Learn How To Configure The Cisco Asa 5510 Firewall

Following our series of articles on the firewall Cisco ASA 5500, I propose here a tutorial of basic configuration of Cisco ASA 5510 Appliance. This device is the second model in the series ASA (ASA 5505, 5510, 5520, etc.) and is quite popular because it for small and medium enterprises. As the smallest model ASA 5505, the 5510 comes with two licenses: the license and Security Plus license. The second (safety) provides performance improvements and equipment, on the basis of licenses, such as firewalls up to 130,000 connections (instead of 50,000), 100 VLANs (instead of 50) , failover redundancy, etc. Similarly, security and issuing licenses to two of the five ports firewall network 10/100/1000 work instead of 10/100.

Then we will see a simple scenario, which helps us, the basic steps necessary for an SAA 5510th For example, in a static public IP address 100.100.100.1 of our ISPs. In addition, the internal network is located in the subnet 192.168.10.0/24. Interface Ethernet0 / 0 is outside (the ISP) and Ethernet0 / 1, with the internal LAN.

The firewall is to provide the dynamic IP address (DHCP) to the internal host. All outgoing communication (from inside to outside) is not with the Port Address Translation (PAT) outside public interface. See an excerpt of the configuration steps required for this baseline scenario:

Step 1: Create a password favorites (activation password)

By default, there is no password to access the ASA firewall, so the first step before doing anything else is to put a privileged password are necessary to ensure that ‘ access to the device. Setting this configuration mode:

ASA5510 (config) # password for mysecretpassword

Step 2: Setting of public opinion outside the

ASA5510 (config) # interface Ethernet0 / 0
ASA5510 (config-if) # nameif outside
ASA5510 (config-if) # security-level 0
ASA5510 (config-if) # ip address 100.100.100.1 255,255,255,252
ASA5510 (config-if) # no shut

Step 3: Configuring the internal interface of confidence

ASA5510 (config) # interface Ethernet0 / 1
ASA5510 (config-if) # nameif in
ASA5510 (config-if) # security-level 100
ASA5510 (config-if) # ip address 192.168.10.1 255.255.255.0
ASA5510 (config-if) # no shut

Step 4: Configuring PAT on the outside interface

ASA5510 (config) # global (outside) 1 interface
ASA5510 (config) # nat (inside) 1 0.0.0.0 0.0.0.0

Step 5: Configure the default route on the ISP (provided that the default gateway is 100.100.100.2)

ASA5510 (config) # route 0.0.0.0 0.0.0.0 100.100.100.2 1

Step 6: Configure the firewall to the internal IP address and DNS for clients with DHCP

ASA5510 (config) # dhcpd dns 200.200.200.10
ASA5510 (config) # dhcpd address in 192.168.10.10-192.168.10.200
ASA5510 (config) # dhcpd a period

Basic configuration is only the beginning, to turn the unit ready for operation. There are many more features than you need to ensure greater security of your network, for example, static and dynamic NAT, ACL to the fluidity of movement in the DMZ, IPSEC VPN, etc.