Solved

configuring ASA 5505

Posted on 2012-03-12
14
917 Views
Last Modified: 2012-04-07
I have a ASA 5505 ive not got alot of experience with Cisco Kit but need to configure this to work with the network.

when i first got it i didnt know the password so i reset the box following this guide

#############################################

If you don’t have the password and need to reset (which will erase all settings), do this.
 
Connect as above.
 
Power on the device.
 When it prompts to interrupt boot sequence, do so (press space).
 
It should prompt
 
rommon #0>
 
Type in:
 rommon #0> confreg
 
Should show something like:
 
Current Configuration Register: 0×00000001
 Configuration Summary:
 boot default image from Flash
 
Do you wish to change this configuration? y/n [n]:

Press n (don’t change)
 
We can reset the pass by setting register 0×41, so do this:
 
rommon #2> confreg 0×41
 
rommon #2> reboot
 
You now can login as the password has been removed.

#############################################

I then reset the device to factory default following this guide

http://www.mailbeyond.com/restoring-factory-defaults-to-the-cisco-asa5505-firewall-via-the-console#comment-6842

################################################

when i go through the steps i get to the part where i type config factory-default 192.168.1.1 255.255.255.0

after it does its stuff i can then get an IP from the box and surf the web (i cant ping) but then in the guide it says type 'reload save-config noconfirm’ this reboots the box and then once it comes back up i get a 169.254.217.251 please advise where i should go with this next.
0
Comment
Question by:firstnetsupport
  • 9
  • 5
14 Comments
 
LVL 5

Expert Comment

by:BAYCCS
ID: 37711254
"reload save-config noconfirm"

Instead of using this command simply do a "copy run stat" this will save the running config to the startup config in flash. Then if you want to reload just type "reload" After the device comes back up it should have saved your new base config.

If that works then you can proceed to setup the unit the the way you need to, and if you need help I/we are here.

After the base config is loaded you can either use the CLI to edit or the ASDM by accessing https://192.168.1.1
0
 

Author Comment

by:firstnetsupport
ID: 37713516
I have tried it again with your suggestion of copy run start but after the reload it fails still below is a copy of everything from start to finish with some ping tests inbetween.


any ideas?

CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45

Low Memory: 632 KB
High Memory: 507 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  01  00   1022   2080  Host Bridge
 00  01  02   1022   2082  Chipset En/Decrypt 11
 00  0C  00   1148   4320  Ethernet           11
 00  0D  00   177D   0003  Network En/Decrypt 10
 00  0F  00   1022   2090  ISA Bridge
 00  0F  02   1022   2092  IDE Controller
 00  0F  03   1022   2093  Audio              10
 00  0F  04   1022   2094  Serial Bus         9
 00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /asa831-k8.bin... Booting...
Platform ASA5505

Loading...
Àdosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 222 files, 30136/62844 clusters
dosfsck(/dev/hda1) returned 0
IO memory 39583744 bytes

Processor memory 382824448, Reserved memory: 62914560 (DSOs: 0 + kernel: 62914560)

Total SSMs found: 0

Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 503d.e5bb.d6ec
88E6095 rev 2 Ethernet @ index 07 MAC: 503d.e5bb.d6eb
88E6095 rev 2 Ethernet @ index 06 MAC: 503d.e5bb.d6ea
88E6095 rev 2 Ethernet @ index 05 MAC: 503d.e5bb.d6e9
88E6095 rev 2 Ethernet @ index 04 MAC: 503d.e5bb.d6e8
88E6095 rev 2 Ethernet @ index 03 MAC: 503d.e5bb.d6e7
88E6095 rev 2 Ethernet @ index 02 MAC: 503d.e5bb.d6e6
88E6095 rev 2 Ethernet @ index 01 MAC: 503d.e5bb.d6e5
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 503d.e5bb.d6ed
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x0d29c65e 0x5814f5ea 0x28518134 0x86e000c8 0x410327bd

Licensed features for this platform:
Maximum Physical Interfaces    : 8              perpetual
VLANs                          : 3              DMZ Restricted
Dual ISPs                      : Disabled       perpetual
VLAN Trunk Ports               : 0              perpetual
Inside Hosts                   : 10             perpetual
Failover                       : Disabled       perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
SSL VPN Peers                  : 2              perpetual
Total VPN Peers                : 10             perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Disabled       perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

This platform has a Base license.


Cisco Adaptive Security Appliance Software Version 8.3(1)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2010 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

*************************************************************************
**                                                                     **
**  Note that for a failover deployment, both devices in the pair      **
**  must have identical memory.                                        **
**                                                                     **
*************************************************************************
Ignoring startup configuration as instructed by configuration register.

