Sunday, March 1, 2015

Setting up a Cisco ASA 5505 on 9.x Code for Home Use with Charter Internet

This is an overview of how simple it is to setup a Cisco ASA 5505 for home use with Charter (although most any Internet provider should work).   The end goal is to have a system that will:
  1. Obtain an IP address from the cable modem by using DHCP
  2. PAT/NAT translate all inside addresses to the outside Charter address
  3. Act as a firewall protecting your inside network from the public Internet

The device we are using is the Cisco ASA 5505 running firmware: 9.1(5)21 with 1024Mb RAM, 128Mb flash, and a 500Mhz processor.

Cable up the device as follows:

  1. Connect port 1 to your cable modem, this is the outside network.  
  2. Connect port(s) 2 - 8 to your access points, computers, printers, etc.  This is the inside network. NOTE: ports 7 and 8 provide Power over Ethernet.   If your access points support this, you don't have to plug them into a wall outlet.   They can obtain power from these ports.   


Lets start with a blank canvas by erasing all existing configurations:

  1. Log into the device though the serial console.  Typically the password is blank, pressing enter will take you to the command prompt.   If password is lost, go through the password recovery here.
  2. Enter enable mode: enable (again, the password should be blank, press enter when prompted for a password).
  3. Clear the old configuration: write erase
  4. Reload the device to start with a fresh config: reload (do not save the config before reloading)

Configuration:
  1. Log into the device through the serial console.
  2. Enter enable mode: enable
  3. Enter configuration mode: configure terminal
  4. Use the Cisco factory default command to perform the basic setup: configure factory-default (this is the most important step, it does all the basic configuration)
  5. Setup user accounts, enable passwords, etc:
    1. Set a login password: passwd MySecretPassword
    2. Set an enable password: enable password MySecretPassword
    3. Setup a user account and password: username MyUserName password MySecretPassword
  6. (optional) enable remote SSH management on the local/inside network only:
    1. Turn on user authentication: aaa authentication ssh console LOCAL
    2. Enable SSH: ssh 192.168.1.0 255.255.255.0 inside
  7. Save the configuration: write
That is it, the system should be working.  Any devices connected to ports 2-8 should be getting an IP address though DHCP in the range of 192.168.1.5 - 192.168.1.254

Configuration Gotch-Ya: On my cable modem only 1 MAC address can be configured at a time.   I had to clone the MAC address from my former router on the ASA before I was able to obtain a DHCP address from the Charter modem.  Configuration example:
interface Vlan2
  mac-address 3408.0408.1234



Important Note: As with any device connected to the public Internet, the latest vendor recommended software should always be installed.   Do this now!   Instructions can be found here.  



2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Knowledgeable post shared by you about the setting up a Cisco ASA 5505 on 9.x Code. Get Aruba Networks Houston from enter-sys.com.

    ReplyDelete

Followers