Solved: Getting started with ASA 5515-X

Justin Decker · ‎12-02-2015

I've been working with Cisco technologies for a while now, but thus far only with route and switch equipment. I currently hold a CCNA and am over halfway done with my CCNP. I took CCNA Security long ago and still remember most of the concepts, but have no knowledge of ASA firewall configuration.

I was just handed an ASA 5515-X and was asked to configure it for deployment for a VPN in a small network, and later to eventually use it to replace an existing (aging) Linux server that is being used asa gateway. I'm going to need to learn to enable features like failover (we have two of them) perhaps even implementing i.e. HSRP (or some other first hop redundancy protocol.) I've been given a lot of time to work on this (basically whenever I feel like it,) so there's no rush to complete.

That said, are there any good training resources that can help me use my existing knowledge to do this? Perhaps something quick like a CLI cheat sheet that shows how to do CCNP level stuff on an ASA firewall? Ideally these would be free resources, but I can do paid within limits.

Thanks!

johnlloyd_13 · ‎12-02-2015

hi,

what kind of VPN are you trying to do?

i suggest taking some training to help you configure the ASA.

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/senss/exam-topics

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/simos/exam-topics

you could also check out my blog wherein i've put some few VPN stuff over there.

http://ccnpsecuritywannabe.blogspot.com

View solution in original post

johnlloyd_13 · ‎12-02-2015

hi,

what kind of VPN are you trying to do?

i suggest taking some training to help you configure the ASA.

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/senss/exam-topics

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity/simos/exam-topics

you could also check out my blog wherein i've put some few VPN stuff over there.

http://ccnpsecuritywannabe.blogspot.com

Justin Decker · ‎12-02-2015

I think we've settled on IKEv2 for a good balance of compatibility and reduced overhead. We originally wanted clientless VPN, but I don't believe we'll be able to obtain the licensing required.

So I'm guessing this is all CCNP Security topic then? Also, can the ASA firewall do inter-VLAN routing and FHRP? In 'show version' the license says we are allowed up to 100 vlans...

johnlloyd_13 · ‎12-02-2015

hi,

yes, VPNs are a bit advanced stuff if you're new to it. it'll be nice to get some training or if you can setup an ASA lab that would also help you a lot.

ASA can do inter-VLAN routing and there's an ASA 'redundant' interface config/setup that can act as failover mechanism. but IMHO i'd do FHRP on a router instead.

Justin Decker · ‎12-02-2015

For now the ASA I'm using is entirely mine, i.e. it's not connected to the real network. That won't happen until I'm sure I know what to do with it.

Also I'm not entirely new to VPN as I configured it on cisco routers when I did CCNA Security (and I do recall it being quite convoluted; though at the time we used SDM, which I hated because...java..., and from what I understand it's been replaced.)

johnlloyd_13 · ‎12-02-2015

hi,

well at least you've already got your feet wet on VPNs during your CCNA security.

but mind you ASA CLI syntax and GUI via ASDM is sligthly different compared to IOS routers.