KT Labs EP2 :: Getting Started with the ASA & ASDM

In this knowledge transfer session, I show you how to configure basic settings on the Cisco Adaptive Security Appliance (ASA) and how we can manage the ASA using the Adaptive Security Device Manager (ASDM).

Please see the video below;


In the video, we couldn’t get outbound access to the Internet because of the GNS3 appliance I was using. After the video, I managed to fix this by verifying the next hope IP address which was 192.168.222.2/24 and not 192.168.222.1/24, verification commands and a screenshot from the workstation is below.

Changed the default route on the ASA and verified outbound connectivity to Google’s DNS

ciscoasa(config)# no route OUTSIDE 0 0 192.168.222.1 ciscoasa(config)# route OUTSIDE 0 0 192.168.222.2

ciscoasa(config)# ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/32/40 ms

Verified outbound connectivity from the workstation

Final ASA configuration output

Output Omitted

ciscoasa(config)# show run ! ASA Version 9.8(1) ! hostname ciscoasa enable password $sha512$5000$xats8UNNBqKhJfd5MFOTaw==$+j/4b7aqiOJzHtxCTluSxQ== pbkdf2 xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ! interface GigabitEthernet0/0 nameif INSIDE security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface GigabitEthernet0/1 nameif OUTSIDE security-level 0 ip address dhcp ! object network INSIDE-HOSTS subnet 192.168.1.0 255.255.255.0 access-list INSIDE extended permit icmp object INSIDE-HOSTS any ! object network INSIDE-HOSTS nat (INSIDE,OUTSIDE) dynamic interface access-group INSIDE in interface INSIDE route OUTSIDE 0.0.0.0 0.0.0.0 192.168.222.2 1 ! aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication enable console LOCAL aaa authentication login-history http server enable http 192.168.1.0 255.255.255.0 INSIDE ! ssh stricthostkeycheck ssh 192.168.1.0 255.255.255.0 INSIDE ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 ! username wizkid password $sha512$5000$wI5AtBBMcQjGzHtDRfrm6Q==$hK+1hT9LfbW+wN2PiZ0Peg== pbkdf2 ! class-map inspection_default match default-inspection-traffic ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection ! service-policy global_policy global

#Cisco #AdaptiveSecurityDeviceManager #Labs #asa #GettingstartedwithASA #networkwizkids #LearningCiscoASA #ASDM #AdaptiveSecurityAppliance #ciscoasa #CiscoASALabs

©2020 by Network Wizkid