0

Configuring a Basic ASAv Firewall with ASDM

Introduction

Cisco Adaptive Security Appliance is a Cisco Network Security product used by small, medium and large enterprises to provide firewall/VPN solutions.

In this lab, we are going to configure basic Cisco ASA device settings such as hostname, passwords as well as install and setup Cisco Adaptive Security Device Manager (ASDM).

The Cisco ASDM is a java application that can be used to manage the ASA firewall through a graphical user interface.

Build the topology.

I am running ASAv 9.6 in my lab. Am using EVE-NG as its the best for building topologies and emulating devices.

Inside your workspace, add new node and select Cisco ASAv with the following settings and click save;


Cisco ASAv 9.6

Once that is done you can go ahead and add a new Windows 7 machine. We are going to use this Windows 7 machine to set up our Cisco ASDM. Ensure that you have the latest java installed.

Add a new node and select windows 7 with the following settings;

Windows 7 machine

Next, connect the two devices as shown below. I have connected mine to the cloud node that will connect to the internet. This, however, is optional.

Once connected, you can power on both devices.
For the ASAv appliance, you will use putty (Windows) and terminal (linux) to access the Cisco IOS CLI which you will configure your device. For the Windows 7 machine, i am using VNC viewer which is used both on Linux and Windows.

Topology

Connect to your ASAv appliance and follow the configurations below:

Changing the hostname:

To change the hostname we are going to issue the command: hostname

ciscoasa# conf t
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# hostn
ciscoasa(config)# hostname GATEWAY-FW
GATEWAY-FW(config)#
GATEWAY-FW(config)#
GATEWAY-FW(config)#
GATEWAY-FW(config)#

Set the enable password

You can change the enable password to prevent privilege escalation to the global configuration mode.
You can use the enable password command to change the password as below;

GATEWAY-FW(config)#
GATEWAY-FW(config)# enable
GATEWAY-FW(config)# enable pass
GATEWAY-FW(config)# enable password strongpass
GATEWAY-FW(config)#

Set Interface IP Address


We are now going to set the interface for our LAN and WAN interfaces as below;

NB. In my lab, i have connected the WAN interface to the cloud (0) that will connect to the internet. This may not be necessary on your side. My WAN ip will be 192.168.183.xx via DHCP. This is for demo purposes and basic configurations

GATEWAY-FW(config)#
GATEWAY-FW(config)#
GATEWAY-FW(config)# interf
GATEWAY-FW(config)# interface gig
GATEWAY-FW(config)# interface gigabitEthernet 0/1
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# ip add 10.10.10.1 255.255.255.0
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# nameif
GATEWAY-FW(config-if)# nameif INSIDE
GATEWAY-FW(config-if)# desc
GATEWAY-FW(config-if)# description LINK TO INSIDE LAN
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# no shut
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)#

GATEWAY-FW(config)# int gig
GATEWAY-FW(config)# int gigabitEthernet 0/0
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# ip add dhcp
GATEWAY-FW(config-if)# ip add dhcp
GATEWAY-FW(config-if)# nameif OUTSIDE
INFO: Security level for "OUTSIDE" set to 0 by default.
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# description LINK TO WAN
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# NO SHUT
GATEWAY-FW(config-if)#
GATEWAY-FW(config-if)# exit
GATEWAY-FW(config)#

You can exit from the interface configuration and exit again from the global configuration mode. You can verify your interface configuration;

GATEWAY-FW# show ip address
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
GigabitEthernet0/0       OUTSIDE                192.168.183.146 255.255.255.0   DHCP
GigabitEthernet0/1       INSIDE                 10.10.10.1      255.255.255.0   manual
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
GigabitEthernet0/0       OUTSIDE                192.168.183.146 255.255.255.0   DHCP
GigabitEthernet0/1       INSIDE                 10.10.10.1      255.255.255.0   manual
GATEWAY-FW#

Set up Cisco ASDM – Adaptive Security Device Manager

From the Cisco IOS CLI you can continue with configurations, but since we have Cisco ASDM to manage and configure our firewall through a GUI we will set up our Cisco ASDM on the windows 7 machine.

First, our ASAv hasn’t been configured as our DHCP server, so we will assign our windows 7 machine with static IP in the subnet – 10.10.10.0/24 as below;

From here we should be able to ping our gateway at 10.10.10.1 which is our LAN interface on the ASAv appliance.

In order to allow use to set up and use ASDM we are going to enable the http server on our CLI in order to run the Device Manager.

Lets enable the http server on our Cisco ASA with the following configurations;

GATEWAY-FW(config)#
GATEWAY-FW(config)# http serv
GATEWAY-FW(config)# http server en
GATEWAY-FW(config)# http server enable
GATEWAY-FW(config)#
GATEWAY-FW(config)#
GATEWAY-FW(config)#
GATEWAY-FW(config)# http
GATEWAY-FW(config)# http 10.10.10.0 255.255.255.0 INSID
GATEWAY-FW(config)# http 10.10.10.0 255.255.255.0 INSIDE

Save your configuration and write to memory

Using the command http server enable without specifying the port number, the default will be set to port 443.

We will set up a username and password to access the ASDM.

GATEWAY-FW(config)#
GATEWAY-FW(config)#
GATEWAY-FW(config)# username admin password admin
GATEWAY-FW(config)#

We then head over to our windows 7 machine and type in our browser https://10.10.10.1 which is our appliance.

Your page will load as below;

You can choose your prefered option on how you want to run your ASDM. I am going to Install ASDM launcher and run it as a local application. If you are not enable to launch the application ensure that you have an updated/compatible java on your machine.

It will prompt for the username and password that you set up in your CLI. Finally accept any certificates from the dialog box and your Cisco ASDM Launcher will appear like below.

From here configurations will be made easier through a graphical user interface.

That’s it folks. We have come to the end of our lab. We will then configure DHCP, Routing, Firewall rules e.t.c in our next lab. Stay tuned!

bl4ckwidow

Co-Founder of Labing Overload. I am a Web Developer/Network Engineer turned CyberSecurity Engineer. FOSS enthusiast. Cisco Technologies enthusiast. Network Penetration Tester.

Leave a Reply

Your email address will not be published. Required fields are marked *