Continuing our series of articles on the Cisco ASA 5500 firewalls, I'm offering you here a tutorial for the basic configuration of the security apparatus of Cisco ASA 5510. This device is the second model series ASA (ASA 5505, 5510, 5520 etc) and is quite popular since it is intended for small and medium enterprises. As the smallest ASA 5505 model, the 5510 comes with two license options: license basis and Security Plus license. The second (more security) provides some performance improvements and hardware on a license basis, such as firewall 130,000 Maximum connections (instead of 50,000), maximum 100 VLANs (instead of 50), Failover Redundancy, etc. Moreover, the security, more license allows two of the five network ports firewall to work as 10/100/1000 instead of only 10/100.

In then we will see a simple scenario for Internet access that will help us understand the basic steps required to configure an ASA 5510. Suppose we are given a static public IP address 100.100.100.1 of our ISP. In addition, the network belongs to the internal LAN subnet 192.168.10.0/24. Interface Ethernet0 / 0 is connected on the outside (towards the ISP) and Ethernet0 / 1 is connected to the LAN switch Inside.

The firewall is configured to provide IP addresses dynamically (using DHCP) for the internal hosts. All outgoing communications (inside out) will be converted using Port Address Translation (PAT) on the external interface public. Let's see an excerpt of the configuration steps required for this base:

Step 1: Set a password to access privileged (enable password)

By default there is no password to access the ASA firewall, then the first step before anything is set a password to access privileged what will be needed to allow further access to the device. Set this in configuration mode:

ASA5510 (config) # enable mysecretpassword Password

Step 2: Configure the public interface outside

ASA5510 (config) # interface Ethernet0 / 0

ASA5510 (config-if) # Nameif outside

ASA5510 (config-if) # security-level 0

ASA5510 (config-if) # ip address 100.100.100.1 255,255,255,252

ASA5510 (config-if) # no shut

Step 3: Configure the trust interface internal

ASA5510 (config) # interface Ethernet0 / 1

ASA5510 (config-if) # nameif inside

ASA5510 (config-if) # security-level 100

ASA5510 (config-if) # ip address 192.168.10.1 255.255.255.0

ASA5510 (config-if) # no shut

Step 4: Configure the PAT in external interface

ASA5510 (config) # interface global (outside) 1

ASA5510 (config) # nat (inside) 1 0.0.0.0 0.0.0.0

Step 5: Configure the default route to the ISP (assuming default gateway is 100.100.100.2)

ASA5510 (config) # route outside 0.0.0.0 0.0.0.0 100.100.100.2 1

Step 6: Configure the firewall to assign IP address and internal DNS for hosts using DHCP

ASA5510 (config) # dhcpd dns 200.200.200.10

ASA5510 (config) # dhcpd address 192.168.10.10-192.168.10.200 in

ASA5510 (config) # dhcpd enable inside

The basic configuration above is just the beginning to make the device operational. There are many more design features you need to implement to increase the security of your network, such as static and dynamic NAT, Access Control Lists to control the flow of traffic, DMZ zones, VPN etc.

Visit my site in my resource box below for more information about products and solutions at Cisco. You can also learn to configure any Cisco ASA 5500 Firewall Here (applicable to models of ALL ASA running software versions 7.x and 8.x).

You can check out my website for more Cisco configuration examples and other related details about designing and implementing Cisco solutions: Cisco Tips and Tutorials