Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (2024)

Table of Contents
Cisco ASA 5505 configuration Step1: Configure the internal interface vlan Step 2: Configure the external interface vlan (connected to Internet) Step 3: Assign Ethernet 0/0 to Vlan 2 Step 4: Enable the rest interfaces with no shut Step 5: Configure PAT on the outside interface Step 6: Configure default route 13 comments Leave a Reply FAQs
  • Firewalls
  • Joe

Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (1)

The Cisco ASA 5505 Firewall is the smallest model in the new 5500 Cisco series of hardware appliances. Although this model is suitable for small businesses, branch offices or even home use, its firewall security capabilities are the same as the biggest models (5510, 5520, 5540 etc). The Adaptive Security technology of the ASA firewalls offers solid and reliable firewall protection, advanced application-aware security, denial of service attack protection and much more. Moreover, the performance of the ASA 5505 appliance supports 150Mbps firewall throughput and 4000 firewall connections per second, which is more than enough for small networks.In this article, I will explain the basic Cisco ASA 5505 configuration for connecting a small network to the Internet (here thecompleteguides).

We assume that our ISP has assigned us a static public IP address (e.g 200.200.200.1 as an example) and that our internal network range is 192.168.1.0/24. We will use Port Address Translation (PAT) to translate our internal IP addresses to the public address of the outside interface. The difference of the 5505 model from the bigger ASA models is that it has an 8-port 10/100 switch which acts as Layer 2 only. That is, you can not configure the physical ports as Layer 3 ports, rather you have to create interface VLANs and assign the Layer 2 interfaces in each VLAN. By default, interface Ethernet0/0 is assigned to VLAN 2 and it’s the outside interface (the one which connects to the Internet), and the other 7 interfaces (Ethernet0/1 to 0/7) are assigned by default to VLAN 1 and are used for connecting to the internal network. Let’s see the basic configuration setup of the most important steps that you need to configure.

Cisco ASA 5505 configuration

Let’s now have a look at the Cisco ASA 5505 configuration, in a step by step fashion.

Step1: Configure the internal interface vlan

ASA5505(config)# interface Vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shut

Step 2: Configure the external interface vlan (connected to Internet)

ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shut

Step 3: Assign Ethernet 0/0 to Vlan 2

ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Step 4: Enable the rest interfaces with no shut

ASA5505(config)# interface Ethernet0/1
ASA5505(config-if)# no shut
Do the same for Ethernet0/1 to 0/7.

Step 5: Configure PAT on the outside interface

ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0
UPDATE for ASA Version 8.3 and later (including ASA versions 9.x)

From March 2010, Cisco announced the new Cisco ASA software version 8.3. This version introduced several important configuration changes, especially on the NAT/PAT mechanism. The “global” command is no longer supported. NAT (static and dynamic) and PAT are configured under network objects. The PAT configuration below is for ASA 8.3 and later:
object network obj_any
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface
The above commands will accomplish the same task as the “global” and “nat” commands we had in versions prior to 8.3.

Step 6: Configure default route

Default route towards the ISP (assume default gateway is 200.200.200.2)
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 200.200.200.2 1
The above steps are the absolutely necessary steps you need to configure for making the appliance operational. Of course there are much more configuration details that you need to implement in order to enhance the security and functionality of your appliance, such as Access Control Lists, Static NAT, DHCP, DMZ zones, authentication etc.

You can also learn how to configure any Cisco ASA 5500 Firewall Hereand also VPNs.

For more Cisco configuration examples and other related details about designing and implementing Cisco solutions: Cisco Tips and Tutorials.

By Harris Andrea

Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (2)

Joe

Senior Network Engineer, technology enthusiast, guitar and bass player. Joe Wilson is the creator of RouterFreak.com as well as other niche websites that can be found around on the Internets.

What do you think about this article?

