You are on page 1of 11

26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Cisco ASA 5510, ASA 5520, ASA 5540, and


ASA 5550 Quick Start Guide

Updated: Jan30,2015

TableofContents
CiscoASA5510,ASA5520,ASA5540,ASA5550
VerifyingthePackageContents
ASA5510,ASA5520,orASA5540
ASA5550
PoweringOntheASA
MaximizingThroughput(ASA5550)
ConnectingInterfaceCablesandVerifyingConnectivity
LaunchingASDM
RunningtheStartupWizard
(Optional)AllowingAccesstoPublicServersBehindtheASA
(Optional)RunningVPNWizards
(Optional)RunningOtherWizardsinASDM
AdvancedConfiguration

QuickStartGuide
CiscoASA5510,ASA5520,ASA5540,ASA5550

VerifyingthePackageContents
PoweringOntheASA
MaximizingThroughput(ASA5550)
ConnectingInterfaceCablesandVerifyingConnectivity
LaunchingASDM
RunningtheStartupWizard
(Optional)AllowingAccesstoPublicServersBehindtheASA
(Optional)RunningVPNWizards
(Optional)RunningOtherWizardsinASDM
AdvancedConfiguration
RegulatoryComplianceandSafetyInformation

ReadthesafetywarningsintheRegulatoryComplianceandSafetyInformation(RCSI),andfollowproper
safetyprocedureswhenperformingthestepsinthisguide.Seehttp://www.cisco.com/go/asadocsforlinks
totheRCSIandotherdocuments.
Revised:December8,2011,781975302

VerifyingthePackageContents
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 1/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Verifythecontentsofthepackingboxtoensurethatyouhavereceivedallitemsnecessarytoinstallyour
ASA.

ASA5510,ASA5520,orASA5540

1 ASA5510,20,or40Chassis 2 2YellowEthernetCables

3 RackmountingBrackets 4 41032PhillipsScrews

5 41224PhillipsScrews 6 BlueConsoleCablePCTerminalAdapter

7 PowerCable(USShown) 8 CableHolder

9 4RubberFeet 10 DocumentationandSoftwareCD

ASA5550

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 2/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

1 ASA5550Chassis 2 2YellowEthernetCables

3 RackmountingBrackets 4 41032PhillipsScrews

5 41224PhillipsScrews 6 BlueConsoleCablePCTerminalAdapter

7 PowerCable(USShown) 8 CableHolder

9 4RubberFeet 10 DocumentationandSoftwareCD

PoweringOntheASA
Step1 AttachthepowercabletotheASAandconnectittoanelectricaloutlet.
Step2 PowerontheASA.
Step3 CheckthePowerLEDonthefrontoftheASAifitissolidgreen,thedeviceispoweredon.
Step4 ChecktheStatusLEDonthefrontoftheASAafteritissolidgreen,thesystemhaspassed
powerondiagnostics.

MaximizingThroughput(ASA5550)
TheASA5550hastwointernalbusesprovidingcopperGigabitEthernetandfiberGigabitEthernet
connectivity.ForSlot1(Bus1),youcanuseeitherthecopperportsorthefiberports.Thecopperports
areenabledbydefault.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 3/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Formaximumthroughput,configuretheASAsothattrafficisdistributedequallybetweenthetwobuses.
Layoutthenetworksothattrafficentersthroughonebusandexitsthroughtheother.

Forexample,thefollowingfigureshowstheASAconfiguredsothattrafficfromtheunsecurenetworkand
thesecurenetworkisevenlydistributedbetweenBus0andBus1.Trafficfromhostsonthesecured
networkflowsthroughinterface0/0onBus0tohostsontheunsecurednetwork.Trafficfromhostsonthe
unsecurednetworkflowsthroughinterface1/0onBus1tohostsonthesecurednetwork.

ConnectingInterfaceCablesandVerifyingConnectivity
Step1 ConnectamanagementPCtotheManagement0/0interfaceforusewiththeAdaptiveSecurity
DeviceManager(ASDM).YoucanconnectthePCdirectlywithanEthernetcable,orconnectthePCand
theASAtothesamemanagementnetwork.MakesurethePCisconfiguredtoobtainanIPaddressusing
DHCP.
IfyouwanttousetheCLI,connectyourPCtotheconsoleport,andseetheCLIconfigurationguidefor
moreinformation.
Step2 Connectyournetworkstotheappropriateports.FortheASA5550or4GESSM,ifyouareusing
thefiberports,youneedtouseSFPmodules(notincluded).SeetheHardwareInstallationGuidefor
information.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 4/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Step3 ChecktheLINK/ACTindicatorstoverifyinterfaceconnectivity.

LaunchingASDM
TheASAshipswithadefaultconfigurationthatenablesASDMconnectivitytotheManagement0/0
interface.UsingASDM,youcanusewizardstoconfigurebasicandadvancedfeatures.ASDMisa
graphicaluserinterfacethatallowsyoutomanagetheASAfromanylocationbyusingawebbrowser.

SeetheASDMreleasenotesonCisco.comfortherequirementstorunASDM.

Step1 OnthePCconnectedtotheASA,launchawebbrowser.
Step2 IntheAddressfield,enterthefollowingURL:https://192.168.1.1/admin.TheCiscoASDMweb
pageappears.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 5/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Step3 ClickRunStartupWizard.
Step4 Acceptanycertificatesaccordingtothedialogboxesthatappear.TheCiscoASDMIDMLauncher
appears.
Step5 Leavetheusernameandpasswordfieldsempty,andclickOK.ThemainASDMwindowappears
andtheStartupWizardopens.

