ASA 5510 - Basic Config

[strai81]

Hello all,

Does anyone here have a basic config for as ASA 5510, ver 7.0(8), before any VPN has been configured. All of my experience has been with the PIX, ver 6.3.5, and I am a bit lost with the ASA. Contacted Cisco and didn't get the brightest guy.

This one is straight out of the box. I have configured both interfaces, default route, and NAT, and I know there is more. Any help would be appreciated. A link to Cisco would be great. I have searched theire site and found many things to do with it, but not the initial setup to reach out to the internet.

Thanks

 

[unclerico]

Post what you've got so far

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[strai81]

ASA Version 7.0(8)
!
hostname EtexCellFW
domain-name etex.net
enable password JXbhNJ.UGPsshuTS encrypted
passwd JXbhNJ.UGPsshuTS encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 74.221.155.1 255.255.255.252
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 10.1.5.2 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description Managment IP
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns name-server 10.1.1.4
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu backup 1500
mtu inside 1500
mtu management 1500
ip audit info action
no failover
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 74.221.x.x
route inside 10.1.0.0 255.255.0.0 10.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password cSovJAkuN0tcieAU encrypted privilege 15
http server enable
http 10.1.0.0 255.255.0.0 inside
http 192.168.100.0 255.255.255.0 inside
http 10.1.0.0 255.255.0.0 management
http 192.168.100.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.1.1.0 255.255.255.0 inside
telnet 10.1.1.0 255.255.255.0 management
telnet timeout 10
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:245e806ce26d2d9de0aee7db10064ae0
EtexCellFW#

 

[unclerico]

So with your current config, you're not able to get to the internet?? The config looks fine to me.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[strai81]

You are correct. Initially I didn't even try to open a web browser and look at a web site because I was trying to tracert to one. However, I tried and there it was. I set up my outbound acl and now tracert and ping work.

You ever have one of those days???

 

[strai81]

One other question. Are there any major differences between versions 7 and 8?

 

[Staticfactory]

http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/arn804n.html

Check out the "New Features" and open/resolved caveats section.