13 comments

  1. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (3)

    mikeyb

    September 5, 2021 at 10:49 pm

    I can config vlan 2, using ip add dhcp set route and it gets an address and i can ping IPs like 8.8.8.8 but when i set VLAN 1 to 192.168.1.1, it sez there is a conflict with vlan 2 which has 192.168.1 158. Tried 192.168. 10.1 but didnt work

    See Also
    Configuring a Cisco ASA to Send SyslogsKnowledge Base | Duo SecurityConfiguring a Cisco ASA to Send SyslogsConfigure Cisco Devices via ASDM | Forward Syslog | Firewall Analyzer

    Reply

  2. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (4)

    Tony Cruz

    August 2, 2021 at 11:49 am

    Will work on 5501 ?

    Reply

  3. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (5)

    test_machine

    January 13, 2020 at 8:25 am

    Hi shoeb …. you write

    Not working for me –
    Tried to ping from 192.168.1.100 to 12.12.12.2. its not working …i got basic question.
    You write 12.12.12.x is on Vlan2 and 192.168.1.100 is not on vlan 2 , as might be on the default vlan .
    No communication is possible, please re-assign the proper vlan 🙂

    Reply

  4. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (6)

    Matthew

    May 31, 2019 at 12:23 pm

    This config is missing access list

    Reply

  5. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (7)

    shoeb

    January 10, 2018 at 5:39 am

    Not working for me –
    Tried to ping from 192.168.1.100 to 12.12.12.2. its not working
    Packet tracer file is here – https://ufile.io/5nxj1

    ciscoasa#sh run
    : Saved
    :
    ASA Version 8.4(2)
    !
    hostname ciscoasa
    names
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.10.1.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address 12.12.12.1 255.255.255.0
    !
    object network obj_10.10.10.0
    subnet 10.10.1.0 255.255.255.0
    object network obj_192.168.1.0
    subnet 192.168.1.0 255.255.255.0
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network obj_static
    subnet 192.168.1.100 255.255.255.255
    !
    route inside 192.168.1.0 255.255.255.0 10.10.1.2 1
    route outside 0.0.0.0 0.0.0.0 12.12.12.2 1
    !
    !
    !
    object network obj_10.10.10.0
    nat (inside,outside) dynamic interface
    object network obj_192.168.1.0
    nat (inside,outside) dynamic interface
    object network obj_any
    nat (inside,outside) dynamic interface
    object network obj_static
    nat (inside,outside) static 12.12.12.100
    !
    !
    !
    !
    !
    !
    !
    telnet timeout 5
    ssh timeout 5
    !
    !
    !
    !
    !
    !
    !
    ciscoasa#

    See Also
    Enterprise Cyber Security

    Reply

  6. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (8)

    warren

    December 22, 2017 at 4:29 am

    This is very helpful the last firewall I touch was a pix, I think it was a 5510E, anyways now I have to support an ASA5520 V8.4. I have 2 questions is there a difference in configuring a 5505 and 5520? Also any advice I where I can read/watch online a step by step tutorial that can bring me up to speed on a 5520 ASA?

    Thank you all in advance!!

    Reply

  7. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (9)

    chelsie ortega

    December 9, 2016 at 1:27 am

    Practical post , Incidentally , people want a MD PFH Checklist , I encountered a fillable form here https://goo.gl/jdLFpY.

    Reply

  8. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (10)

    Dan

    October 21, 2015 at 11:42 am

    HOT DAMN! Thank you so much for the final piece of the puzzle for the setup: Configure Default Route. I’ve been messing with this for hours now not knowing it was required. Every other tutorial had no mention of this! Thanks again.

    Reply

    • Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (11)

      Daniele Besana

      October 22, 2015 at 12:45 am

      Glad it helped!

      Reply

  9. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (12)

    dmace

    April 3, 2015 at 7:50 am

    Good article. I’ve disconnected my ASA yesterday, as it couldn’t handle my Chromecast (something with UPnP), and i got non-the-wiser from the logs.
    It also cannot tunnel IPv6 through a broker.
    Still a nice apparatus, though.

    Reply

  10. Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (13)

    moel

    December 16, 2012 at 8:13 pm

    Can you add to the DMZ configuration. tk’s

    Reply

  1. Pingback: Preparing for Your Interview as a Network Engineer | Network Engineer Job

  2. Pingback: Network Engineer Interview Questions - Tips for Interviewing

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About us

RouterFreak is a blog dedicated to professional network engineers. We
focus on network fundamentals, product/service reviews, and career advancements.

