{"id":1101,"date":"2014-04-15T13:00:49","date_gmt":"2014-04-15T17:00:49","guid":{"rendered":"http:\/\/www.gtcomm.net\/blog\/?p=1101"},"modified":"2020-02-10T20:27:35","modified_gmt":"2020-02-11T01:27:35","slug":"getting-started-with-a-cisco-asa-hardware-firewall","status":"publish","type":"post","link":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/","title":{"rendered":"Getting Started with a Cisco ASA Hardware Firewall"},"content":{"rendered":"

In our <\/span>last article on firewall introductions<\/a>, I discussed Linux Firewalls, what they are and how to configure them by adding rules. In this second feature, let\u2019s take a look more closely at one of several hardware firewall options available: the <\/span>Cisco ASA 5500 series<\/strong>.<\/span><\/p>\n

Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS command line necessary for operating this firewall.<\/p>\n

<\/p>\n

The Cisco ASA 5500 series has several functionalities which I will briefly detail here. While it primarily acts as a firewall, it is far more robust than that and do much more. The Cisco ASA 5500 can offer routing capabilities with support for routing protocols, VPN access to its interfaces, NATing, remote management, mixed security contexts to apply different security policies, and much more. That said, we will only go into the most basic configurations so that you can setup your Cisco ASA to work properly.<\/p>\n

The Cisco ASA 55xx Firewall<\/h2>\n

The first thing you\u2019ll notice when you receive your Cisco ASA 55xx, is that it\u2019s a huge brick, with a few ports on one side. You might notice that it looks a lot like a regular datacenter switch, with the difference being that it has less ports. On the model we used for this blog(Cisco ASA 5510), you will see 4 regular Ethernet ports, 1 management port, 1 console port, 1 auxiliary port and 2 USB ports. There\u2019s also an opening for additional flash storage. For the first setup, we will need to focus on both the console port and the management port.<\/p>\n

The console port is not a regular Ethernet port. While it uses a RJ45 connector, it generally requires either a serial port or USB port adapter on the other end. To do the initial setup of your hardware firewall, you will want to plug this cable into the serial or USB port of your computer. To gain access to the firewall\u2019s console and command shell, you will need to use a program like hyper terminal or Putty. For this article, we will use Putty.<\/p>\n

Specify the Serial Connection Type and Port<\/h3>\n

In Putty, you will need to specify the serial connection type and port for the connection. When the connection is initialized, you will have a black screen pop up. If you then press enter, the command line will appear and you\u2019ll be able to enter commands in the firewall.<\/p>\n

\"Connecting<\/p>\n

Cisco IOS commands to Use<\/h3>\n

The firewall\u2019s OS answers to Cisco IOS commands, which is fairly different from DOS and UNIX command line. Here are a few useful commands to know:<\/p>\n

Enable<\/strong> \u2013 Switch to privileged mode. Generally requires a password that you can set. This is somewhat similar to root on UNIX.<\/p>\n

Configure terminal<\/strong> \u2013 From Privileged mode, let\u2019s you configure interfaces, routing behaviors, access lists and a plethora of other functionalities.<\/p>\n

Interface<\/strong> \u2013 Lets you configure network interfaces. On the ASA 5510, the interfaces will be named Fastethernet 0\/0 to Fastethernet 0\/3. The management interface is called Management 0\/0. So, the command \u201cinterface management 0\/0\u201d lets you access the management configuration.<\/p>\n

IP address<\/strong> \u2013 When an interface is selected, you can configure its IP address using this command. The address should be entered in the following format:  IP address [IP] [Subnet mask].<\/p>\n

<\/p>\n

Configuring the Management Port<\/h3>\n

With this information in hand, we can start configuring the management port so that you can get access to the command line without needing direct physical access to the firewall. I will show you a list of commands and explain what they do briefly.<\/p>\n

enable
\nconfig terminal
\ninterface management 0\/0
\nip address 192.168.0.50 255.255.255.0
\nnameif management
\nsecurity level 100
\nno shutdown
\nexit
\nwrite memory<\/code><\/p>\n

As you can see, we first enter privileged mode, then we enter the configuration terminal in order to reach the management interface configuration.  From there, we assign an IP to the management interface which should be part of our internal network, we name the interface using the Name if command and we set the security level for the interface. Please note that an interface name is mandatory for any type of connection to work. The security level is set to ensure that outside traffic doesn’t get routed to the management interface. No shutdown sets the interface as active and exit brings us back to the configuration terminal level.<\/p>\n

Setup Access though SSH Protocol<\/h3>\n

Next, we can setup access to the command line through the SSH protocol for the management port. To do so, you will first want to set a password for the privileged mode. You can do so using the following command:<\/p>\n

passwd [new password]<\/code><\/p>\n

You do not need to put the brackets, simply write the password after the Passwd command. We follow up by generating an encryption key for SSH connections using this command:<\/p>\n

crypto key generate RSA modulus 1024<\/code><\/p>\n

In Closing the Firewall Setup<\/h3>\n

Finally, we write down the configuration in memory and then grant SSH access through the management port:<\/p>\n

ssh [source_IP] [mask] management
\nwrite memory<\/code><\/p>\n

The source IP can designate an IP range with the mask giving us the exact size of that range. The last word designate the port through which SSH connection should be granted. Since we named our management port \u201cmanagement\u201d, I wrote its name there. Now that this is done, you should be able to connect to the firewall using SSH. The username for the connection would be \u201cPIX\u201d and the password is the one you set previously.<\/p>\n

