ASA Management

Secure Your Network With Cisco ASA Second Generation's OS 9.
Chapter 3
ASA Basic
After Reading this chapter you would be able to configure & Describe
Cisco asa Modes

Hostname
Enable Password
IP Address on interface
Security-level
Telnet
SSH
HTTP
Backup
Upgrade
Password Recovery
Page 25 of 846
Secure Your Network With Cisco ASA Second Generation's OS 9.x
ASA Basic LAB

How to set hostname.
How to set enable password
How to set IP add on an interface
How to enable TELNET
How to enable SSH
How to enable HTTP
How to take backup
How to upgrade an appliance
How to recover password
Diagram:-
ASA Mode
ciscoasa> (User mode)
ciscoasa> enable
Password:
ciscoasa# conf t (enable mode)
ciscoasa(config)# ! hostname (config-mode)
ciscoasa(config)# hostname ASA1
How To set Enable Password

ASA1(config)#
ASA1(config)# enable password shiva
ASA1(config)# exit
Logoff
Type help or '?' for a list of available commands.
ASA1> enable
Password: shiva
ASA1# conf t
ASA1(config)# ! remove enable password
ASA1(config)# enable password (just enter)
Page 26 of 846
How to Check Configuration

ASA1(config)# ! show run
ASA1(config)# sh running-config
: Saved
:
ASA Version 9.0(3)
!
hostname ASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
How to Check Interface Status

ASA1(config)# sh int ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset administratively down down
How to assign IP address & security-level to interface

ASA1(config)# ! set interface ip
ASA1(config)# int g0/0
ASA1(config-if)# no sh
ASA1(config-if)# ip add 192.168.101.1
ASA1(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ASA1(config-if)# int g0/1
ASA1(config-if)# no sh
ASA1(config-if)# no shu
ASA1(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA1(config-if)# ip add 192.168.102.1
ASA1(config-if)# ! check
ASA1(config-if)# sh int ip br
ASA1(config-if)# sh int ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.101.1 YES manual up up
GigabitEthernet0/1 192.168.102.1 YES manual up up
PC2(config)#int fastEthernet 0/0
PC2(config-if)#no shutdown
PC2(config-if)#ip add 192.168.102.100 255.255.255.0
PC2(config-if)#no shutdown
ASA1(config-if)# ping 192.168.101.1
Type escape sequence to abort.
Page 27 of 846
Sending 5, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
!!!!!
!!!!!
!!!!!
How to enable telnet

ASA1(config)# telnet 192.168.101.100 255.255.255.255 inside (for host)
ASA1(config)# telnet 192.168.101.0 255.255.255.0 inside (for n/w)
ASA1(config)# telnet 0.0.0.0 0.0.0.0 inside (wild card)
! default telnet pass is cisco till os 8.6

! but in os 9.0 & later default password removed
ASA1(config)# ! you have to set

ASA1(config)# sh ver
Cisco Adaptive Security Appliance Software Version 9.0(3)

ASA1(config)# passwd cisco
! verification on pc
Page 28 of 846
!How to enable SSH on Cisco ASA

ASA1(config)# domain-name cisco.com
ASA1(config)# crypto key generate rsa
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait...
ASA1(config)# ssh 0 0 inside
ASA1(config)# ssh 0 0 outside
ASA1(config)# username shiva password shiva privilege 15
ASA1(config)# aaa authentication ssh console LOCAL
! verification in pc
Page 29 of 846
! verification in pc2
PC2#ssh -l shiva 192.168.102.1
Password:
ASA1>
! you can't telnet to lowest security-level
ASA1(config)# telnet 0 0 outside
ASA1(config)# ssh 0 0 outside
PC2#telnet 192.168.102.1
Trying 192.168.102.1 ...
% Connection timed out; remote host not responding
PC2#ssh
PC2#ssh -l
PC2#ssh -l shiva 192.168.102.1
Page 30 of 846
Password:
! How to enable http server

