Cisco ASA 5500

From Noah.org
Revision as of 14:40, 21 August 2007 by Root (Talk | contribs) (New page: Category:Engineering Category:Networking You need a tftp server and client to move rules files back and forth. == login to the shel == Login via telnet. The ASA can use LDAP, so...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


You need a tftp server and client to move rules files back and forth.

login to the shel

Login via telnet. The ASA can use LDAP, so if it talks to your Active Directory Server then your login and password will taken from there.

set enable to turn on privileged commands -- pretty much useless without doing this!

 fw-asa-01> enable

View saved Startup Configuration

Use the show command:

 fw-asa-01# show configuration

view the Running Configuration

Normally Running and Startup Configuration should be the same. See below to edit or save the Running Configuration to the Startup.

 fw-asa-01# show running-config

Shun or Ban an external host

It's easy to ban a host by IP address:

 fw-asa-01# shun A.B.C.D

This is equivalent to the following in Linux iptables:

 iptables -I INPUT -j DROP -s A.B.C.D

Save running configuration

Edits to the running configuration must be saved before a reboot:

 fw-asa-01# write memory

Copy running configuration to remote server

You can also save the configuration to a TFTP server:

 fw-asa-01# write net 192.168.1.55:running-config.

Load running configuration from a remote serve

You will get a lot of errors and warning complaining about duplicates if the new configuration is about the same as the current running configuration. I think this is harmless.

 fw-asa-01# copy tftp://192.168.1.55/running running-config

TFTP Note for Ubuntu

To move the configuration on and off the firewall you will need a Trivial FTP server. On Ubuntu, install tftpd-hpa:

 apt-get -q -y install tftpd-hpa

Edit configuration (vim /etc/default/tftpd-hpa) to something like this:

 #Defaults for tftpd-hpa
 RUN_DAEMON="no"
 # The -c option allows clients to write files.
 # Files are read and written from /tmp.
 OPTIONS="-c -l -s /tmp"

Start the TFTP server:

 /etc/init.d/tftpd-hpa start