Cisco ASA BASIC COMMANDS PART-2

1.  Display the number of active TCP and UDP connections, and provides information about connections of various type.

testasa# show conn

2. View all the connections through the appliance

testasa# show conn all

3. View overall connection counts

testasa# show conn count

4. View CPU Utilization

testasa# show cpu usage

5. View contents of the internal flash disk of the ASA

testasa# show disk

6. View operating information about hardware system components such as CPU, fans, power supply, temperature .

testasa# show environment

7. View information about Active/Standby failover status

testasa# show failover

8. View information about Interfaces, such as line status, packets received/sent, IP address

testasa# show interface

9. View maximum physical memory and current free memory

testasa# show memory

10. View software version, hardware configuration, license key, and related uptime data

testasa# show version

11. View NAT sessions

testasa# show xlate

CISCO ASA BASIC COMMANDS-PART-1

  1. To view the current configuration

              Ciscoasa# show running-config

2. Show the configuration which is stored on the device. This is the one which will be loaded if you reboot the firewall.

  Ciscoasa# show startup-config

3. Save the running configuration so it won’t be lost if you reboot.

ciscoasa# copy run start
or
ciscoasa# write memory

4.  Copy image file from TFTP to Flash of ASA

ciscoasa# copy tftp flash

5. Boot the firewall with new image

ciscoasa(config)# boot system flash:/asa964-k8.bin

6. Create a local user account and assign privilege level 15 which means administrator access

ciscoasa(config)#username ciscoadmin password adminpassword privilege 15

7. To change device host name

ciscoasa(config)# hostname test123
test123(config)#

8.  To configure Secure Management Access to the Firewall

ciscoasa(config)# crypto key generate rsa modulus 2048

9.  Configure Interface Configuration and Security Levels.

ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# nameif DMZ
ciscoasa(config-if)# ip address 192.168.1.5 255.255.255.0
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# no shutdown

10. Allow SSH access only from host 172.10.1.10 from the “inside” interface

ciscoasa(config)#ssh 172.10.1.10 255.255.255.255 inside

11. Configure a default route via the “outside” interface with gateway IP of 20.1.1.1

ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 20.1.1.1

12. Configure a static route via the “inside” interface. To reach network 192.168.5.0/24 go via gateway IP 192.168.5.10

ciscoasa(config)# route inside 192.168.5.0 255.255.255.0 192.168.5.10

13. Configure PAT for internal LAN (192.168.5.0/24) to access the Internet using the outside interface.

ciscoasa(config)# object network internal_lan
ciscoasa(config-network-object)# subnet 192.168.5.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic interface

14. Configure PAT for all (“any”) networks to access the Internet using the outside interface

ciscoasa(config)# object network obj_any
ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
ciscoasa(config-network-object)# nat (any,outside) dynamic interface

 

15. Configure static NAT. The private IP 192.168.5.1 in DMZ will be mapped statically to public IP 20.1.1.1 in outside zone.

ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host 192.168.5.1
ciscoasa(config-network-object)# nat (DMZ , outside) static 20.1.1.1

 

16. Configure static Port NAT. The private IP 192.168.5.1 in DMZ will be mapped statically to public IP 20.1.1.1 in outside zone only for port 80.

Ciscoasa(config)# object network web_server_static
Ciscoasa(config-network-object)# host 192.168.5.1
Ciscoasa(config-network-object)# nat (DMZ , outside) static 20.1.1.1 service tcp 80 80

17. Apply the ACL above at the “outside” interface for traffic coming “in” the interface

Ciscoasa(config)# access-group OUTSIDE_IN in interface outside