Cisco ASA 5500
You need a tftp server and client to move rules files back and forth.
login to the shel
Login via telnet. The ASA can use LDAP, so if it talks to your Active Directory Server then your login and password will taken from there.
set enable to turn on privileged commands -- pretty much useless without doing this!
View saved Startup Configuration
Use the show command:
fw-asa-01# show configuration
view the Running Configuration
Normally Running and Startup Configuration should be the same. See below to edit or save the Running Configuration to the Startup.
fw-asa-01# show running-config
Shun or Ban an external host
It's easy to ban a host by IP address:
fw-asa-01# shun A.B.C.D
This is equivalent to the following in Linux iptables:
iptables -I INPUT -j DROP -s A.B.C.D
Save running configuration
Edits to the running configuration must be saved before a reboot:
fw-asa-01# write memory
Copy running configuration to remote server
You can also save the configuration to a TFTP server:
fw-asa-01# write net 192.168.1.55:running-config.
Load running configuration from a remote serve
You will get a lot of errors and warning complaining about duplicates if the new configuration is about the same as the current running configuration. I think this is harmless.
fw-asa-01# copy tftp://192.168.1.55/running running-config
TFTP Note for Ubuntu
To move the configuration on and off the firewall you will need a Trivial FTP server. On Ubuntu, install tftpd-hpa:
apt-get -q -y install tftpd-hpa
Edit configuration (vim /etc/default/tftpd-hpa) to something like this:
#Defaults for tftpd-hpa RUN_DAEMON="no" # The -c option allows clients to write files. # Files are read and written from /tmp. OPTIONS="-c -l -s /tmp"
Start the TFTP server: