cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
0
Helpful
11
Replies

ASA 5545-X How to connect to web interface ?

Peter82
Beginner
Beginner

Hey guyz 

I have managed to fix unit now it boots but now I don't know what to do with interfaces ... I have set G0/0 to DHCP but that's about it..I have brigged g0/1 to g0/7 for inside as well but not sure how to now connect with laptop and see GUi in web browser..  

Any help I will appreciate.. 

11 Replies 11

I already seen that cisco link I tried that but I can't set ip address 192.168.1.1 because mine Draytek ADSL router is set to this address  and I connecting internet from it.. I have set management address to 192.168.1.5  but I can't seem to connect it.. it loading and loading and then says didn't respond .. One time I had page saying username and password but when I typed cisco and cisco it said wrong.. 

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

connect console cable to ASA  and post show run  (text file here)

you do not need to have 1.1 IP address that is basic document to guide how can you can do.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I changed it to 192.168.2.1   I can ping dhcp 192.168.1.12  from PC  but I can't ping 192.168.1.10 from router 

ciscoasa# sh int ip brie
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.12 YES DHCP up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset down down
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset down down
Internal-Data0/2 unassigned YES unset up up
Internal-Data0/3 169.254.1.1 YES unset up up
Management0/0 unassigned YES unset up up
BVI1 192.168.2.1 YES manual up up
ciscoasa#

 

 

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

You've configured a BVI (Bridge Virtual Interface) which is very unusual and seldom used in ASAs other than the ones with built-in  switches (like ASA 5506). If you have it configured then you need to assign interfaces to a bridge group.

Normally, you would have an outside interface (like you do) and then inside interfaces on different subnet(s). End user devices like PCs or servers would connect to a switch which in turn connects to your inside interface(s) via the appropriate VLAN.

If you describe where your PC is connected and how, it would help understand your situation.

Hiya 

Yeah exactly  well BVI was in that link cisco show configuration :  https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html

I thought it is similar to vlan1 to link all interfaces from G0/1 to G0/7  which these are on that different subnet 192.168.2.1 And G0/0 is DHCP   If this is wrong then I don't know .. I tried just config heh . 

I have Main DrayTek router Vigo 2762 (ADSL) it has 4 LAN ports and from LAN1 I have it connected to an PoE  switch 24 port and everything is connected to the switch basically even PC. So from asa-5545 two cables are connected to switch G0/0 which is DHCP 192.168.1.12  and G0/1  which is BVI and ip address is 192.168.2.1  I don't know if that's correct maybe not

I know it is seldom I only configure units once we repair them to prove connection... We repair cisco switches and routers and meraki or juniper sometimes HPs etc... Ppl moslty brick units by putting wrong software or image and we correct it restore to defaults Or sometimes we need to replace PSUs , very rarely  replace RAM chips on older cisco devices  But ASA always difficult too much security..  not straight forward... like cisco 800 series or cisco switches.. 

 

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

The BVI interface in the quick start guide also includes assigning each ASA interface (except outside) to bridge-group 1. Your posted config does not indicate you did that.

A more common setup would be:

DrayTek router LAN 1 > ASA GigabitEthernet0/0 (outside)

PoE 24 port switch (all interfaces on a single VLAN) > ASA Gigabit Ethernet0/1 (with bridge-group 1 configured)

PC (and other devices) connected to switch and having manually configured IP addresses in the 192.168.2.0/24 subnet and default gateway set to the ASA BVI interface address of 192.168.2.1. DNS manually set to a public DNS server or the Draytek router interface (192.168.1.1).

I already tried to connect g0/0 straight to drytek but then led indicator on the right of g0/0 port is orange so no longer both lit up green  I was wondering why I would connect one cable to drytek and one to switch when it is basically same?  when internet is already going to switch ? I think I have to disable security ... 

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

The LED indicators for interfaces show the link status (left LED) and speed (right LED).

For the speed LED, Green is 1 Gbps and Amber/Orange is 100 Mbps. In other words, since these are 1 Gbps interfaces Green indicates it is operating at full speed and Amber means it is operating at reduced speed..

I know that but once G0/0/ was in drytek the right LED turned to orange.. 

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

When it's connected, use the "show interface gi0/0" command to get the interface details (including speed) to confirm.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers