If you need support on your study materials or just to ask us a question, You can chat with a Teststreams support agent using the live chat link below, or send us a quick in-mail.
Cisco ASA features include the following:
■ State-of-the-art stateful packet inspection firewall
■ User-based authentication of inbound and outbound connections
■ Integrated protocol and application inspection engines that examine packet streams at Layers 4 through 7
■ Highly flexible and extensible modular security policy framework
■ Robust virtual private network (VPN) services for secure site-to-site and remote-access connections
■ Clientless and client-based Secure Sockets Layer (SSL) VPN
■ Full-featured intrusion prevention system (IPS) services for day-zero protection against threats, including application
and operating system vulnerabilities, directed attacks, worms, and other forms of malware
■ Denial-of-service (DoS) prevention through mechanisms such as protocol verification to rate limiting connections
and traffic flow
■ Content security services, including URL filtering, antiphishing, antispam, antivirus, antispyware, and content filtering using Trend Micro technologies
■ Multiple security contexts (virtual firewalls) within a single appliance
■ Stateful active/active or active/standby failover capabilities that ensure resilient network protection
■ Transparent deployment of security appliances into existing network environments without requiring re-addressing
of the network
■ Intuitive single-device management and monitoring services with the Cisco Adaptive Security Device Manager
(ASDM) and enterprise-class multidevice management services through Cisco Security Manager
Basic Connectivity and Device
This section starts to look at the configuration of the Cisco ASA and covers the fundamentals for providing basic connectivity
and device management. This section covers basic command-line interface (CLI) configuration, but mainly focuses on
configuring the ASA through the graphical Adaptive Security Device Manager (ASDM).
CLI and ASDM Connection
You can configure a Cisco ASA in two ways: through the CLI or through the ASDM.
Both the CLI and ASDM offer benefits for configuration, and people disagree as to the best method. The CLI versus GUI
configuration argument has been around since the days of UNIX versus Windows. The CLI is fast, after you have mastered it,
but the GUI is intuitive and easier to configure, especially with the wizard quick-configuration options now available.
ASDM is the preferred configuration method for the ASA. Various configuration wizards exist within ASDM that are not
available via the CLI alone. The logging and monitoring functionality that the ASDM provides cannot be replicated within the
Command Line Interface (CLI)
The CLI is the historic way in which all Cisco devices were configured. This is a command-based interface similar to a UNIXor DOS-based operating system
It is common for a DMZ interface to be assigned a security level of 50.
To give Ethernet0/1 the security level of 100, issue the following command:
ciscoasa(config)# interface ethernet0/1
ciscoasa(config-if)# security-level 100
In this example, use an ASA 5505, and assign the name of inside to the VLAN1 interface. This configuration means that this
interface will have a security level of 100. The configuration command for this is as follows:
ciscoasa(config)# interface vlan1
ciscoasa(config-if)# security-level 100
ASDM Interface Configuration
You can configure an interface via ASDM from a single configuration screen.
You must select Configuration from the toolbar, and then Device Setup. You can then add, edit, or delete interfaces from the
Because you have already configured the inside interface in your example as VLAN1, now enhance this by configuring only
VLAN1 on the Ethernet0/1 physical port.
Highlight the inside interface, and then click Edit. Figure 11 shows the Edit Interface screen. As you can see from Figure 11,
the IP address, interface name, and security level can all be entered into the ASA configuration from this single screen. In this
example, you can see that Ethernet0/1 has been selected and has an IP address of 192.168.1.254/24, with an interface name of
inside and a security level of 100.
No firewall is complete with a single interface, so go ahead and configure the outside interface of the ASA.