====== Cisco - Firewall - Cisco ASA 5505 - Setup a Basic Firewall on a Cisco ASA 5505 ====== * en * config t * write erase * config factory-default (space through all the pages) * reload (Don’t save current config) * Say no to interactive prompts * en (There's no password) * config t * enable password [specify enable password] * hostname [Your Hostname] * interface vlan 1 * description [VLAN 1 free-form description] * security-level 0 * nameif outside * ip address [public ip] [mask] (If you’re using DHCP, replace with "ip address dhcp setroute") * interface vlan 2 * description [VLAN 2 free-form description] * security-level 100 * ip address [internal ip] [mask] * nameif inside * interface ethernet0/0 * description [Insert description] * switchport access vlan 1 * no shutdown * interface ethernet0/1 * switchport access vlan 2 * no shutdown * interface ethernet0/2 * switchport access vlan 2 * no shutdown * interface ethernet0/3 * switchport access vlan 2 * no shutdown * interface ethernet0/4 * switchport access vlan 2 * no shutdown * interface ethernet0/5 * switchport access vlan 2 * no shutdown * interface ethernet0/6 * switchport access vlan 2 * no shutdown * interface ethernet0/7 * switchport access vlan 2 * no shutdown * show switch vlan * crypto key generate rsa modulus 1024 (type yes for confirmation) * ssh [network allowed to ssh] [mask] inside * ssh timeout 10 * ssh version 2 * username [specify username] password [specify password] privilege 15 * aaa authentication ssh console LOCAL * show run ssh * route outside 0 0 [ISP Gateway] 1 (This setups the default route) * global (outside) 1 interface * nat (inside) 1 [IP address/network for PAT] [mask] * http server enable (requires port if accessing from outside) * http [Allow IP Address(s)] [Mask] * policy-map global_policy * class inspection_default * inspect icmp * end * wr m * reload * show running-config (To check that everything is ok)