problems with basic config ASA 5505

Unanswered Question
Jul 28th, 2008
User Badges:

new ASA 5505, tying to configure it, inside LAN is 192.168.2.x/23 ( I connect to ASA5505 using ASDM ok when it is on the default I change the ip on 'inside' vlan, and of course lose connection to it. It apparently doesn't totally save the info, though, because I can't connect to it using the new info. So, I made a vlan3, using port 0/2, using ip of 192.168.2.x/23 while connected to Then I changed ip of my computer from 192.168.1.x to 192.168.2.x/23 but cannot even ping that port/ip on the ASA while connected to port 0/2. I switched computer back, and connected again to and it does appear that my new settings for 0/2 are still there, so I'm not sure how to proceed? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mherald Mon, 07/28/2008 - 17:40
User Badges:

You could try:

ciscoasa#config t

ciscoasa(config)#configure factory-default ip-address

I am unsure if you can add a mask to that, but it *should* come up with your new IP address.


stevew295 Mon, 08/18/2008 - 16:48
User Badges:

Sorry, had family emergency and was off for 2 weeks, then when came back had other work to catch up on.

Thanks for the reply. It would appear that the command you provided sets it back to default settings. I was able to set it back to default settings, but am now unsure as how to proceed to get the "inside" set to and still be able to access it.

If I go back in, I can change "inside" to, but lose connection, so it "sort of" gets saved, in the respect that sometimes I can ping it, sometimes not. But can never connect to it.

Thanks, and sorry again about the delay.

Farrukh Haroon Mon, 08/18/2008 - 23:25
User Badges:
  • Red, 2250 points or more

Before you change the IP, you need to give this new IP address access to telnet/ASDM.

asdm location ...

telnet ... interface

Also are you keeping the same security level for both interfaces?



stevew295 Tue, 08/19/2008 - 09:22
User Badges:

I had finally gotten it set back to factory defaults, so I had already tried again prior to seeing your reply.

I simply used ASDM to change 0/1 IP to and then changed computer's IP. Connected via console, and it seemed ok.

But, no matter what, I cannot connect using the ASDM once I change the IP. I can ping the ASA fine, and connect thru console, but not ASDM.

Since I just changed IP this time, didn't try to set up a VLAN, I didn't change any security level or anything.


albertom Tue, 08/19/2008 - 11:21
User Badges:

I believe you have to authorize your new network to access the http services on the asa. Try the following from a command line:

asa(config)# http inside

asa(config)# write memory



stevew295 Tue, 08/19/2008 - 19:51
User Badges:

thanks, that did the trick. Can't you set that in ASDM? I'd hate to have to do that whenever I change the internal IP (just trying to learn it right now, not in service yet).


albertom Wed, 08/20/2008 - 06:23
User Badges:

Yes this can be configured in ASDM. Let's say you decided to change your internal address to /

You will want to authorize this new network prior to making the ip address change so you can manage the ASA after you apply the new settings.

In ASDM click on the Configuration Icon then in the left pane at the bottom choose Properties. Then in the pane to the right choose Device Access and click on HTTPS/ASDM.

Click ADD.

Interface Name: Inside

IP Address:




stevew295 Tue, 08/19/2008 - 19:49
User Badges:

Wasn't aware needed to give the IP address access, but have done so now. Ok now.

basic question on security, since you mentioned it, why is the default "outside" level 0, isn't the lowest security? Shouldn't it be 100?

Thanks, Steve

Farrukh Haroon Tue, 08/19/2008 - 21:24
User Badges:
  • Red, 2250 points or more

This is how Cisco has named it. A higher security level implies a 'more secure' zone. As in a 'safer' place :) Since its already 'more secure'/safe the firewall can be a little lenient that that zone.




This Discussion