Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
22202
Views
0
Helpful
19
Replies

ASA 5505

Go to solution
pastoralsolutions
Level 1
Level 1

‎01-06-2011 12:58 PM - edited ‎03-11-2019 12:31 PM

Hey Everybody,

My network runs through an ASA 5505.  I recently started as the sole administrator at a small business and believe it or not, the previous administrator had documented absolutely nothing.  Therefore I have no idea on how to access my device short of bringing it down and reconfiguring it.  This being said, I have a few questions that hopefully someone can answer.

1. How can I identify what IP address the ASA resides on?  Is it the same as my default gateway?  I've read that you can access it via a web shell if you browse to https://xxx.xxx.xxx.xxx/admin although this might only be the case after you have installed the ASDM software on the local machine.  I understand that the default is 192.168.1.1, but I'm sure this is not the case in my network because my wireless router uses that IP.

2. Is there a default username and password to use if I get to the administrator screen?  If I cannot find this, am I stuck having to reset the device or is there a way to reset it?

3. Can you access it through a domain attached computer or do I need to network to it directly through an ethernet cable?

Thanks for any help, and feel free to add anything that I might have not thought of and left out.

Anthony

1 person had this problem
Labels:
0 Helpful
19 Replies 19

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to pastoralsolutions

‎01-10-2011 10:16 AM

Hi,

That or forget me for the typo mistake, the statement is the following

ciscoasa(config)# http 0 0 inside

Cheers

Mike

Mike
0 Helpful

Go to solution
srkrehlik
Level 1
Level 1

‎01-10-2011 10:18 AM

Anthony,

start with some basics. From your telnet session run:

   ASA5505# show ip address    will show you the ip addresses on the firewall along with the interface names

once you know which IP's are on which interfaces you can start formulating a map of what's where, since it seems from your previous posts that there are multiple networks already configured.

   ASA5505# show run | incl 192.168.1   parses the show run result for any occurences of '192.168.1'

looking through the results you should see a line that references an interface similar to ' ip address inside 192.168.1.253 255.255.255.0 ....' ASDM (http) are enabled only on the  192.168.1.0 network if I read through the previous posts correctly. If you don't see any interfaces with an IP in this range you won't be able to access ASDM until you've allowed it. If this doesn't make  sense let us know and well help some more.

From your posts it's pretty clear that you have a login for telent. You'll also need to have an enable login before you can make changes. If you don't have that you'll need to reset enable before you can make configuration changes.

I'm sorry your previous admin didn't leave notes - been in that situation a couple times now myself and it's never fun.

0 Helpful

Go to solution
pastoralsolutions
Level 1
Level 1
In response to srkrehlik

‎01-10-2011 10:49 AM

ciscoasa(config)# show running-config | incl 192.168.1
http 192.168.1.0 255.255.255.0 inside

ciscoasa(config)# show running-config | incl 10.40.23
ip address 10.40.234.1 255.255.255.0
access-list test_splitTunnelAcl standard permit 10.40.234.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.40.234.0 255.255.255.0 10
.40.234.240 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.40.234.240 255.255.25
5.240
ip local pool vpnippool 10.40.234.240-10.40.234.254 mask 255.255.255.0
static (inside,outside) 65.23.24.18 10.40.234.12 netmask 255.255.255.255 dns
aaa-server vpnauth (inside) host 10.40.234.22
aaa-server vpnauth (inside) host 10.40.234.23
dns-server value 10.40.234.22
dns-server value 10.40.234.22

I am still not sure how to tell if my ASDM is enabled or which IP address to use to get to it if I am on an inside machine, on the 10.40.234.xxx network.

I have also recently installed a new DNS server at 10.40.234.23 and want to get rid of the 10.40.234.22.  You can see I added it as the aaa-server.  The problem is that my VPN users automatically bind to 10.40.234.22 when they connect, but I want to take that server offline.  Is there an easy set of commands to swap the IPs out?

You guys are lifesavers!

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to pastoralsolutions

‎01-10-2011 11:59 AM

Anthony,

We just resolved a similar issue read here: https://supportforums.cisco.com/message/3266002#3266002

We followed the document that I had written which you can see here: https://cisco-support.hosted.jivesoftware.com/docs/DOC-13012

Let us go through the checklist and see if we can solve your problem as well.

-KS

0 Helpful

Go to solution
srkrehlik
Level 1
Level 1
In response to pastoralsolutions

‎01-10-2011 12:02 PM

Hi again Anthony,

it looks like the 'show run...' gave you some good detail. As you can see the only thing that's using the 192.168.1.0 network is the http server.

There is a post a bit higher up about adding an http command to the ASA.

   ciscoasa# conf t

   ciscoasa(config)# http 10.40.234.0 255.255.255.0 inside


and since we're in config already try...

   ciscoasa(config)# dns-server value 10.40.234.23

that should allow you to connect to the ASA and start getting ASDM set up using http://10.40.234.1/ from a PC on the 10.40.234.0 network. It will also add the 10.4.234.23 as a dns-server value.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card