Since we can now access the Firewall remotely using SSH, we can now start configuring it. I will discuss that topic in my next piece as well as give you an overview of the more advanced capabilities of the Cisco ASA hardware firewall.<\/p>\n","protected":false},"excerpt":{"rendered":"

In our last article on firewall introductions, I discussed Linux Firewalls, what they are and how to configure them by adding rules. In this second feature, let\u2019s take a look more closely at one of several hardware firewall options available: the Cisco ASA 5500 series. Here I will cover the firewall\u2019s capabilities as well as<\/p>\n","protected":false},"author":4,"featured_media":1109,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[61,50],"tags":[7,11,5,13],"class_list":["post-1101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-database","category-tutorials","tag-hardware","tag-high-availability-hosting","tag-infrastructure","tag-security"],"yoast_head":"\nGetting Started with a Cisco ASA Hardware Firewall - GloboTech Blog<\/title>\n<meta name=\"description\" content=\"Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS commands\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Getting Started with a Cisco ASA Hardware Firewall - GloboTech Blog\" \/>\n<meta property=\"og:description\" content=\"Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS commands\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"Globo.Tech\" \/>\n<meta property=\"article:published_time\" content=\"2014-04-15T17:00:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-11T01:27:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"340\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Eric Simard\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eric Simard\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/\",\"name\":\"Getting Started with a Cisco ASA Hardware Firewall - GloboTech Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg\",\"datePublished\":\"2014-04-15T17:00:49+00:00\",\"dateModified\":\"2020-02-11T01:27:35+00:00\",\"author\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/2202ee355cd2897b4751d2f3ffcd56f1\"},\"description\":\"Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS commands\",\"breadcrumb\":{\"@id\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#primaryimage\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg\",\"contentUrl\":\"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg\",\"width\":500,\"height\":340,\"caption\":\"cisco asa firewall banner\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.globo.tech\/learning-center\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Getting Started with a Cisco ASA Hardware Firewall\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#website\",\"url\":\"https:\/\/www.globo.tech\/learning-center\/\",\"name\":\"Globo.Tech\",\"description\":\"Welcome to the Official Globo.Tech Learning Center\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.globo.tech\/learning-center\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/2202ee355cd2897b4751d2f3ffcd56f1\",\"name\":\"Eric Simard\",\"description\":\"I am Eric Simard, best father in the world and account manager at GloboTech Communications located in the beautiful city of Montreal. Passionate about the hosting world and technologies, I take great pleasure in offering the best solutions for my clients. Follow me through my journey in the exciting hosting world on my different blogs!\",\"sameAs\":[\"http:\/\/www.gtcomm.net\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Getting Started with a Cisco ASA Hardware Firewall - GloboTech Blog","description":"Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS commands","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/","og_locale":"en_US","og_type":"article","og_title":"Getting Started with a Cisco ASA Hardware Firewall - GloboTech Blog","og_description":"Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS commands","og_url":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/","og_site_name":"Globo.Tech","article_published_time":"2014-04-15T17:00:49+00:00","article_modified_time":"2020-02-11T01:27:35+00:00","og_image":[{"width":500,"height":340,"url":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg","type":"image\/jpeg"}],"author":"Eric Simard","twitter_misc":{"Written by":"Eric Simard","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/","url":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/","name":"Getting Started with a Cisco ASA Hardware Firewall - GloboTech Blog","isPartOf":{"@id":"https:\/\/www.globo.tech\/learning-center\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#primaryimage"},"image":{"@id":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg","datePublished":"2014-04-15T17:00:49+00:00","dateModified":"2020-02-11T01:27:35+00:00","author":{"@id":"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/2202ee355cd2897b4751d2f3ffcd56f1"},"description":"Here I will cover the firewall\u2019s capabilities as well as an example for a first time configuration. I will also give an overview of the Cisco IOS commands","breadcrumb":{"@id":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#primaryimage","url":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg","contentUrl":"https:\/\/www.globo.tech\/learning-center\/wp-content\/uploads\/2014\/04\/cisco_asa_firewall_banner.jpg","width":500,"height":340,"caption":"cisco asa firewall banner"},{"@type":"BreadcrumbList","@id":"https:\/\/www.globo.tech\/learning-center\/getting-started-with-a-cisco-asa-hardware-firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.globo.tech\/learning-center\/"},{"@type":"ListItem","position":2,"name":"Getting Started with a Cisco ASA Hardware Firewall"}]},{"@type":"WebSite","@id":"https:\/\/www.globo.tech\/learning-center\/#website","url":"https:\/\/www.globo.tech\/learning-center\/","name":"Globo.Tech","description":"Welcome to the Official Globo.Tech Learning Center","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.globo.tech\/learning-center\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.globo.tech\/learning-center\/#\/schema\/person\/2202ee355cd2897b4751d2f3ffcd56f1","name":"Eric Simard","description":"I am Eric Simard, best father in the world and account manager at GloboTech Communications located in the beautiful city of Montreal. Passionate about the hosting world and technologies, I take great pleasure in offering the best solutions for my clients. Follow me through my journey in the exciting hosting world on my different blogs!","sameAs":["http:\/\/www.gtcomm.net"]}]}},"_links":{"self":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/1101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/comments?post=1101"}],"version-history":[{"count":26,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/1101\/revisions"}],"predecessor-version":[{"id":4723,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/posts\/1101\/revisions\/4723"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/media\/1109"}],"wp:attachment":[{"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/media?parent=1101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/categories?post=1101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.globo.tech\/learning-center\/wp-json\/wp\/v2\/tags?post=1101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}