Cisco ASA 5505

manamsamuel · ‎10-28-2008

I just received a cisco ASA 5505 from cisco yesterday for my site to site VPN connection. I connected my yellow straight through cable to the e0/1 port as directed by the install manual and set my Pc to DHCP but the ASA 5505 is not giving out IP to my PC. I also tried a static IP of 192.168.1.2 on the same subnet with the management IP on the box but no joy..I really need help as my remote site is down. Please let me know if there is any config i need to put on the ASA box before i can run the ASDM manager.

Thanks.

j.bourque · ‎10-28-2008

I'm not positive these come with DHCP enabled by default. I suggest using a console cable to the ASA and confirming the following.

interface Vlan1

nameif inside

security-level 100

ip address x.x.x.x 255.255.255.0 ie 192.168.1.254, setup your LAN connection with 192.168.1.1/24 and a DG of the ASA's ip you assigned. You'll want to confirm that the ASDM image is loaded in flash and then put the folling command in, asdm location disk0:[nameofasdmimage] along with the command #(config)asdm location 192.168.1.0 2555.255.255.0 inside

manamsamuel · ‎10-28-2008

I finally figured it out..Someone played around with the factory default config. I think it does come with DHCP enable. All i did was to issue a 'config factory-default' and a write mem.

This is the factory default config:

ASA Version 8.0(3)

!

hostname ciscoasa

enable password xxxxxxxxxxxxxxxxx encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd xxxxxxxx.xxxxxxxx encrypted

ftp mode passive

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.1.2-192.168.1.129 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

: end

I can now connect via the web interface using https://192.168.1.1/admin

The problem now is when i click on Run ASDM, i have the following error;

ASDM is unable to continue loading, click ok to exit from ASDM.'unconnected sockets not implemented.

Please help!!!!!!!!!!!

j.bourque · ‎10-28-2008

sounds like a bad/corrupt asdm image. if you have the cd I would tftp a new image to the ASA flash or download the image from cisco's website and tftp that up.

manamsamuel · ‎10-28-2008

I think am learning the hard way this time around. I upgraded my jvm (Java virtual Machine) and it works.

Thanks for you time.