1.  Display the number of active TCP and UDP connections, and provides information about connections of various type.

testasa# show conn

2. View all the connections through the appliance

testasa# show conn all

3. View overall connection counts

testasa# show conn count

4. View CPU Utilization

testasa# show cpu usage

5. View contents of the internal flash disk of the ASA

testasa# show disk

6. View operating information about hardware system components such as CPU, fans, power supply, temperature .

testasa# show environment

7. View information about Active/Standby failover status

testasa# show failover

8. View information about Interfaces, such as line status, packets received/sent, IP address

testasa# show interface

9. View maximum physical memory and current free memory

testasa# show memory

10. View software version, hardware configuration, license key, and related uptime data

testasa# show version

11. View NAT sessions

testasa# show xlate


  1. To view the current configuration

              Ciscoasa# show running-config

2. Show the configuration which is stored on the device. This is the one which will be loaded if you reboot the firewall.

  Ciscoasa# show startup-config

3. Save the running configuration so it won’t be lost if you reboot.

ciscoasa# copy run start
ciscoasa# write memory

4.  Copy image file from TFTP to Flash of ASA

ciscoasa# copy tftp flash

5. Boot the firewall with new image

ciscoasa(config)# boot system flash:/asa964-k8.bin

6. Create a local user account and assign privilege level 15 which means administrator access

ciscoasa(config)#username ciscoadmin password adminpassword privilege 15

7. To change device host name

ciscoasa(config)# hostname test123

8.  To configure Secure Management Access to the Firewall

ciscoasa(config)# crypto key generate rsa modulus 2048

9.  Configure Interface Configuration and Security Levels.

ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# nameif DMZ
ciscoasa(config-if)# ip address
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# no shutdown

10. Allow SSH access only from host from the “inside” interface

ciscoasa(config)#ssh inside

11. Configure a default route via the “outside” interface with gateway IP of

ciscoasa(config)# route outside

12. Configure a static route via the “inside” interface. To reach network go via gateway IP

ciscoasa(config)# route inside

13. Configure PAT for internal LAN ( to access the Internet using the outside interface.

ciscoasa(config)# object network internal_lan
ciscoasa(config-network-object)# subnet
ciscoasa(config-network-object)# nat (inside,outside) dynamic interface

14. Configure PAT for all (“any”) networks to access the Internet using the outside interface

ciscoasa(config)# object network obj_any
ciscoasa(config-network-object)# subnet
ciscoasa(config-network-object)# nat (any,outside) dynamic interface


15. Configure static NAT. The private IP in DMZ will be mapped statically to public IP in outside zone.

ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host
ciscoasa(config-network-object)# nat (DMZ , outside) static


16. Configure static Port NAT. The private IP in DMZ will be mapped statically to public IP in outside zone only for port 80.

Ciscoasa(config)# object network web_server_static
Ciscoasa(config-network-object)# host
Ciscoasa(config-network-object)# nat (DMZ , outside) static service tcp 80 80

17. Apply the ACL above at the “outside” interface for traffic coming “in” the interface

Ciscoasa(config)# access-group OUTSIDE_IN in interface outside