| co ASA 5505 Firewall is the smallest model in the | | | | ASA5505(config-if)# security-level 100 |
| new 5500 Cisco series of hardware appliances. | | | | ASA5505(config-if)# ip address 192.168.1.1 |
| Although this model is suitable for small | | | | 255.255.255.0 |
| businesses, branch offices or even home use, its | | | | ASA5505(config-if)# no shut |
| firewall security capabilities are the same as the | | | | Step 2: Configure the external interface vlan |
| biggest models (5510, 5520, 5540 etc). The | | | | (connected to Internet) |
| Adaptive Security technology of the ASA firewalls | | | | ASA5505(config)# interface Vlan 2 |
| offers solid and reliable firewall protection, | | | | ASA5505(config-if)# nameif outside |
| advanced application aware security, denial of | | | | ASA5505(config-if)# security-level 0 |
| service attack protection and much more. | | | | ASA5505(config-if)# ip address 200.200.200.1 |
| Moreover, the performance of the ASA 5505 | | | | 255.255.255.0 |
| appliance supports 150Mbps firewall throughput | | | | ASA5505(config-if)# no shut |
| and 4000 firewall connections per second, which is | | | | Step 3: Assign Ethernet 0/0 to Vlan 2 |
| more than enough for small networks. | | | | ASA5505(config)# interface Ethernet0/0 |
| In this article I will explain the basic configuration | | | | ASA5505(config-if)# switchport access vlan 2 |
| steps needed to setup a Cisco 5505 ASA firewall | | | | ASA5505(config-if)# no shut |
| for connecting a small network to the Internet. | | | | Step 4: Enable the rest interfaces with no shut |
| We assume that our ISP has assigned us a static | | | | ASA5505(config)# interface Ethernet0/1 |
| public IP address (e.g 200.200.200.1 as an | | | | ASA5505(config-if)# no shut |
| example) and that our internal network range is | | | | Do the same for Ethernet0/1 to 0/7. |
| 192.168.1.0/24. We will use Port Address | | | | Step 5: Configure PAT on the outside interface |
| Translation (PAT) to translate our internal IP | | | | ASA5505(config)# global (outside) 1 interface |
| addresses to the public address of the outside | | | | ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0 |
| interface. The difference of the 5505 model from | | | | Step 6: Configure default route towards the ISP |
| the bigger ASA models is that it has an 8-port 10 | | | | (assume default gateway is 200.200.200.2 |
| 100 switch which acts as Layer 2 only. That is, | | | | ASA5505(config)# route outside 0.0.0.0 0.0.0.0 |
| you can not configure the physical ports as Layer | | | | 200.200.200.2 1 |
| 3 ports, rather you have to create interface | | | | The above steps are the absolutely necessary |
| Vlans and assign the Layer 2 interfaces in each | | | | steps you need to configure for making the |
| VLAN. By default, interface Ethernet0/0 is | | | | appliance operational. Of course there are much |
| assigned to VLAN 2 and it's the outside interface | | | | more configuration details that you need to |
| (the one which connects to the Internet), and the | | | | implement in order to enhance the security and |
| other 7 interfaces (Ethernet0/1 to 0/7) are | | | | functionality of your appliance, such as Access |
| assigned by default to VLAN 1 and are used for | | | | Control Lists, Static NAT, DHCP, DMZ zones, |
| connecting to the internal network. Let's see the | | | | authentication, IPSEC VPN etc. |
| basic configuration setup of the most important | | | | Visit my website in my resource box below for |
| steps that you need to configure. | | | | more information about Cisco products and |
| Step1: Configure the internal interface vlan | | | | solutions. You can also learn how to configure any |
| ASA5505(config)# interface Vlan 1 | | | | Cisco ASA 5500 Firewall model on my websites |
| ASA5505(config-if)# nameif inside | | | | shown below. |