ASA1(config)# sh flash
--#-- --length-- -----date/time------ path
146 0 Aug 29 2014 13:00:14 nat_ident_migrate
147 1422 Sep 23 2014 17:29:26 admin.cfg
148 2331 Sep 23 2014 17:29:26 old_running.cfg
22 4096 Sep 27 2013 10:55:54 coredumpinfo
23 59 Sep 27 2013 10:55:54 coredumpinfo/coredump.cfg
149 35602388 Aug 29 2014 12:44:36 csd_3.6.6203-k9.pkg
11 4096 Aug 29 2014 12:48:00 log
21 4096 Aug 29 2014 12:48:40 crypto_archive
150 17851400 Aug 29 2014 12:56:32 asdm-66114.bin
151 135168 Jan 01 1980 00:00:00 FSCK0000.REC
152 12998641 Oct 16 2012 13:16:00 csd_3.5.2008-k9.pkg
153 4096 Aug 29 2014 13:29:32 sdesktop
165 2082 Aug 29 2014 13:29:30 sdesktop/data-bkp.xml
166 2009 Aug 29 2014 13:42:06 sdesktop/data.xml
154 6487517 Oct 16 2012 13:16:00 anyconnect-macosx-i386-2.5.2014-k9.pkg
155 6689498 Oct 16 2012 13:16:02 anyconnect-linux-2.5.2014-k9.pkg
156 4678691 Oct 16 2012 13:16:02 anyconnect-win-2.5.2014-k9.pkg
157 333 Aug 29 2014 13:28:04 Anyconnect_client_profile.xml
158 36993024 Sep 23 2014 16:38:16 asa903-smp-k8.bin
160 4096 Jan 01 1980 00:00:00 FSCK0001.REC
161 31522773 Sep 26 2013 12:44:30 anyconnect-win-3.1.03103-k9.pkg
4118732800 bytes total (3964596224 bytes free)
ASA1(config)# http server enable

ASA1(config)# http 0 0 inside
ASA1(config)# username shiva pass shiva pri 15
ASA1(config)# ! verification on client
Page 31 of 846
Note:-
if some wrong
please run these commands on asa
ASA1(config)# asdm image disk0:/asdm-66114.bin
initiate connection again.........................................
Page 32 of 846
Page 33 of 846
Page 34 of 846
Page 35 of 846
! ASA os Backup
ASA1(config)# sh fla
ASA1(config)# sh flash:
147 1422 Sep 23 2014 17:29:26 admin.cfg
149 35602388 Aug 29 2014 12:44:36 csd_3.6.6203-k9.pkg
11 4096 Aug 29 2014 12:48:00 log
150 17851400 Aug 29 2014 12:56:32 asdm-66114.bin
151 135168 Jan 01 1980 00:00:00 FSCK0000.REC
152 12998641 Oct 16 2012 13:16:00 csd_3.5.2008-k9.pkg
153 4096 Aug 29 2014 13:29:32 sdesktop
158 36993024 Sep 23 2014 16:38:16 asa903-smp-k8.bin
160 4096 Jan 01 1980 00:00:00 FSCK0001.REC

ASA1(config)# copy flash: tftp:
Source filename []? asa903-smp-k8.bin
Address or name of remote host []? 192.168.101.100
Destination filename [asa903-smp-k8.bin]?
Writing file tftp://192.168.101.100/asa903-smp-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
36993024 bytes copied in 130.870 secs (284561 bytes/sec)
Page 36 of 846
ASA1(config)# ! ASA os Upgrade

ASA1(config)# ! Latest os is no PC1 FTP
ASA1(config)# copy ftp://192.168.101.100/asa922-4-smp-k8.bin flash:

Address or name of remote host [192.168.101.100]? enter
Source filename [asa922-4-smp-k8.bin]? enter
Destination filename [asa922-4-smp-k8.bin]? enter
Accessing ftp://192.168.101.100/asa922-4-smp-
k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asa922-4-smp-k8.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
52457472 bytes copied in 63.150 secs (832658 bytes/sec)
ASA1(config)# sh flash:
147 1422 Sep 23 2014 17:29:26 admin.cfg
149 35602388 Aug 29 2014 12:44:36 csd_3.6.6203-k9.pkg
Page 37 of 846
11 4096 Aug 29 2014 12:48:00 log

