Difference between revisions of "Cisco ASA 5500"
Line 51: | Line 51: | ||
You will get a lot of errors and warning complaining about duplicates if the new configuration is about the same as the current running configuration. I think this is harmless. | You will get a lot of errors and warning complaining about duplicates if the new configuration is about the same as the current running configuration. I think this is harmless. | ||
− | fw-asa-01# copy tftp://192.168.1.55/running | + | fw-asa-01# copy tftp://192.168.1.55/running temporary-config |
== TFTP Note for Ubuntu == | == TFTP Note for Ubuntu == |
Revision as of 19:30, 30 August 2007
You need a tftp server and client to move rules files back and forth.
Contents
Login to the shell
Login via telnet. The ASA can use LDAP, so if it talks to your Active Directory Server then your login and password will taken from there.
set enable to turn on privileged commands -- pretty much useless without doing this!
fw-asa-01> enable
View saved Startup Configuration
Use the show command:
fw-asa-01# show configuration
View the Running Configuration
Normally Running and Startup Configuration should be the same. See below to edit or save the Running Configuration to the Startup.
fw-asa-01# show running-config
Shun or Ban an external host
It's easy to ban a host by IP address:
fw-asa-01# shun A.B.C.D
This is equivalent to the following in Linux iptables:
iptables -I INPUT -j DROP -s A.B.C.D
Save running configuration
Edits to the running configuration must be saved before a reboot:
fw-asa-01# write memory
Copy running configuration to remote server
You can also save the configuration to a TFTP server:
fw-asa-01# write net 192.168.1.55:running-config
Load running configuration from a remote serve
You will get a lot of errors and warning complaining about duplicates if the new configuration is about the same as the current running configuration. I think this is harmless.
fw-asa-01# copy tftp://192.168.1.55/running temporary-config
TFTP Note for Ubuntu
To move the configuration on and off the firewall you will need a Trivial FTP server. On Ubuntu, install tftpd-hpa:
apt-get -q -y install tftpd-hpa
Edit configuration (vim /etc/default/tftpd-hpa) to something like this:
#Defaults for tftpd-hpa RUN_DAEMON="yes" # The -c option allows clients to write files. # Files are read and written from /tmp. OPTIONS="-c -l -s /tmp"
Start the TFTP server:
/etc/init.d/tftpd-hpa start
Now you can get and put files to /tmp. When you are done with the server you should shut it down:
/etc/init.d/tftpd-hpa stop