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201203130822.log'
Type help or '?' for a list of available commands.
ciscoasa> ena
Password:
ciscoasa# config t
ciscoasa(config)# config factory-default 192.168.0.1 255.255.255.0

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for "outside" set to 0 by default.
Executing command: no shutdown
Executing command: ip address dhcp setroute
Executing command: exit
Executing command: interface vlan1
Executing command: nameif inside
INFO: Security level for "inside" set to 100 by default.
Executing command: ip address 192.168.0.1 255.255.255.0
Executing command: security-level 100
Executing command: allow-ssc-mgmt
ERROR: SSC card is not available
Executing command: no shutdown
Executing command: exit
Executing command: object network obj_any
Executing command: subnet 0.0.0.0 0.0.0.0
Executing command: nat (inside,outside) dynamic interface
Executing command: exit
Executing command: http server enable
Executing command: http 192.168.0.0 255.255.255.0 inside
Executing command: dhcpd address 192.168.0.5-192.168.0.36 inside
Executing command: dhcpd auto_config outside
Executing command: dhcpd enable inside
Executing command: logging asdm informational
Factory-default configuration is completed
ciscoasa(config)#

ciscoasa(config)# ping bbc.co.uk
                       ^
ERROR: % Invalid Hostname
ciscoasa(config)# ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ciscoasa(config)# ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa(config)# ping 192.168.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
ciscoasa(config)#


ciscoasa(config)# copy run start

Source filename [running-config]?
Cryptochecksum: eecac0e6 2777df73 adc1b122 45c5169e

1907 bytes copied in 1.520 secs (1907 bytes/sec)
ciscoasa(config)#



ciscoasa(config)# reload
Proceed with reload? [confirm]
ciscoasa(config)#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down File system



***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....

CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45

Low Memory: 632 KB
High Memory: 507 MB
PCI Device Table.
Bus Dev Func VendID DevID Class              Irq
 00  01  00   1022   2080  Host Bridge
 00  01  02   1022   2082  Chipset En/Decrypt 11
 00  0C  00   1148   4320  Ethernet           11
 00  0D  00   177D   0003  Network En/Decrypt 10
 00  0F  00   1022   2090  ISA Bridge
 00  0F  02   1022   2092  IDE Controller
 00  0F  03   1022   2093  Audio              10
 00  0F  04   1022   2094  Serial Bus         9
 00  0F  05   1022   2095  Serial Bus         9

Evaluating BIOS Options ...
Launch BIOS Extension to setup ROMMON

Cisco Systems ROMMON Version (1.0(12)13) #0: Thu Aug 28 15:55:27 PDT 2008

Platform ASA5505

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Launching BootLoader...
Default configuration file contains 1 entry.

Searching / for images to boot.

Loading /asa831-k8.bin... Booting...
Platform ASA5505

Loading...
Àdosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.
/dev/hda1: 224 files, 30137/62844 clusters
dosfsck(/dev/hda1) returned 0
IO memory 39583744 bytes

Processor memory 382824448, Reserved memory: 62914560 (DSOs: 0 + kernel: 62914560)

Total SSMs found: 0

Total NICs found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 503d.e5bb.d6ec
88E6095 rev 2 Ethernet @ index 07 MAC: 503d.e5bb.d6eb
88E6095 rev 2 Ethernet @ index 06 MAC: 503d.e5bb.d6ea
88E6095 rev 2 Ethernet @ index 05 MAC: 503d.e5bb.d6e9
88E6095 rev 2 Ethernet @ index 04 MAC: 503d.e5bb.d6e8
88E6095 rev 2 Ethernet @ index 03 MAC: 503d.e5bb.d6e7
88E6095 rev 2 Ethernet @ index 02 MAC: 503d.e5bb.d6e6
88E6095 rev 2 Ethernet @ index 01 MAC: 503d.e5bb.d6e5
y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 503d.e5bb.d6ed
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x0d29c65e 0x5814f5ea 0x28518134 0x86e000c8 0x410327bd

Licensed features for this platform:
Maximum Physical Interfaces    : 8              perpetual
VLANs                          : 3              DMZ Restricted
Dual ISPs                      : Disabled       perpetual
VLAN Trunk Ports               : 0              perpetual
Inside Hosts                   : 10             perpetual
Failover                       : Disabled       perpetual
VPN-DES                        : Enabled        perpetual
VPN-3DES-AES                   : Enabled        perpetual
SSL VPN Peers                  : 2              perpetual
Total VPN Peers                : 10             perpetual
Shared License                 : Disabled       perpetual
AnyConnect for Mobile          : Disabled       perpetual
AnyConnect for Cisco VPN Phone : Disabled       perpetual
AnyConnect Essentials          : Disabled       perpetual
Advanced Endpoint Assessment   : Disabled       perpetual
UC Phone Proxy Sessions        : 2              perpetual
Total UC Proxy Sessions        : 2              perpetual
Botnet Traffic Filter          : Disabled       perpetual
Intercompany Media Engine      : Disabled       perpetual

This platform has a Base license.


