s the outside interface (the one which connects to the Internet), and the other 7 interfaces (Ethernet0/1 to 0/7) are assigned by default to VLAN 1 and are used for connecting to the internal network. Let’s see the basic configuration setup of the most important steps that you need to configure.Step1: Configure the internal interface vlan————————————————ASA5505(config)# interface Vlan 1ASA5505(config-if)# nameif insideASA5505(config-if)# security-level 100ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0ASA5505(config-if)# no shutStep 2: Configure the external interface vlan (connected to Internet)——————————————————————–ASA5505(config)# interface Vlan 2ASA5505(config-if)# nameif outsideASA5505(config-if)# security-level 0ASA5505(config-if)# ip address 22.214.171.124 255.255.255.0ASA5505(config-if)# no shutStep 3: Assign Ethernet 0/0 to Vlan 2—————————————–ASA5505(config)# interface Ethernet0/0ASA5505(config-if)# switchport access vlan 2ASA5505(config-if)# no shutStep 4: Enable the rest interfaces with no shut———————————————-ASA5505(config)# interface Ethernet0/1ASA5505(config-if)# no shutDo the same for Ethernet0/1 to 0/7.Step 5: Configure PAT on the outside interface————————————————-ASA5505(config)# global (outside) 1 interfaceASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0Step 6: Configure default route towards the ISP (assume default gateway is 126.96.36.199——————————————————————————————-ASA5505(config)# route outside 0.0.0.0 0.0.0.0 188.8.131.52 1The above steps are the absolutely necessary steps you need to configure for making the appliance operational. Of course there are much more configuration details that you need to implement in order to enhance the security and functionality of your appliance, such as Access Control Lists, Static NAT, DHCP, DMZ zones, authentication, IPSEC VPN etc.Visit my website in my resource box below for more information about Cisco products and solutions. You can also learn how to configure any Cisco ASA 5500 Firewall model on my websites shown below.
Harris Andrea is a Cisco Certified Professional (Holds a
, CCNP and CCSP) with more than 10 years experience in designing and implementing Cisco products and solutions. Visit the following link to learn how to configure any
Cisco ASA 5500
Firewall. Harris is the also the author of the Unofficial
Cisco ASA 5505 setup – Basic configuration tutorial for ASA 5505}