- To view the current configuration
Ciscoasa# show running-config
2. Show the configuration which is stored on the device. This is the one which will be loaded if you reboot the firewall.
Ciscoasa# show startup-config
3. Save the running configuration so it won’t be lost if you reboot.
ciscoasa# copy run start
or
ciscoasa# write memory
4. Copy image file from TFTP to Flash of ASA
ciscoasa# copy tftp flash
5. Boot the firewall with new image
ciscoasa(config)# boot system flash:/asa964-k8.bin
6. Create a local user account and assign privilege level 15 which means administrator access
ciscoasa(config)#username ciscoadmin password adminpassword privilege 15
7. To change device host name
ciscoasa(config)# hostname test123
test123(config)#
8. To configure Secure Management Access to the Firewall
ciscoasa(config)# crypto key generate rsa modulus 2048
9. Configure Interface Configuration and Security Levels.
ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# nameif DMZ
ciscoasa(config-if)# ip address 192.168.1.5 255.255.255.0
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# no shutdown
10. Allow SSH access only from host 172.10.1.10 from the “inside” interface
ciscoasa(config)#ssh 172.10.1.10 255.255.255.255 inside
11. Configure a default route via the “outside” interface with gateway IP of 20.1.1.1
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 20.1.1.1
12. Configure a static route via the “inside” interface. To reach network 192.168.5.0/24 go via gateway IP 192.168.5.10
ciscoasa(config)# route inside 192.168.5.0 255.255.255.0 192.168.5.10
13. Configure PAT for internal LAN (192.168.5.0/24) to access the Internet using the outside interface.
ciscoasa(config)# object network internal_lan
ciscoasa(config-network-object)# subnet 192.168.5.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
14. Configure PAT for all (“any”) networks to access the Internet using the outside interface
ciscoasa(config)# object network obj_any
ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
ciscoasa(config-network-object)# nat (any,outside) dynamic interface
15. Configure static NAT. The private IP 192.168.5.1 in DMZ will be mapped statically to public IP 20.1.1.1 in outside zone.
ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host 192.168.5.1
ciscoasa(config-network-object)# nat (DMZ , outside) static 20.1.1.1
16. Configure static Port NAT. The private IP 192.168.5.1 in DMZ will be mapped statically to public IP 20.1.1.1 in outside zone only for port 80.
Ciscoasa(config)# object network web_server_static
Ciscoasa(config-network-object)# host 192.168.5.1
Ciscoasa(config-network-object)# nat (DMZ , outside) static 20.1.1.1 service tcp 80 80
17. Apply the ACL above at the “outside” interface for traffic coming “in” the interface
Ciscoasa(config)# access-group OUTSIDE_IN in interface outside