| ing our series of articles about Cisco ASA 5500 | | | | subsequent access to the appliance. Configure this |
| firewalls, I'm offering you here a basic | | | | under Configuration Mode: |
| configuration tutorial for the Cisco ASA 5510 | | | | ASA5510(config)# enable password |
| security appliance. This device is the second model | | | | mysecretpassword |
| in the ASA series (ASA 5505, 5510, 5520 etc) | | | | Step2: Configure the public outside interface |
| and is fairly popular since is intended for small to | | | | ASA5510(config)# interface Ethernet0/0 |
| medium enterprises. Like the smallest ASA 5505 | | | | ASA5510(config-if)# nameif outside |
| model, the 5510 comes with two license options: | | | | ASA5510(config-if)# security-level 0 |
| The Base license and the Security Plus license. | | | | ASA5510(config-if)# ip address 100.100.100.1 |
| The second one (security plus) provides some | | | | 255.255.255.252 |
| performance and hardware enhancements over | | | | ASA5510(config-if)# no shut |
| the base license, such as 130,000 Maximum | | | | Step3: Configure the trusted internal interface |
| firewall connections (instead of 50,000), 100 | | | | ASA5510(config)# interface Ethernet0/1 |
| Maximum VLANs (instead of 50), Failover | | | | ASA5510(config-if)# nameif inside |
| Redundancy, etc. Also, the security plus license | | | | ASA5510(config-if)# security-level 100 |
| enables two of the five firewall network ports to | | | | ASA5510(config-if)# ip address 192.168.10.1 |
| work as 10/100/1000 instead of only 10/100. | | | | 255.255.255.0 |
| Next we will see a simple Internet Access | | | | ASA5510(config-if)# no shut |
| scenario which will help us understand the basic | | | | Step 4: Configure PAT on the outside interface |
| steps needed to setup an ASA 5510. Assume | | | | ASA5510(config)# global (outside) 1 interface |
| that we are assigned a static public IP address | | | | ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0 |
| 100.100.100.1 from our ISP. Also, the internal LAN | | | | Step 5: Configure Default Route towards the ISP |
| network belongs to subnet 192.168.10.0/24. | | | | (assume default gateway is 100.100.100.2) |
| Interface Ethernet0/0 will be connected on the | | | | ASA5510(config)# route outside 0.0.0.0 0.0.0.0 |
| outside (towards the ISP), and Ethernet0/1 will be | | | | 100.100.100.2 1 |
| connected to the Inside LAN switch. | | | | Step 6: Configure the firewall to assign internal IP |
| The firewall will be configured to supply IP | | | | and DNS address to hosts using DHCP |
| addresses dynamically (using DHCP) to the internal | | | | ASA5510(config)# dhcpd dns 200.200.200.10 |
| hosts. All outbound communication (from inside to | | | | ASA5510(config)# dhcpd address |
| outside) will be translated using Port Address | | | | 192.168.10.10-192.168.10.200 inside |
| Translation (PAT) on the outside public interface. | | | | ASA5510(config)# dhcpd enable inside |
| Let's see a snippet of the required configuration | | | | The above basic configuration is just the beginning |
| steps for this basic scenario: | | | | for making the appliance operational. There are |
| Step1: Configure a privileged level password | | | | many more configuration features that you need |
| (enable password) | | | | to implement to increase the security of your |
| By default there is no password for accessing the | | | | network, such as Static and Dynamic NAT, |
| ASA firewall, so the first step before doing | | | | Access Control Lists to control traffic flow, DMZ |
| anything else is to configure a privileged level | | | | zones, IPSEC VPN etc. |
| password, which will be needed to allow | | | | |