cisco asa firewall configuration guide pdf

Figure 3-1 Sample Topology Using an ASA 5510 Appliance Example 3-6.
The symbol characterizes that the, eXEC or nonprivileged mode is in place, meaning that a limited set of tasks can be accomplished.Creating Subinterfaces on interface E0/1 (two logical networks) interface Ethernet0/1.12meif fw1 security-level 50 ip address!The show running-configuration command displays the active configuration of the device and typically results in a large amount of data.ASA 5505Security Plus license.The typical outputs of the show interface options ( physical interface and interface vlan ) are registered in this example, which also displays a changed hostname for the appliance ( ASA 5505 instead of the default ciscoasa ).Sending 5, 100-byte icmp Echos to, timeout is 2 seconds!The enable command with a blank password (for a device with no initial configuration) provides access to the privileged mode, recognized by the symbol # after the device hostname.Entering configuration (config) mode and displaying available options ciscoasa# configure terminal ciscoasa(config?Viewing Information About ASA Interfaces!Displaying all the commands available on the exec mode with a "?" ciscoasa?Viewing logical interfaces and correspondent security levels ASA1# show nameif Interface Name Security Ethernet0/1.1201 fw1 50 Ethernet0/1.1212 svcs 99 Management0/0 mgmt 100!!
Displaying information about a subinterface ASA1# show interface e0/1.1212 Interface Ethernet0/1.1212 "svcs is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec vlan identifier 1212 Description: * Direct Access to Services Segment * MAC address 0014.6a21.b4ef, MTU 1500.
The other ASA models have only routed interfaces.
You do not need to analyze this option because it provides little flexibility.
Figure 3-2 shows a sample topology that serves as the base for exploring the ASA 5505 platform.
Physical Interface interface Ethernet0/1 no nameif no security-level no ip address no shutdown!!This is illustrated in Example 3-4, which also shows the access to config mode through the configure terminal command.Logical Interface associated with vlan 100 interface Vlan100 description * Management Interface nameif mgmt security-level 100 ip address no shutdown!!Assign a logical name to the interface: This is accomplished with the nameif command, and the configured name is used in any future reference to the interface.Delimiting the section of the running configuration to be displayed ciscoasa# show running-config timeout timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect.Displaying basic information about device hardware and software ciscoasa show version Cisco Adaptive Security Appliance Software Version.2(1) Device Manager Version.2(1) Compiled on Tue 05-May-09 22:45 by builders System image file is " disk0 n " Config file at boot was " startup-config ".After a command, such as show?, displays the supported parameters for this command.(It is typically easier to remember the logical meaning of an interface than the physical.) Assign a security-level to the interface: To reflect the degree of trustworthiness of a given firewall interface, Cisco introduced in the early days of the PIX Firewalls the concept.No, type help or '?' for a list of available commands.Baseline ASA 5505 Configuration!