One thing I can say about the Startup Wizard in the Cisco ASA 5505, is that it would be kicked out of Hogwarts. Lame joke sure, but so is Cisco for selling something so complex to small businesses. What my customer of eight employees needs is a firewall with the robust dependability of a Cisco PIX with the simplicity of a Linksys. Seems like a no brainer, but since the 2003 purchase, I don't think Cisco hasn't done anything even close. Enough of my rant...
Some of the Startup Wizard went okay (like changing the external IP and enable password only), but when it came to changing the inside network, it hung a number of times, once for over 30 minutes, before I turned it off. Turned out I needed to actually change the internal IP address via the command line, but not before wiping out DHCP, because that locks the internal subnet from being changed. Oh yeah, don't forget to change the subnet from which you can access the internal web server, otherwise you're locked out of that as well. And yes, I attempted to do this via the ASDM, but it hung every time I tried to change the internal IP address. Sorry, I guess my ranting wasn't done.
Below are the commands I used to complete the above tasks...
Note: All of these require you to be logged into the "enable" account, i.e. type enable at the command-line in your terminal window and enter the password
Turn DHCP off:
ciscoasa# config term
ciscoasa(config)# no dhcpd enable inside
Updating your internal IP address/subnet (assuming it's VLAN 1)
ciscoasa# config term
ciscoasa(config)# interface Vlan 1
ciscoasa(config-if)# ip address 10.0.1.1 255.255.255.0
ciscoasa(config-if)# no shut
Adding an outside route (your gateway address (and why isn't this in the wizard?!?!))
ciscoasa# config term
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 76.176.56.86 1
Update access to the ADSM (so you can reach it from your new network listed above)
ciscoasa# config term
ciscoasa(config)# http 10.0.1.0 255.255.255.0 inside
ciscoasa(config)# exit
ciscoasa# show run | include http
http 10.0.1.0 255.255.255.0 inside (this shows your new network has access)
http 192.168.1.0 255.255.255.0 inside
Turn on DHCP and configure for use
ciscoasa# config term
ciscoasa(config)# dhcpd address 10.0.1.201-10.0.1.240 inside
ciscoasa(config)# dhcpd dns 10.0.1.10 10.0.1.11
ciscoasa(config)# dhcpd wins 10.0.1.10
ciscoasa(config)# dhcpd lease 3000
ciscoasa(config)# dhcpd domain contoso.com
ciscoasa(config)# dhcpd enable inside
Write running config to flash (saving all of your changes)
ciscoasa# write memory
Restarting your Cisco ASA from command line
ciscoasa# reload noconfirm
Should you post any questions, I'll be happy to try and help, but I can't promise anything...
No comments:
Post a Comment