by asarockstar -

Connecting to a Cisco ASA

The first thing that we should probably cover are the basics on connecting to the config on the Cisco ASA so we can see the existing setup and make changes to it.

We will cover the following methods to access the Cisco ASA configs:

  • Console
  • Telnet
  • SSH (crypto key needed)
  • ASDM

There are two user interfaces that we can use through these methods of connecting to the ASA, CLI (Command-line Interface) and the ASDM GUI (Graphical User Interface).  See the examples below.

CLI                                                                      ASDM

1_Putty_screenshot 2_ASDM_screenshot

Most of the configurations you will see on this site are done through the CLI, but I will add the ASDM equivalent as I continue to build it.  Personally the CLI method makes it easier for me to see the whole picture rather than bouncing around different screens looking for a check box I missed, but both have their pros and cons.  We will use a terminal emulation program, PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html), to connect to the CLI.  We will use this program for Console, Telnet, and SSH access.

Let’s take a look at these methods!

Console

When you purchase a Cisco ASA (ex. 5505, 5510), you should get a blue console cable with it.  You will plug the RJ-45 end into the console port on the ASA and the serial end directly into a serial port on your management computer or use a serial to USB console cable.  I use the Tripp-Lite Keyspan USA-19HS (http://www.amazon.com/gp/product/B0000VYJRY/).

Console Cable                                                   USB to Serial Adapter

3_Console_Cable 4_Serial_to_USB_Adapter

 

Console cable connected to ASA and Serial to USB Adapter

5_Connected_to_ASA

Telnet and SSH

In order to telnet or SSH to the ASA, you will need IP connectivity established between the ASA and your management computer.  These features need to be enabled on the ASA as well.  I recommend SSH over telnet because the traffic is encrypted where with telnet it is not.  We will cover the configuration required for this in a later post.  (future link)

ASDM

This is an ASA management program that provides a GUI interface for management, monitoring, and configuration.  You can access it by opening a web browser and going to the ASA’s IP address via HTTPS (ex. https://192.168.1.1), then download the application using the link provided or click on the Java applet to start an instance.  I would use the Java instance since there can be additional issues with security when using the downloaded version. (Look for a future article that covers this issue.)

I primarily use ASDM for the monitoring features it provides when troubleshooting since it will show me nice graphs that are quick and easy to read.  This is a feature that needs to be enabled, which we will cover the configuration in a later post. (future link)

Summary

For the purpose of following along with my tutorials, we will be connecting to the Cisco ASA using a console cable with a USB to serial adapter and PuTTY.  I prefer this method of access because it always works.  Even if I make a configuration change that breaks IP connectivity, I am always connected and able to see what is going on.

by asarockstar -

Welcome to ASARockstar.com!

Yes, the world needs another blog… At least I think it does for this topic.  I have been working with the Cisco ASA for a few years now and never really found a great website that stuck out to me with what I was looking for.  So like any engineer, what do you do when you need something that isn’t there? You create it yourself.

I have been keeping a ton of notes along the way (thank you MS OneNote!) and wanted to share it with others so their learning curve can hopefully be shorter than mine.

Please contribute and ask questions if you have any.  This will only make the website a better resource for us and others.  I look forward to working on this new project and hope to help many others seeking knowledge.