| The Cisco ASA 5505 Firewall is the smallest model in | | | | ASA5505(config-if)# security-level 100 |
| the new 5500 Cisco series of hardware appliances. | | | | ASA5505(config-if)# ip address 192.168.1.1 |
| Although this model is suitable for small businesses, | | | | 255.255.255.0 |
| branch offices or even home use, its firewall security | | | | ASA5505(config-if)# no shut |
| capabilities are the same as the biggest models (5510, | | | | Step 2: Configure the external interface vlan |
| 5520, 5540 etc). The Adaptive Security technology of | | | | (connected to Internet) |
| the ASA firewalls offers solid and reliable firewall | | | | ASA5505(config)# interface Vlan 2 |
| protection, advanced application aware security, denial | | | | ASA5505(config-if)# nameif outside |
| of service attack protection and much more. | | | | ASA5505(config-if)# security-level 0 |
| Moreover, the performance of the ASA 5505 | | | | ASA5505(config-if)# ip address 200.200.200.1 |
| appliance supports 150Mbps firewall throughput and | | | | 255.255.255.0 |
| 4000 firewall connections per second, which is more | | | | ASA5505(config-if)# no shut |
| than enough for small networks. | | | | Step 3: Assign Ethernet 0/0 to Vlan 2 |
| In this article I will explain the basic configuration steps | | | | ASA5505(config)# interface Ethernet0/0 |
| needed to setup a Cisco 5505 ASA firewall for | | | | ASA5505(config-if)# switchport access vlan 2 |
| connecting a small network to the Internet. We | | | | ASA5505(config-if)# no shut |
| assume that our ISP has assigned us a static public IP | | | | Step 4: Enable the rest interfaces with no shut |
| address (e.g 200.200.200.1 as an example) and that | | | | ASA5505(config)# interface Ethernet0/1 |
| our internal network range is 192.168.1.0/24. We will use | | | | ASA5505(config-if)# no shut |
| Port Address Translation (PAT) to translate our | | | | Do the same for Ethernet0/1 to 0/7. |
| internal IP addresses to the public address of the | | | | Step 5: Configure PAT on the outside interface |
| outside interface. The difference of the 5505 model | | | | ASA5505(config)# global (outside) 1 interface |
| from the bigger ASA models is that it has an 8-port 10 | | | | ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0 |
| 100 switch which acts as Layer 2 only. That is, you | | | | Step 6: Configure default route towards the ISP |
| can not configure the physical ports as Layer 3 ports, | | | | (assume default gateway is 200.200.200.2) |
| rather you have to create interface Vlans and assign | | | | ASA5505(config)# route outside 0.0.0.0 0.0.0.0 |
| the Layer 2 interfaces in each VLAN. By default, | | | | 200.200.200.2 1 |
| interface Ethernet0/0 is assigned to VLAN 2 and it's | | | | The above steps are the absolutely necessary steps |
| the outside interface (the one which connects to the | | | | you need to configure for making the appliance |
| Internet), and the other 7 interfaces (Ethernet0/1 to 0/7) | | | | operational. Of course there are much more |
| are assigned by default to VLAN 1 and are used for | | | | configuration details that you need to implement in |
| connecting to the internal network. Let's see the basic | | | | order to enhance the security and functionality of your |
| configuration setup of the most important steps that | | | | appliance, such as Access Control Lists, Static NAT, |
| you need to configure. | | | | DHCP, DMZ zones, authentication etc. |
| Step1: Configure the internal interface vlan | | | | Download the best configuration tutorial for any Cisco |
| ASA5505(config)# interface Vlan 1 | | | | ASA 5500 Firewall model Here. |
| ASA5505(config-if)# nameif inside | | | | |