Disclaimer

As an Amazon Associate, I earn from qualifying purchases.

RouterFreak is supported by its audience. We may receive a small commission from the affiliate links in this post, at no extra cost to our readers.

Topics

Recommended

Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (14)

Popular articles

  • How To Program A GE Universal Remote Without Codes
  • How To Sync Roku Remote Without Pairing Button
Cisco ASA 5505 Configuration: 6-Steps Easy Tutorial - RouterFreak (2024)

FAQs

How to connect Cisco ASA 5505 to internet? ›

Step 1 Connect one end of an Ethernet cable (not provided) to Ethernet 0 on the ASA. (By default, Ethernet 0 is the Outside interface.) Connect the other end to a cable/DSL modem or gateway router (the Outside network).

Read On
How to clear Cisco ASA configuration? ›

With [ciscoasa# write erase] you will erase configuration file in flash startup-configuration. After this use reload on ASA. You will get cleared ASA configuration file, without DHCP Server any interface configured no ip addresses or NAT as you will get with factory default restart.

Discover More Details
What is a Cisco ASA 5505 used for? ›

The Cisco ASA 5505 is a full-featured firewall for small business, branch, and enterprise teleworker environments. It delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, immediately operational appliance.

Continue Reading
How to configure router step by step Cisco? ›

Router setup steps
  1. Step 1: Decide where to place the router. ...
  2. Step 2: Connect to the Internet. ...
  3. Step 3: Configure the wireless router gateway. ...
  4. Step 4: Connect gateway to router. ...
  5. Step 5: Use app or web dashboard. ...
  6. Step 6: Create a username and password. ...
  7. Step 7: Update the router's firmware. ...
  8. Step 8: Create a Wi-Fi password.

See Details
Can Cisco ASA be used as a router? ›

You can use ASA 5550 for routing between VLANs and as a router-on-a-stick configuration. It supports routing features like static routes, dynamic routing protocols (e.g., OSPF), and VLAN interfaces. You can create VLAN interfaces on the ASA and route traffic between them. The ASA 5550 comes with Gigabit Ethernet ports.

Find Out More
What is the default IP address of ASA 5505? ›

ASA 5505—The switch port to which you connect to ASDM can be any port, except for Ethernet 0/0. ASA 5510 and higher—The interface to which you connect to ASDM is Management 0/0. The default management address is 192.168. 1.1.

Tell Me More
What is the default password for Cisco ASA 5505? ›

The ASA loads the default configuration instead of the startup configuration. Step 11 When prompted for the password, press Enter. The password is blank. The default configuration register value is 0x1.

Show Me More
What is the default configuration of a Cisco ASA? ›

The default factory configuration for the ASA 5510 and higher adaptive security appliance configures the following: The management interface, Management 0/0. If you did not set the IP address in the configure factory-default command, then the IP address and mask are 192.168. 1.1 and 255.255.

Explore More
How to clear configuration in Cisco router? ›

Clear the configuration of your switch based on the OS
  1. Log on to your switch, and enter the privileged EXEC mode by entering enable and then entering the enable password command.
  2. Enter clear config all to reset the entire system. You don't need to reload the switch because processing the command wipes the switch.
Nov 8, 2022

Continue Reading
What ports are on the Cisco ASA 5505? ›

The Cisco ASA 5505 features a flexible 8-port 10/100 Fast Ethernet switch, whose ports can be dynamically grouped to create up to three separate VLANs for home, business, and Internet traffic for improved network segmentation and security.

Show Me More

What are the 3 types of firewalls? ›

There are many types of firewall deployment architectures, including network-based (software), host-based (hardware), and cloud-based.

Read The Full Story
How much bandwidth does a Cisco ASA 5505 have? ›

The ASA 5505 has throughput of around 150Mbps.

