Cisco ASA 5510 config 1

[CorbinMyMan]

I've been tasked to replace our old sonicwall tz170 firewall with an ASA 5510 and configure it (which I've never done, only routers and switches) and I have a few questions. I'm inside the ASDM and I'm trying to setup my outside interface... The 5510 came with an SSM card, and I assumed this would be my outside interface, but I'm guessing I'm wrong since it isn't an option when running through the wizard. I know what the SSM card is for, I just don't understand why it isn't an outside interface. Where does this connect (just to my LAN??)?

Currently I set up the management interface to our ip and subnet and am connected through that. I see the management interface and eth0 - eth 3.

This is as simple as it can get, I just need the outside interface to be our public ip, setup the access rules to match my sonicwall.

Thanks!

 

[CorbinMyMan]

Ok I've been working with this and so far I figured out my eth0 will need to be my outside interface and my eth1 will be inside. My question is what security level do I set these at?

 

[Viconsul]

Usually outside interface is set to security level 0 and inside level 100.

 

[CorbinMyMan]

Thank you! I already set that and it seems to work. I have a question about security though. I'm using management port for out of band service (different ip and subnet) just in case and I've allowed telnet on my eth1 which is also my inside interface. However when I try to telnet in on eth1 it asks for a password, but what I try doesn't work.

now when I go in on my serial port, it doesn't ask for a password until I enable, then it asks for my password which I set and it works. Why isn't this password working on the eth1 when I telnet in? Here's some config:

ASA Version 8.2(1)
!
hostname ciscoasa
enable password ************* encrypted
passwd ********************** encrypted
names
!

interface Ethernet0/1
description Inside LAN interface
nameif inside
security-level 100
ip address 192.168.200.2 255.255.255.0
!
http server enable
http 192.168.200.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 management
telnet 192.168.2.0 255.255.255.0 management
telnet 192.168.200.0 255.255.255.0 inside
!

I can get in on the inside interface via http but not telnet, when i try telnet i can't figure out the password. I've tried to leave it blank, and tried the same as my serial passowrd but it doesn't work. When I http in I leave the password blank and it lets me in.
I would like the password to all be the same for telnet, http, and serial.

 

[ISPKing]

get rid of the password command and type
username (name) password priv level 15

And as for the ssm Is it the AIP or CSC? That port is only for mgmt When that module is installed you must set up a service policy to explicitly use the ssm. The way it works is that it sits on the back plane of the asa and all traffic is routed through the card, which in itself is a separate "appliance" a p4 2.0ghz 1 gb ram. Anyway this ebook

http://www.networkstraining.com/ciscoasaebook.php

is a really decent guide. It includes setting up each type of ssm. And basically anything else you need.

CCNP

 

[CorbinMyMan]

Got it! Thanks! It is a CSC card.

 

[ISPKing]

Np.

CCNP