Please enable JavaScript.

Coggle requires JavaScript to display documents.

21 ASA FIREWALL CONFIGURATION, In software versions 9.7 and later,…

- - - - The default ASA user prompt of ciscoasa> is displayed when an ASA configuration is erased, the device is rebooted, and the user does not use the interactive setup wizard.
      - To enter privileged EXEC mode, use the enable user EXEC mode command. Initially, an ASA does not have a password configured; therefore, when prompted, leave the enable password prompt blank and press Enter.
      - The ASA date and time should be set either manually or by using Network Time Protocol (NTP). To set the date and time, use the clock set privileged EXEC command.
      - Enter global configuration mode using the configure terminal privileged EXEC command. The first time that global configuration mode is accessed, a message pertaining to the Smart Call Home feature appears. This allows activation of the anonymous error reporting to Cisco regarding the status and health of device. Other Smart Call Home features are accessed in call-home configuration mode
    - - The ASA-5506-X has eight Gigabit Ethernet interfaces that can be configured to carry traffic from different networks. The G1/1 interface is used by convention as the outside interface to the internet or other outside network. It is set to receive its IP address over DHCP by default, because it is assumed that the interface will be configured to an ISP that uses DHCP to address attached interfaces.
        
        The remaining interfaces, G1/2-G1/8, can be assigned to inside networks or DMZs. In addition, a Gigabit Ethernet port (labeled GE MGMT in the figure) is dedicated to in-band management of the ASA Fire POWER module. During configuration, it is designated as Management1/1. Configuration of the ASA FirePOWER module is beyond the scope of this course.
    - - If an ASA is configured as a DHCP client, then it can receive and install a default route from the upstream device. Otherwise, a default static route must be configured using the route interface-name 0.0.0.0 0.0.0.0 next-hop-ip-address command. To verify the route entry, use the show route command.
    - - Network Time Protocol (NTP) services can be enabled on an ASA to obtain the date and time from an NTP server. To enable NTP, use the global configuration mode commands listed in the table.
    - - An ASA can be configured to be a DHCP server to provide IP addresses and DHCP-related information to hosts. To enable an ASA as a DHCP server and provide DHCP services to hosts, use the commands listed in the table.
- - - - ACLs are made up of one or more ACEs. ACEs are applied to a protocol, a source and destination IP address, a network, or the source and destination ports.
      - ACLs are processed sequentially from top down.
      - A criteria match will cause the ACL to be exited.
      - There is an implicit deny any at the bottom.
      - Remarks can be added per ACE or ACL.
      - Only one access list can be applied per interface, per protocol, per direction.
      - ACLs can be enabled/disabled based on time ranges.