See Details
What is the first step in configuring the firewall ASA? ›

Group Information Technology Manager
  • Step 1: Initial Setup. Connect to the ASA using a console cable and terminal emulation software like PuTTY or SecureCRT. ...
  • Step 2: Interface Configuration. Identify the physical interfaces (e.g., GigabitEthernet0/0, GigabitEthernet0/1) and their roles (e.g., outside, inside, DMZ).
Feb 22, 2024

Get More Info Here
How do I access my Cisco ASA 5506? ›

On the computer connected to the ASA, launch a web browser. In the Address field, enter the following URL: https://192.168.1.1/admin. The Cisco ASDM web page appears. If you connected your management computer to the ASA as a wireless client, you can access ASDM at https://192.168.10.1/admin.

Continue Reading
How to configure SSH on Cisco ASA 5506? ›

Setting Up SSH and Local Authentication on Cisco ASA
  1. Step 1: Configure aaa to use local database for ssh and console. ...
  2. Step 2: Create admin username with privilege 15 (username, P@ssw0rd) ...
  3. Step 3: Turn on password for enable. ...
  4. Step 4: Turn on serial console authentication. ...
  5. Step 5: Save the changes so far.
Oct 29, 2018

View More
Top Articles
Incorporated Foreign Subsidiaries: Subpart F of US Tax Code - GHJ
Velas Blockchain | Fastest EVM/eBPF Hybrid Chain
Oldgamesshelf
Diario Las Americas Rentas Hialeah
123Movies Encanto
Craftsman M230 Lawn Mower Oil Change
Is pickleball Betts' next conquest? 'That's my jam'
San Diego Terminal 2 Parking Promo Code
Toyota gebraucht kaufen in tacoma_ - AutoScout24
7.2: Introduction to the Endocrine System
Erskine Plus Portal
More Apt To Complain Crossword
Noaa Weather Philadelphia
Jefferson County Ky Pva
Category: Star Wars: Galaxy of Heroes | EA Forums
Western Razor David Angelo Net Worth
Jet Ski Rental Conneaut Lake Pa
Ladyva Is She Married
Miss America Voy Forum
Used Sawmill For Sale - Craigslist Near Tennessee
Puretalkusa.com/Amac
8664751911
Nick Pulos Height, Age, Net Worth, Girlfriend, Stunt Actor
Timeforce Choctaw
Pocono Recird Obits
12 Facts About John J. McCloy: The 20th Century’s Most Powerful American?
Il Speedtest Rcn Net
How To Find Free Stuff On Craigslist San Diego | Tips, Popular Items, Safety Precautions | RoamBliss
6892697335
Pain Out Maxx Kratom
Dexter Gomovies
How Do Netspend Cards Work?
Vip Lounge Odu
Emiri's Adventures
Grandstand 13 Fenway
new haven free stuff - craigslist
Ma Scratch Tickets Codes
Junior / medior handhaver openbare ruimte (BOA) - Gemeente Leiden
Devotion Showtimes Near Mjr Universal Grand Cinema 16
Shoreone Insurance A.m. Best Rating
Bbc Gahuzamiryango Live
The disadvantages of patient portals
WorldAccount | Data Protection
How to Install JDownloader 2 on Your Synology NAS
Frequently Asked Questions
Gt500 Forums
Is My Sister Toxic Quiz
Unpleasant Realities Nyt
Otter Bustr
Tweedehands camper te koop - camper occasion kopen
Secondary Math 2 Module 3 Answers
Latest Posts
Change Email Address: How to Move Emails to a New Provider
LibGuides: Making an A on your History Paper (Southshore): Sources to avoid
Article information

Author: Msgr. Benton Quitzon

Last Updated:

Views: 5470

Rating: 4.2 / 5 (63 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Msgr. Benton Quitzon

Birthday: 2001-08-13

Address: 96487 Kris Cliff, Teresiafurt, WI 95201

Phone: +9418513585781

Job: Senior Designer

Hobby: Calligraphy, Rowing, Vacation, Geocaching, Web surfing, Electronics, Electronics

Introduction: My name is Msgr. Benton Quitzon, I am a comfortable, charming, thankful, happy, adventurous, handsome, precious person who loves writing and wants to share my knowledge and understanding with you.