| Works
「Cisco ASA 5505」の初期設定について
Cisco ASA 5505を設定する機会があったので、とりあえず基本のおさらい。
【お約束?】
> enable
# conf t
(config)# hostname HOSTNAME
(config)# enable password PASSWORD
(config)# passwd PASSWORD
(config)# clock timezone JST 9
(config)# logging enable
(config)# logging buffered informational
(config)# logging timestamp
(config)# activation-key KEY
【インターフェースの設定(DHCP無効化)】
(config)# no dhcpd auto_config outside
(config)# no dhcpd enable inside
(config)# int vlan 1
(config-if)# ip address 192.168.0.254 255.255.255.0
(config-if)# exit
(config)# int vlan 2
(config-if)# ip 10.1.1.1 255.255.255.0
(config-if)# exit
(config)# route outside 0.0.0.0 0.0.0.0 10.1.1.254
(config)# management-access inside
【SSH/ADSM(HTTPS)の有効化】
(config)# aaa authorization exec LOCAL
(config)# aaa authentication ssh console LOCAL
(config)# crypto key generate rsa modulus 1024
(config)# ssh 0.0.0.0 0.0.0.0 inside
(config)# aaa authentication http console LOCAL
(config)# http server enable
(config)# http 0.0.0.0 0.0.0.0 inside
【管理用ユーザー作成】
(config)# username USER password PASSWORD privilege 15
【設定保存】
(config)# write memory
(config)# exit
# exit
>
【Factory Defaultを実行したときのログ】
ciscoasa(config)# configure factory-default
WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.
Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for "outside" set to 0 by default.
Executing command: no shutdown
Executing command: ip address dhcp setroute
Executing command: exit
Executing command: interface vlan1
Executing command: nameif inside
INFO: Security level for "inside" set to 100 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: allow-ssc-mgmt
ERROR: SSC card is not available
Executing command: no shutdown
Executing command: exit
Executing command: global (outside) 1 interface
INFO: outside interface address added to PAT pool
Executing command: nat (inside) 1 0 0
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 inside
Executing command: dhcpd address 192.168.1.5-192.168.1.132 inside
Executing command: dhcpd auto_config outside
Executing command: dhcpd enable inside
Executing command: logging asdm informational
Factory-default configuration is completed