RunningtheStartupWizard
RuntheStartupWizardtomodifythedefaultconfigurationsothatyoucancustomizethesecuritypolicy
tosuityourdeployment.Usingthestartupwizard,youcansetthefollowing:

Hostname Staticroutes
Domainname DHCPserver
Administrativepasswords Networkaddresstranslationrules
Interfaces andmore...
IPaddresses

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 6/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Step1 Ifthewizardisnotalreadyrunning,inthemainASDMwindow,chooseWizards>StartupWizard.
Step2 FollowtheinstructionsintheStartupWizardtoconfigureyourASA.
Step3 Whilerunningthewizard,youcanacceptthedefaultsettingsorchangethemasrequired.(For
informationaboutanywizardfield,clickHelp.)

(Optional)AllowingAccesstoPublicServersBehindthe
ASA
ASA8.2andLater

ThePublicServerpaneautomaticallyconfiguresthesecuritypolicytomakeaninsideserveraccessible
fromtheInternet.Asabusinessowner,youmighthaveinternalnetworkservices,suchasawebandFTP
server,thatneedtobeavailabletoanoutsideuser.Youcanplacetheseservicesonaseparatenetwork
behindtheASA,calledademilitarizedzone(DMZ).ByplacingthepublicserversontheDMZ,anyattacks
launchedagainstthepublicserversdonotaffectyourinsidenetworks.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 7/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Step1 InthemainASDMwindow,chooseConfiguration>Firewall>PublicServers.ThePublic
Serverpaneappears.
Step2 ClickAdd,thenenterthepublicserversettingsintheAddPublicServerdialogbox.(For
informationaboutanyfield,clickHelp.)
Step3 ClickOK.Theserverappearsinthelist.
Step4 ClickApplytosubmittheconfigurationtotheASA.

(Optional)RunningVPNWizards
YoucanconfigureVPNusingthefollowingwizards:

SitetoSiteVPNWizardCreatesanIPsecsitetositetunnelbetweentwoASAs.
(ASA8.0andlater)AnyConnectVPNWizardConfiguresSSLVPNremoteaccessfortheCisco
AnyConnectVPNclient.AnyConnectprovidessecureSSLconnectionstotheASAforremoteusers
withfullVPNtunnelingtocorporateresources.TheASApolicycanbeconfiguredtodownloadthe
AnyConnectclienttoremoteuserswhentheyinitiallyconnectviaabrowser.WithAnyConnect3.0and
later,theclientcanruneithertheSSLorIPsecIKEv2VPNprotocol.
(ASA8.0andlater)ClientlessSSLVPNWizardConfiguresclientlessSSLVPNremoteaccessfora
browser.Clientless,browserbasedSSLVPNletsusersestablishasecure,remoteaccessVPNtunnel
totheASAusingawebbrowser.Afterauthentication,usersaccessaportalpageandcanaccess
specific,supportedinternalresources.Thenetworkadministratorprovidesaccesstoresourcesby
usersonagroupbasis.ACLscanbeappliedtorestrictorallowaccesstospecificcorporateresources.
IPsec(IKEv1)RemoteAccessVPNWizardConfiguresIPsecVPNremoteaccessfortheCisco
IPsecclient.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 8/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

Step1 InthemainASDMwindow,chooseWizards>VPNWizards,thenchooseoneofthefollowing:
SitetoSiteVPNWizard
AnyConnectVPNWizard
ClientlessVPNWizard
IPsec(IKEv1)RemoteAccessVPNWizard
Step2 Followthewizardinstructions.(Forinformationaboutanywizardfield,clickHelp.)

(Optional)RunningOtherWizardsinASDM
YoucanoptionallyrunthefollowingadditionalwizardsinASDM:

HighAvailabilityandScalabilityWizard
Configureactive/activeoractive/standbyfailover,orVPNclusterloadbalancing.
UnifiedCommunicationsWizard
ConfigureaproxyontheASAforremoteaccessorbusinesstobusinesscommunications.(Special
licensesmayapply.SeetheCLIconfigurationguideforinformationaboutASAlicensing.)
PacketCaptureWizard
Configureandrunpacketcapture.Thewizardwillrunonepacketcaptureoneachoftheingressand
egressinterfaces.Aftercapturingpackets,youcansavethepacketcapturestoyourPCforexamination
andreplayinthepacketanalyzer.

AdvancedConfiguration
TocontinueconfiguringyourASA,seethedocumentsavailableforyoursoftwareversionat:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 9/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

http://www.cisco.com/go/asadocs

WasthisDocumentHelpful?

Yes No Feedback

LetUsHelp
OpenaSupportCase

(RequiresaCiscoServiceContract)

ReadytoReplaceanOldSwitch?
Upgradeyournetworkandgetdiscountsonreplacementswitchesandsupportservices

LearnHow

RelatedSupportCommunityDiscussions
BugSearchCSCva38556
LastReply1monthago
inFirewalling

(Video)HowtoupgradethesoftwareimageonaCiscoAdaptiveSecurityAppliance(ASA)usingCisco
AdaptiveSecurityDeviceManager(ASDM)
LastReply5yearsago
inExpertCorner

blockingaParticularURLwithFirePOWERServicesusingASDMonASA5506x
LastReply1weekago
inSourcefireSSLAppliance

CiscoSupportCommunity

ThisDocumentAppliestoTheseProducts
ASA5510AdaptiveSecurityAppliance

ASA5520AdaptiveSecurityAppliance

ASA5540AdaptiveSecurityAppliance

ASA5550AdaptiveSecurityAppliance

AdaptiveSecurityAppliance(ASA)Software

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 10/11
26/01/2017 CiscoASA5510,ASA5520,ASA5540,andASA5550QuickStartGuideCisco

+ShowAll6Products

Share

2017Ciscoand/oritsaffiliates.Allrightsreserved.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500/5500_quick_start.html#86127 11/11