Cisco Adaptive Security Appliance Software Version 8.3(1)

  ****************************** Warning *******************************
  This product contains cryptographic features and is
  subject to United States and local country laws
  governing, import, export, transfer, and use.
  Delivery of Cisco cryptographic products does not
  imply third-party authority to import, export,
  distribute, or use encryption. Importers, exporters,
  distributors and users are responsible for compliance
  with U.S. and local country laws. By using this
  product you agree to comply with applicable laws and
  regulations. If you are unable to comply with U.S.
  and local laws, return the enclosed items immediately.

  A summary of U.S. laws governing Cisco cryptographic
  products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

  If you require further assistance please contact us by
  sending email to export@cisco.com.
  ******************************* Warning *******************************

Copyright (c) 1996-2010 by Cisco Systems, Inc.

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

                Cisco Systems, Inc.
                170 West Tasman Drive
                San Jose, California 95134-1706

*************************************************************************
**                                                                     **
**  Note that for a failover deployment, both devices in the pair      **
**  must have identical memory.                                        **
**                                                                     **
*************************************************************************
Ignoring startup configuration as instructed by configuration register.

INFO: MIGRATION - Saving the startup errors to file 'flash:upgrade_startup_errors_201203130829.log'
Type help or '?' for a list of available commands.
ciscoasa>






ciscoasa> ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
No route to host 192.168.0.1

Success rate is 0 percent (0/1)
ciscoasa> ping 192.168.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
No route to host 192.168.16.1

Success rate is 0 percent (0/1)
ciscoasa>
0
 

Author Comment

by:firstnetsupport
ID: 37724727
can anyone help with this?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 5

Expert Comment

by:BAYCCS
ID: 37724733
It looks like it saved the config
    INFO: MIGRATION - Saving the startup errors to file

I see why you can't ping
     No route to host 192.168.0.1
     No route to host 192.168.16.1


Can you do a sho run and post the config?
0
 

Author Comment

by:firstnetsupport
ID: 37724880
ill re run the whole thing and post the show run before it reboots and after
0
 
LVL 5

Expert Comment

by:BAYCCS
ID: 37724999
Is the config saving?
0
 

Author Comment

by:firstnetsupport
ID: 37725670
Please look at the attached files they are in order from start to finish

I don't think it is saving the config thats where i think my problem is but I'm a novice on Cisco kit... please let me know what you think?
1-load-default-config.txt
2-show-run-after-def-config.txt
3-copy-run-start.txt
4-reload.txt
5-show-run-after-reload.txt
0
 
LVL 5

Expert Comment

by:BAYCCS
ID: 37725693
Instead of doing a "copy run start" try the older command "write mem".
0
 

Author Comment

by:firstnetsupport
ID: 37725705
ill try it now
0
 

Author Comment

by:firstnetsupport
ID: 37725746
no i did the following:

ena
config t
config default-config 192.168.0.1 255.255.255.0
write mem

the show run (which is attached)
6-write-mem.txt
0
 

Author Comment

by:firstnetsupport
ID: 37725755
everytime i reload it just stops working..

after the write mem it did load a little slower (which gave me hope for a few seconds)
0
 
LVL 5

Expert Comment

by:BAYCCS
ID: 37726866
This is very interesting... I will review all your configs later tonight and give me a little time to think about this one.

In the meantime someone may have another suggestion.
0
 

Accepted Solution

by:
firstnetsupport earned 0 total points
ID: 37751910
I have managed to get the device to save the config i give it, I had to break the startup and set the register to back to default which was set to 0×41 as i had to wipe the password but didnt realise i had to change it back..

I now need some help with the configuration on the firewall, im not able to ping through the router and i need to open some ports for remote access to a server on the inside of the network..

If i provide a network map of what im trying to acheive could anyone help me with how i would configure the device to acheive this?
0
 

Author Closing Comment

by:firstnetsupport
ID: 37818700
This worked
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question