Cisco Adaptive Security Appliance 8.4 Basic Interface Configuration.
Agenda for this blog is as below:
# Setting up the privilege mode password.
# Naming the appliance
# Configuring the interfaces
Topology on which we will work is as below:
Requirement 1.
Privilege mode password:
Cisco ASA appliance comes with no privilege mode password. We are prompt for password but we can just enter the mode without any.
So here the privilege mode password has to be set as “secret@123” to restrict any one to get access in.
Configuration:
ciscoasa> enable
(To get in the privilege mode)
(To get in the privilege mode)
ciscoasa# configuration terminal
(To get in the global config mode)
(To get in the global config mode)
ciscoasa(config)#enable password Secret@123
(Enables the privilege mode password as Secret@123)
(Enables the privilege mode password as Secret@123)
ciscoasa(config)#exit
(To exit the mode)
(To exit the mode)
ciscoasa#wr
(To save the config)
(To save the config)
ciscoasa#exit
ciscoasa>
Now to test this, we will try to enter the privilege mode without the password as we did earlier.
ciscoasa> enable (To get in the privilege mode)
We are not allowed to make in the privilege mode as we are not specifying the password which we just configured.
Now lets try with the password.
ciscoasa> enable
Password: **********
And we are now allowed to make in the privilege mode.
Now let's move towards next requirement.
Requirement 2.
Naming the device:
Cisco ASA appliance comes with a default host name as ciscoasa.
We have to change the host name to “ASA”.
Configuration:
Ciscoasa>enable
Password: ********
ciscoasa#configure terminal
ciscoasa(config)#hostname ASA
(To specify host name is ASA)
(To specify host name is ASA)
As we executive the command the host name changes immediately.
Now let's move towards the last requirement for this tutorial.
Requirement 3.
Interface configuration:
We have to configure the cisco ASA interfaces as below
Interface gigabitEthernet 1
Ip address 192.168.1.254/24
Name it Inside
Security level 100
We have to configure the cisco ASA interfaces as below
Interface gigabitEthernet 1
Ip address 192.168.1.254/24
Name it Inside
Security level 100
Configuration:
ASA>enable
Password: ********
ASA#configure terminal
ASA (config)#interface gig 1
(To enter the interface config mode)
(To enter the interface config mode)
ASA (config-if)#ip address 192.168.1.254 255.255.255.0
(Specifying the IP address and netmask)
(Specifying the IP address and netmask)
ASA (config-if)#no shut
(Enabling the interface)
(Enabling the interface)
As per our L3 switches and routers this is the minimum config required to enable a interface. But in ASA this doesn't works.
The proof is as below.
The interface is up but the IP address is still missing and which mean the interface is not yet in working state.
Naming the interface is very important in ASA.
Now the question arises on security level. Is it important ?
Yes, it is also the important factor in interface configuration but as per the default Cisco design, security level of 100 is given to the interface, when we configure the interface with name as Inside and 0 to all other Interfaces.
Now the question arises on security level. Is it important ?
Yes, it is also the important factor in interface configuration but as per the default Cisco design, security level of 100 is given to the interface, when we configure the interface with name as Inside and 0 to all other Interfaces.
So if we fail to configure it, the default 100 or 0 will be assigned but if we want to define our own levels, then we have to do that manually.
ASA (config-if)#nameif Inside
(Naming the Interface)
ASA (config-if)#security level 100
(Naming the Interface)
ASA (config-if)#security level 100
(Configuring the security level)
ASA (config)#exit
ASA (config)#exit
Let's verify the interface status
ASA #show interface if brief
(Getting the brief interface status)
(Getting the brief interface status)
Similarly we have too configure the second Interfaces as well.
Interface gigabitEthernet 2
Ip address 192.168.2.254/24
Name it DMZ
Security level 75
Ip address 192.168.2.254/24
Name it DMZ
Security level 75
Configuration:
ASA #configure terminal
ASA #configure terminal
ASA (config)#interface gi 2
ASA (config-if)#ip address 192.168.2.254 255.255.255.0
ASA (config-if)#nameif DMZ
ASA (config-if)#no shut
ASA (config-if)#security level 75
ASA (config-if)#exit
ASA (config)#exit
The sequencing of the commands doesn't matters.
Verification:
ASA#show interface if brief
And the third Interfaces.
Interface gigabitEthernet 0
Ip address 192.168.3.254/24
Name it Outside
Security level 0
Ip address 192.168.3.254/24
Name it Outside
Security level 0
Configuration:
ASA #configure terminal
ASA (config)#interface gig 0
ASA (config-if)#ip address 192.168.3.254 255.255.255.0
ASA (config-if)#nameif Outside
ASA (config-if)#no shut
And as we said Outside the pre-designed security level gets configured.
ASA (config)#exit
ASA (config)#exit
Verification
ASA#show interface if brief
ASA#show nameif
Friends, we have successfully configured all the basic requirements which were the part of agenda.
Friends, we have successfully configured all the basic requirements which were the part of agenda.
To get better clarification for the concepts, please watch the video tutorial linked above.
Also subscribe our YouTube channel and join our Facebook group for further updates and also like and comment your suggestions.
No comments:
Post a Comment