RE: ASA OOB Management

Adam,

> -----Original Message-----
> Sent: Sunday, June 06, 2010 3:18 PM
> To: karim jamali
> Cc: Cisco certification
> Subject: Re: ASA OOB Management
>
> Hello Karim,
>
> Please see below the factory configs:
>
> hostname ciscoasa
> enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU
> encrypted names !
> interface GigabitEthernet0/0
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface GigabitEthernet0/1
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface GigabitEthernet0/2
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface GigabitEthernet0/3
> shutdown
> no nameif
> no security-level
> no ip address
> !
> interface Management0/0
> nameif management
> security-level 100
> ip address 192.168.1.1 255.255.255.0
> management-only
> !
> ftp mode passive
> pager lines 24
> logging asdm informational
> mtu management 1500
> no failover
> icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout
> 14400 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp
> 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp
> 0:05:00 mgcp-pat
> 0:05:00
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
> 0:02:00
> timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-
> access-policy-record DfltAccessPolicy http server enable http 192.168.1.0
> 255.255.255.0 management no snmp-server location no snmp-server contact
> snmp-server enable traps snmp authentication linkup linkdown coldstart
> crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-
> association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console
> timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd
> enable management !
> threat-detection basic-threat
> threat-detection statistics access-list
> no threat-detection statistics tcp-intercept !
> class-map inspection_default
> match default-inspection-traffic
> !
> !
> policy-map type inspect dns preset_dns_map parameters
> message-length maximum 512
> policy-map global_policy
> class inspection_default
> inspect dns preset_dns_map
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
> !
> service-policy global_policy global
> prompt hostname context
>
> what u have suggested is correct for my scenario but i want to clear things
> more. Can u suggest now by watching the default configs from factory.
>

Have you tried checking the documentation. I would start here:

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/setup.html#wpxref79743

If that's your config, you don't have security level's and nameif's configured. Assuming that you're running NAT, you'll need at very least to define one interface as outside (will set your security-level to 0 by default) and one interface as inside (will set your security-level to 100 by default). Then you'll need IP addresses, a default route, a global, and nat.

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 06 2010 - 19:35:47 ART