Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1503
Views
0
Helpful
4
Replies

Setting up new ASA 5505 into existing network

kb2341971
Level 1
Level 1

‎03-22-2013 03:19 PM - edited ‎03-11-2019 06:18 PM

Hello all,

I am having a problem trying to figure out how to add a new ASA 5505 to an existing network.  My current network is:

Cable Modem  >  Linksys  >  48 port switch

With multiple hosts residing on the 192.168.0.x network.

Now i know that the ASA comes default with 192.168.1.1 on the inside interface and i want to change that to 192.168.0.1.  I have tried to do this thru ASDM using the wizard and manually.  Once i hit ok for it to write the config, it gives me an error that it didnt take.  I then lose connection to the ASA and have to hard boot it to get it back.

I am trying to do this without my external connection connected and i have a laptop connected to the ASA on port 0/2 with an IP address of 192.168.1.75.

Do i need to connect my internet connection to it first and then run the wizard?  I was hoping to get it configured for my existing network before i plugged in the internet connection to limit my downtime.

This ASA came with 6.4.1 ASDM and 8.2 OS installed.  i was able to upgrade the ASDM to 7.X but when i go to update the OS to 9.1, i get an error that i am not registered to use cryptographic software.   Dont know where i need to register to get it??

This is my first cisco device ever:)

Any help would be great.

Labels:
0 Helpful
4 Replies 4

jocamare
Level 4
Level 4

‎03-22-2013 03:28 PM

Can you describe/share the error that you get?

I would use the console cable that comes with the unit and configure it that way, this will allow me to always stay connected and freely apply changes to the interface configuration.

Now, about the "not registered to use cryptographic software.". That can be solved by getting one of the free licenses Cisco has for these devices, available here:

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

0 Helpful

kb2341971
Level 1
Level 1
In response to jocamare

‎03-22-2013 03:58 PM

So here is the output from the screen before i hit finish to apply the configuration using the setup wizard:

Host Name: ASA5505

Domain Name:

Switch Port Allocation:

    Outside Interface (vlan2): Switch Ports - Ethernet0/0,

    Inside Interface (vlan1): Switch Ports - Ethernet0/1,Ethernet0/2,Ethernet0/3,Ethernet0/4,Ethernet0/5,Ethernet0/6,Ethernet0/7,

Outside Interface(vlan2):

    outside, Configured as DHCP Client

Inside Interface(vlan1):

    inside, 192.168.0.1

PAT is configured on inside interface.

Administrative access to the device:

    HTTPS/ASDM access for 192.168.0.0 through inside

And this is what i get after it sits there for a while.  Not only that, i can no longer ping the ASA on 192.168.1.1 which i used to login with ASDM.

0 Helpful

kb2341971
Level 1
Level 1
In response to kb2341971

‎03-27-2013 08:42 AM

I am still having issues getting this to work.

I followed the steps in this linnk

http://www.firewall.cx/forum/10-firewall-filtering-idsips-a-security/32041-howto-basic-asa-5505-configuration.html

Here is my config:

ASA5505(config)# show running-config

: Saved

:

ASA Version 8.2(5)

!

hostname ASA5505

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

shutdown

!

interface Ethernet0/4

shutdown

!

interface Ethernet0/5

shutdown

!

interface Ethernet0/6

shutdown

!

interface Ethernet0/7

shutdown

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.0.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

ftp mode passive

pager lines 24

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 10 192.168.0.0 255.255.255.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

http server enable

http 192.168.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 192.168.0.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username admin password XXXXXXXXXXXXX encrypted privilege 15

!

!

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:98a2794157960c174041070c8a37a462

: end

ASA5505(config)# show nameif

Interface                Name                     Security

Vlan1                    inside                   100

Vlan2                    outside                    0

ASA5505(config)# show ip

System IP Addresses:

Interface                Name                   IP address      Subnet mask           Method

Vlan1                    inside                 192.168.0.1     255.255.255.0         manual

Vlan2                    outside                unassigned      unassigned            DHCP

Current IP Addresses:

Interface                Name                   IP address      Subnet mask           Method

Vlan1                    inside                 192.168.0.1     255.255.255.0         manual

Vlan2                    outside                unassigned      unassigned            DHCP

What i dont understand is i have my laptop configured with a 192.168.0.75 address and is plugged into 0/1, why i cant ping 192.168.0.1 and open ASDM?

Do i need to set an ip address for that specific interface?

Will the ASA become my default gateway also?  currently using a linksys @ 192.168.0.2 as the gateway and will need to keep that ip address on that device to use it as a wireless AP.

Any help would be great.  really need to get this up and running.

0 Helpful

jocamare
Level 4
Level 4
In response to kb2341971

‎03-27-2013 01:04 PM

Can you ping from the ASA to your laptop?

Also, enable the ICMP inspection, "fixup protocol icmp" command for that.

There is no ASDM image defined, try this:

show flash | i .bin   <--Will show you the files with the ".bin" extension, one of them should have the "asdm" word in its name.

"show flash" also works

ASDM image flash:/

Also, paste the output of the "show run all | i ssl_encryption"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card