Solved: Re: How do I perform a basic setup of Cisco ASA 5516-X firewall?

teo.en.ming · ‎03-17-2024

Subject: How do I perform a basic setup of Cisco ASA 5516-X firewall?

Good day from Singapore,

I have just bought a refurbished Cisco ASA 5516-X firewall on 17 March 2024 Sunday.

How do I perform a basic configuration of this firewall?

Any good guides to recommend? Configuration using web interface is preferred.

I also need guides on upgrading the firewall firmware and where to download it.

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

Sheraz.Salim · ‎03-17-2024

All Cisco ASA series models configurations are same. Cisco ASA devices allow for configuration to be made via a Java application. In order to set the ASA up to use the Java application, you will need to complete some basic configuration from the CLI of the ASA. Please make sure that Java is installed on your laptop prior to completing the below.

This is written under the assumption that the ASA has been factory reset.

Connect your console cable to the ASA and connect to it via Putty. Once the ASA has finished loading, go into enable mode. The default password is cisco with no username.

We will set up the management interface for connecting our laptop to ASDM.

Ciscoasa# conf t

Ciscoasa#(config) int management0/0

Ciscoasa#(config-if)ip address 192.168.1.1 255.255.255.0

Ciscoasa#(config-if) nameifManageASDM

Ciscoasa#(config-if)no shut

Ciscoasa#(config-if) Security-level 100

This sets the management interface IP address and names it for later use. Now we can set up the web server that we will connect to.

Ciscoasa#(config) http server enable

Ciscoasa#(config) http 192.168.1.0 255.255.255.0 ManageASDM(matches management int name)

Now we need to set an “enable username” for connecting to the ASDM interface.

Ciscoasa#(config)enable password firewall level 15

Next, connect the Ethernet port of your laptop to the management port of the ASA and set a static IP on the laptop, in the 192.168.1.0/24 range (but not 192.168.1.1).

On your laptop, open a browser and go to https://192.168.1.1/admin to get to the Cisco ASDM page. Accept the certificate error and continue to the webpage.

The last step is to click Install ASDM Launcher and Run ASDM from the webpage. The installer will then run through the process of installing. You’ll then need to go to the install location and create a shortcut to your desktop.

Open the shortcut and fill in the IP address (192.168.1.1), leave the username blank and put in the password firewall. The ASDM will then connect to the ASA and load the java interface.

You can now configure the ASA as per your requirements.

Here and another Here

In order to download the version of cisco asa software you need a cisco support contract in place.

please do not forget to rate.

View solution in original post

Sheraz.Salim · ‎03-17-2024

All Cisco ASA series models configurations are same. Cisco ASA devices allow for configuration to be made via a Java application. In order to set the ASA up to use the Java application, you will need to complete some basic configuration from the CLI of the ASA. Please make sure that Java is installed on your laptop prior to completing the below.

This is written under the assumption that the ASA has been factory reset.

Connect your console cable to the ASA and connect to it via Putty. Once the ASA has finished loading, go into enable mode. The default password is cisco with no username.

We will set up the management interface for connecting our laptop to ASDM.

Ciscoasa# conf t

Ciscoasa#(config) int management0/0

Ciscoasa#(config-if)ip address 192.168.1.1 255.255.255.0

Ciscoasa#(config-if) nameifManageASDM

Ciscoasa#(config-if)no shut

Ciscoasa#(config-if) Security-level 100

This sets the management interface IP address and names it for later use. Now we can set up the web server that we will connect to.

Ciscoasa#(config) http server enable

Ciscoasa#(config) http 192.168.1.0 255.255.255.0 ManageASDM(matches management int name)

Now we need to set an “enable username” for connecting to the ASDM interface.

Ciscoasa#(config)enable password firewall level 15

Next, connect the Ethernet port of your laptop to the management port of the ASA and set a static IP on the laptop, in the 192.168.1.0/24 range (but not 192.168.1.1).

On your laptop, open a browser and go to https://192.168.1.1/admin to get to the Cisco ASDM page. Accept the certificate error and continue to the webpage.

The last step is to click Install ASDM Launcher and Run ASDM from the webpage. The installer will then run through the process of installing. You’ll then need to go to the install location and create a shortcut to your desktop.

Open the shortcut and fill in the IP address (192.168.1.1), leave the username blank and put in the password firewall. The ASDM will then connect to the ASA and load the java interface.

You can now configure the ASA as per your requirements.

Here and another Here

In order to download the version of cisco asa software you need a cisco support contract in place.

please do not forget to rate.

teo.en.ming · ‎03-21-2024

Dear Sheraz.Salim,

Thank you so much for your suggested configuration guides. They are good.

I have followed the suggested configuration guides and the information in this thread and successfully configured my Cisco ASA 5516-X firewall.

Please refer to my notes on configuring Cisco ASA 5516-X firewall below.

Post: Teo En Ming's Notes on Basic Configuration of Cisco ASA 5516-X Firewall - Version 1
Link: https://www.mail-archive.com/cisco-nsp@puck.nether.net/msg69338.html

But I couldn't set the time or time zone on my Cisco ASA 5516-X firewall correctly. The set time is incorrect.
Could you advise?

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Republic of Singapore

Sheraz.Salim · ‎03-22-2024

Hi. To configure the time or time zone on ASA firewall please follow these configurations.

enable
configure terminal
#Replace "EST" with your appropriate time zone abbreviation, and "-5" with the appropriate offset from UTC.#
clock timezone EST -5
#Set Current Time: Set the current time on the firewall. For example:#
clock set 14:30:00 March 22 2024
ntp server <NTP_Server_IP_Address>
show clock
write mem/copy run start

please do not forget to rate.

teo.en.ming · ‎03-23-2024

Dear Sheraz.Salim,

I have fixed the time on my Cisco ASA 5516-X firewall.

ASA5516X(config)# clock timezone GMT 8
ASA5516X(config)# clock set 11:14:00 March 24 2024
ASA5516X(config)# ntp server 23.106.249.200
ASA5516X(config)# show clock
11:19:13.351 GMT Sun Mar 24 2024
ASA5516X(config)# write mem

Thank you for your guidance. The time on my firewall is now correct.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Republic of Singapore