Comments Kunjan says July 30, 2009 at 11:16 pm Ive 2 routers on HSRP need to connect directly to firewall.Although this model is suitable for small businesses, branch offices or even home use, its firewall security capabilities are the same as the biggest models (5510, 5520, 5540 etc).The Adaptive Security technology of the ASA firewalls offers solid and reliable firewall protection, advanced application aware security, denial of service attack protection and much more.
Moreover, the performance of the ASA 5505 appliance supports 150Mbps firewall throughput and 4000 firewall connections per second, which is more than enough for small networks. EDIT: There are newer models that will replace the ASA5505 as described here. In this article I will explain the basic configuration steps needed to setup a Cisco 5505 ASA firewall for connecting a small network to the Internet. We assume that our ISP has assigned us a static public IP address (e.g 200.200.200.1 as an example) and that our internal network range is 192.168.1.024. We will use Port Address Translation (PAT) to translate our internal IP addresses to the public address of the outside interface. The difference of the 5505 model from the bigger ASA models is that it has an 8-port 10100 switch which acts as Layer 2 only. MORE READING: New Cisco ASA 5506-5508 models with FirePOWER That is, you can not configure the physical ports as Layer 3 ports, rather you have to create interface Vlans and assign the Layer 2 interfaces in each VLAN. By default, interface Ethernet00 is assigned to VLAN 2 and its the outside interface (the one which connects to the Internet), and the other 7 interfaces (Ethernet01 to 07) are assigned by default to VLAN 1 and are used for connecting to the internal network. Lets see the basic configuration setup of the most important steps that you need to configure. The diagram below illustrates the network topology for the configuration setup that we will describe. Notice from the diagram that port Ethernet00 connects to the Internet, and ports Ethernet01 to 7 connect to internal hosts (PC computers etc). Cisco Asa 5505 Software Version 8Step 5: Configure PAT on the outside interface ASA5505(config) global (outside) 1 interface ASA5505(config) nat (inside) 1 0.0.0.0 0.0.0.0 UPDATE for ASA Version 8.3 and later From March 2010, Cisco announced the new Cisco ASA software version 8.3. This version introduced several important configuration changes, especially on the NATPAT mechanism. The PAT configuration below is for ASA 8.3 and later: object network objany subnet 0.0.0.0 0.0.0.0 nat (inside,outside) dynamic interface Step 6: Configure default route towards the ISP (assume default gateway is 200.200.200.2) ASA5505(config) route outside 0.0.0.0 0.0.0.0 200.200.200.2 1 The above steps are the absolutely necessary steps you need to configure for making the appliance operational. Of course there are much more configuration details that you need to implement in order to enhance the security and functionality of your appliance, such as Access Control Lists, Static NAT, DHCP, DMZ zones, authentication etc. Download the best configuration tutorial for any Cisco ASA 5500 Firewall model HERE. Here is also a new article Ive written for a basic and advanced Configuration Tutorial for the new ASA 5506-X model. Cisco Asa 5505 How To Configure CiscoCisco Asa 5505 Free Cisco CommandsDOWNLOAD THIS ARTICLE AS PDF FILE Related Posts How to Configure Access Control Lists on a Cisco ASA 5500 Firewall (with Examples) Cisco ASA Active-Standby Failover Configuration Example Configuring a Warning Login Banner on Cisco ASA Firewall Cisco ASA NTP and Clock Configuration with Examples How to Configure EIGRP on a Cisco ASA Firewall (Example Commands) -- Filed Under: Cisco ASA Firewall Configuration Tagged With: asa 5505 configuration, asa 5505 configuration tutorial, Cisco ASA 5505, how to configure cisco asa 5505 Download Free Cisco Commands Cheat Sheets Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls. Email Networks Training Cheat Sheets Subscribers We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. ![]() X About Harris Andrea Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCPIP Networks and Information Security. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |