Cisco ASA 5500 Series Firewalls And Its Installation Guide

Web Hosting Security / January 7, 2011

Data Security is one of the biggest concern for every person who surf the web online. One of the most appropriate way through which you can assure 99% data security is by using a firewall. Firewall comes under two different categories, hardware firewalls as well as software firewalls. Many small as well as medium-size organizations implement firewalls only at a very basic level. Only after experiencing security-related problems do they realize the importance of documentation, audit, and accountability.

The most important stuff a firewall do is Packet Filtering. The concept of packet filtering is a protective way where each data packet comes in the network is been checked . The firewall software basically inspects the header information, source and destination IP addresses and ports with in each incoming packet to protect the computer from the malwares, virus, Trojan etc.

A firewall is a program that is built in to most computer systems. It can also be a hardware device that helps to block intrusions from worms, hackers, and even viruses. Some of the well kn owned firewall for your computer or for the web hosting servers are basicaly from the CISCO. CISCO is a leaders in firewall industry. Some of the most knowned firewall are Cisco ASA 5500 Series includes the Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580.

Cisco ASA 5500 firewalls is one of the most kn-owned firewall with in the industries. Continuing about Cisco ASA 5500 firewalls, these firewall is most stabilized one with in the firewalls series . Many home and even business grade firewalls will occasionally start acting up and have to be rebooted, but the ASA is completely solid. The Cisco Applied Security Appliance (ASA) 5505 is a great choice to secure a small office or home network. The ASA 5505 Security Appliance from Cisco stability is in comparable in the market place. There are very few reports of the ASA 5505 acting up and having to be restarted like some other models on the market.

The Cisco ASA 5510 security appliance is another secured firewall too. This device is the second model with in the ASA firewall series (ASA 5505, 5510, 5520 etc). ASA 5500 is fairly useful since is intended for small to medium enterprises. The smallest ASA 5505 model, the 5510 comes with two license options: The Base license and the Security Plus license. Also hardware enhancements over the base license, do provide security plus with the high end performance with such as 130,000 Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50), Fail over Redundancy, etc. Also, the security plus license enables two of the five firewall network ports to work as 10/100/1000 instead of only 10/100.

The Cisco ASA 5520 Adaptive Security Appliance delivers security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized enterprise networks in a modular, high-performance appliance. With four Gigabit Ethernet interfaces and support for up to 100 VLANs, businesses can easily deploy the Cisco ASA 5520 into multiple zones within their network. With the simple internet access scenario which will help us understand the basic steps needed to setup an ASA 5510.

With a small assumption on a static public IP address which could be which you will get from our Internet Service Provider. Also, the internal LAN network belongs to subnet Interface Ethernet0/0 will be connected on the outside (towards the ISP), and Ethernet0/1 will be connected to the Inside LAN switch.

<strong>Basic Interface Vlan configuration of ASA 5505</strong>

Step 1: Configure the internal interface vlan
ASA5505(config)# interface Vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address
ASA5505(config-if)# no shut

Step 2: Configure the external interface vlan (connected to Internet)
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address
ASA5505(config-if)# no shut

Step 3: Assign Ethernet 0/0 to Vlan 2
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Step 4: Enable the rest interfaces with no shut
ASA5505(config)# interface Ethernet0/1
ASA5505(config-if)# no shut
Do the same for Ethernet0/1 to 0/7.

Step 5: Configure PAT on the outside interface
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1

Step 6: Configure default route towards the ISP (assume default gateway is
ASA5505(config)# route outside 1

The above steps are the absolutely necessary steps you need to configure your website hosting server for making the appliance operational for the client. Of course there are much more configuration details that you need to implement in order to enhance the security and functionality of your appliance, such as Access Control Lists, Static NAT, DHCP, DMZ zones, authentication etc.

Download the best configuration tutorial for any Cisco ASA 5500 Firewall model Here.

<strong>Basic configuration of ASA 5510 Series</strong>

Step 1: Configure your privileged level password (enable password)

ASA5510(config)# enable password mypassword
Make sure that you configure a privileged level password as default there is no password for accessing the ASA firewall.
where “mypassword” would be your password to access your ASA 5510.

Step 2: To Configure the public outside interface of ASA 5510


ASA5510(config)# interface Ethernet0/0
ASA5510(config-if)# nameif outside
ASA5510(config-if)# security-level 0
ASA5510(config-if)# ip address
ASA5510(config-if)# no shut

Step 3: To Configure the trusted internal interface of ASA 5510

ASA5510(config)# interface Ethernet0/1
ASA5510(config-if)# nameif inside
ASA5510(config-if)# security-level 100
ASA5510(config-if)# ip address
ASA5510(config-if)# no shut

Step 4: Configuration of PAT on the outside interface

ASA5510(config)# global (outside) 1 interface
ASA5510(config)# nat (inside) 1

Step 5: Configure Default Route towards the ISP (assume default gateway is
ASA5510(config)# route outside 1

Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP
ASA5510(config)# dhcpd dns
ASA5510(config)# dhcpd address inside
ASA5510(config)# dhcpd enable inside

The above basic configuration we have discussed is just the beginning for making the appliance operate. There are plenty of many configuration features that need to implement to increase the security of your network, such as Access Control Lists to control traffic flow, Static and Dynamic NAT, DMZ zones, VPN etc.