150 17851400 Aug 29 2014 12:56:32 asdm-66114.bin
151 135168 Jan 01 1980 00:00:00 FSCK0000.REC
152 12998641 Oct 16 2012 13:16:00 csd_3.5.2008-k9.pkg
153 4096 Aug 29 2014 13:29:32 sdesktop
158 36993024 Sep 23 2014 16:38:16 asa903-smp-k8.bin
168 52457472 Sep 28 2014 13:23:59 asa922-4-smp-k8.bin
160 4096 Jan 01 1980 00:00:00 FSCK0001.REC

! boot to latest os
ASA1(config)# boot system disk0:/asa922-4-smp-k8.bin
ASA1(config)# write
Building configuration...
Cryptochecksum: 23dfb1bc 85a02476 e2a94e9f 9626e623
2852 bytes copied in 0.750 secs
[OK]
ASA1(config)# sh running-config boot
boot system disk0:/asa922-4-smp-k8.bin
ASA1(config)# reload
Proceed with reload? [confirm]
ASA1(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
***
*** --- SHUTDOWN NOW ---
Booting from ROMMON
Cisco Systems ROMMON Version (2.1(9)8) #1: Wed Oct 26 17:14:40 PDT 2011
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa922-4-smp-k8.bin...
ASA1# sh version
Cisco Adaptive Security Appliance Software Version 9.2(2)4
Device Manager Version 6.6(1)
Compiled on Tue 29-Jul-14 23:41 PDT by builders
System image file is "disk0:/asa922-4-smp-k8.bin"
Config file at boot was "startup-config"
ASA1 up 40 secs
Page 38 of 846
! password recovery
ASA1(config)# enable password asdasdwwqek89geuqbdqweqw
ASA1(config)# wr
ASA1(config)# write
ASA1# ex
Logoff

ASA1> reset manually...the appliance......
At the time of boot....................

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 9 seconds.
Press (Use BREAK or ESC to interrupt boot) on key borad.........
Use ? for help.
rommon #0> confreg 0x41
Update Config Register (0x41) in NVRAM...
rommon #1> reset

ciscoasa> en
ciscoasa> enable
Password:
ciscoasa# conf t
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,

which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve

the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)#
ciscoasa(config)# copy startup-config running-config
Destination filename [running-config]?
.
Cryptochecksum (unchanged): 3968c06d 20751a6b 73f37918 d875d53d

ASA1(config)#
ASA1(config)# enable password enter
ASA1(config)# config-register 0x01
ASA1(config)# reload
System config has been modified. Save? [Y]es/[N]o: y
Page 39 of 846
Cryptochecksum: 3f5ee47a 0fe39be7 24974ec3 28f97b3b

Proceed with reload? [confirm] enter
ASA1(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
ASA1> en
ASA1> enable
Password: (now no password)
ASA1#
ASA1(config)# ping 192.168.101.100
!!!!!
ASA1(config)# pin
ASA1(config)# ping 192.168.102.100
!!!!!
Page 40 of 846

ASA Management

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

ASA Management

Enviado por

Direitos autorais:

Formatos disponíveis

Secure Your Network With Cisco ASA Second Generation's OS 9.

Cisco asa Modes

ASA Basic LAB

How To set Enable Password

How to Check Configuration

How to Check Interface Status

How to assign IP address & security-level to interface

Sending 5, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:

How to enable telnet

! default telnet pass is cisco till os 8.6

ASA1(config)# ! you have to set

Cisco Adaptive Security Appliance Software Version 9.0(3)

!How to enable SSH on Cisco ASA

! How to enable http server

4118732800 bytes total (3964596224 bytes free)

ASA1(config)# http server enable

4118732800 bytes total (3964596224 bytes free)

ASA1(config)# ! ASA os Upgrade

ASA1(config)# copy ftp://192.168.101.100/asa922-4-smp-k8.bin flash:

11 4096 Aug 29 2014 12:48:00 log

4118732800 bytes total (3912138752 bytes free)

Type help or '?' for a list of available commands.

At the time of boot....................

Update Config Register (0x41) in NVRAM...

rommon #1> reset

***************************** NOTICE *****************************

Help to improve the ASA platform by enabling anonymous reporting,

Would you like to enable anonymous error reporting to help improve

Destination filename [running-config]?

2941 bytes copied in 0.370 secs

Cryptochecksum: 3f5ee47a 0fe39be7 24974ec3 28f97b3b

3403 bytes copied in 0.710 secs

Você também pode gostar

* NOTICE *