Cisco ASA-5505

 

 


Reset it

 

run:

hostname(config)# configure factory-default [ip_address [mask]]

hostname(config)# write memory

P.S.

default IP: 192.168.1.1/24

 


Vlan

 

 * 在 asa 上只有 vlan 才可以設定 IP

interface name

FW1(config-if)# nameif admin

INFO: Security level for "admin" set to 0 by default.

 


啟用 SSH

  1. ssh xxx.xxx.xxx.xxx [inside/outside]
  2. ssl encryption des-sha1 null-sha1
  3. ssh time-out 30                                  <-- 30 min
  4. ssh version 2                                      <-- 耍有 VPN-3DES-AES license 才用到 ssh2

 

設定 SSH authentication

aaa authentication ssh console LOCAL
username xxxx password xxxx

建立 ssh 的 crypto

 

查看:

show crypto key mypubkey rsa

建立:

crypto key generate rsa modulus 2048

  • generate  Generate new keys
  •  zeroize   Remove keys

保存設定:

write memory

Checking

show ssh

 


Adaptive Security Device Manager (ASDM)

 

ASA 5505 side:

FW1(config)# show running http

http server enable [port]
http 0.0.0.0 0.0.0.0 admin
http 192.168.88.0 255.255.255.0 admin

查看有什麼版本的 asa 及 asdm

FW1(config)# dir

Directory of disk0:/

94     -rwx  15390720    05:34:32 Dec 17 2012  asa825-k8.bin
13     drwx  2048        05:34:42 Dec 17 2012  coredumpinfo
95     -rwx  16280544    05:35:28 Dec 17 2012  asdm-645.bin
3      drwx  2048        05:40:44 Dec 17 2012  log
12     drwx  2048        05:41:12 Dec 17 2012  crypto_archive
97     -rwx  26624       00:00:00 Jan 01 1980  FSCK0000.REC
98     -rwx  2048        00:00:00 Jan 01 1980  FSCK0001.REC
99     -rwx  26624       00:00:00 Jan 01 1980  FSCK0002.REC
100    -rwx  2048        00:00:00 Jan 01 1980  FSCK0003.REC
101    -rwx  26624       00:00:00 Jan 01 1980  FSCK0004.REC
102    -rwx  2048        00:00:00 Jan 01 1980  FSCK0005.REC

127004672 bytes total (94961664 bytes free)

設定用那 ASDM

(config)# asdm image disk0:/asdm-645.bin

 

Client side

ASA Version: 8.2

必須是

  • IE6, IE7, IE8
  • Java6

Firefox 21 出 Error

Error code: ssl_error_no_cypher_overlap

security.ssl3.rsa_des_sha  <-- true
security.ssl3.rsa_null_sha <-- true

使用:

Link

https://IP:port

Default Login:

username: blank

password: <router enable password>

 


failover

 

show failover

Failover On
Failover unit Primary
Failover LAN Interface: Failover Vlan4 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 23 maximum
Version: Ours 8.2(5), Mate 8.2(5)
Last Failover at: 18:10:35 HKST Jun 24 2017
        This host: Primary - Active
                Active time: 37319490 (sec)
                slot 0: ASA5505 hw/sw rev (0.1/8.2(5)) status (Up Sys)
                  Interface outside (203.131.234.109): Normal
                  Interface inside (192.168.3.252): Normal
                  Interface admin (192.168.8.11): Normal
                slot 1: empty
        Other host: Secondary - Standby Ready
                Active time: 14084 (sec)
                slot 0: ASA5505 hw/sw rev (0.1/8.2(5)) status (Up Sys)
                  Interface outside (203.131.234.111): Normal
                  Interface inside (192.168.3.251): Normal
                  Interface admin (192.168.8.12): Normal
                slot 1: empty

 


Show hidden password (******)

 

more system://running-config