How to connect to an ASA 5505

Answered Question
Nov 11th, 2008

I have attached my new ASA 5505 to my computer with the network cable as described in section 5. I have verified that Firefox 3 has both Java and Javascript enabled. When I enter it times out with no connection.

I haved attempted to access it by connecting it to our LAN, then browsing it from various computers, both Linux and Windows. It always times out.

I have pressed and held the Reset button and tried again. No change.

The front and rear lights appear to indicate a proper connection, complete with activity.

Can you give me a hint as to what I have done wrong or should do differently or in addition ?

I have this problem too.
0 votes
Correct Answer by John Blakley about 7 years 11 months ago

I'm glad to help! Congratulations! :-)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (7 ratings)
John Blakley Tue, 11/11/2008 - 07:39

I'm not sure what the default address is, but your ASA should have come with a rollover cable. (It's a light blue, flat cable with an RJ45 connection on one end and a serial (DB9) connection on the other.)

I would connect this directly to the ASA on the console port. Open hyperterminal up on your PC, and select the appropriate com port.

The settings for Hyperterminal connection should be:

Baud Rate: 9600

Data Bits: 8

Stop Bits: 1

Parity: None

Flow Control: I leave default.

After you click connect, you can hit enter a few times to get data on the screen. Once in, check your ip addresses in there by doing a:

show ip address inside

Once you have your IP address, you should be able to get into it. Also, make sure that your LAN is addressed on the same subnet as the ASA or you'll have to put a workstation in the subnet.

--John Tue, 11/11/2008 - 07:53

Thank you. I'll do that now.

I suspect you provided some part of the answer, because my lan is not on the 1 subnet. That should not have stopped the direct connection, but it should stop the LAN attempt. Maybe with the rollover cable and hyperterminal I can change my Cisco subnet to match the LAN. Tue, 11/11/2008 - 08:14

At CISCOASA> I entered "show ip address inside"

I got CISCOASA> ERROR: % Invalid input detected at "^" marker.

The marker points to the p in ip.


John Blakley Tue, 11/11/2008 - 08:17


Ciscoasa> en

Hit may ask you for a password, if so, try Cisco and hit enter.

If that gets you in, type:

CISCOASA# sh ip address inside Tue, 11/11/2008 - 08:20

Thank you for the fast response.

It did ask for a password. It rejected Cisco.

Any idea what else it could be? I'll check through my booklet. Tue, 11/11/2008 - 08:32

Thank you. It was

I tried case variations and got locked out after 3 tries. My book says only to see my command line interface guide, and I can't find one in the box.

It showed me the ip, and it is indeed, How can I change that ?

John Blakley Tue, 11/11/2008 - 08:37

To do that, enter the following:

ASA# sh ip address inside

Find the Interface that the address is assigned to. I think it'll be VLAN2, but I'm not sure.

After you find that out, type:

ASA# conf t

ASA(config)# int vlan2 (or whatever interface it's on)

ASA(config-if)# ip address

So it would be like:

ip address

Don't use the above address, it's only for an example.

ASA(config-if)# exit

ASA(config)# exit

ASA# wr <-- this saves it.

Please rate if helpful. :-)

--John Tue, 11/11/2008 - 08:58

I do want to thank you for being so patient and thorough, complete with examples.

I was sure it was Vlan1, and it kept saying it conflicted with Vlan2. So I changed it to Vlan2 and it took it. I made it to put it on our subnet, and to avoid conflick with our yet to be removed Checkpoint firewall ending in 1.

Next I tried accessing It timed out.

I can hit any other ip on this subnet, but not this new Cisco firewall. Do you think it has to end in a 1? Tue, 11/11/2008 - 09:06

OK, here's what the book says.

Cisco adaptive security appliances are shipped with a factory-default configuration that enables quick startup. The ASA 5505 comes preconfigured with

* Two Vlans: VLAN1 and VLAN2

* VLAN 1 has the following properties:

- Named "inside"

- Allocated switch ports Ethernet 0/1 through Ethernet 0/7

- Security level 100

- IP address of

* VLAN2 has the following properties:

- Named "outside"

- Allocated switch port Ethernet 0/0

- Security level of 0

- Configured to obtain its IP address using DHCP

This is why I thought it would be VLan1. Also, with Vlan2 getting its ip from dhcp, it might get it from the Checkpoint firewall.

Also, with it connected to our subnet, it might start suppying IPs with its own dhcp server :O

What do you think ?

John Blakley Tue, 11/11/2008 - 09:07

Hmm, no it doesn't need to. Can you post your config here? To do that, you need to record the sh run to a text file in hyperterminal.

You'll go to Transfer/Capture Text, give it a name, and it will start to record.

Then at the ASA# prompt type show run and hit spacebar all the way until you get back to the ASA# again. Then you click Transfer/Capture Text/Stop

From the sound of it, it doesn't sound like the ASA is configured for any public access yet, so you should just be able to post the config here without modifying it. Just double check there are no public addresses in the config for your security.

--John Tue, 11/11/2008 - 09:19

Here's the link copied from by browser:

And here is the run shown:

show run

: Saved


ASA Version 7.2(3)


hostname ciscoasa

enable password encrypted



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


<--- More --->

interface Ethernet0/3

<--- More --->


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


passwd encrypted

ftp mode passive

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

<--- More --->

timeout uauth 0:05:00 absolute

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


dhcpd address inside

dhcpd enable inside



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

<--- More --->

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tft

John Blakley Tue, 11/11/2008 - 09:24

Well, a couple of things:

Is your workstation that you're trying to connect to the ASA with on the network, or is it on the network? If it's on the latter, you should connect your workstation to the back of the ASA and put your workstation statically on the network. This will get you into it.

If you are trying to connect to it from the network, you'll have to issue:

ASA# config t

ASA(config)# http outside

See if that works. You won't be able to ping from the side. ASA doesn't support pinging the opposite side of the device (from outside interface to inside). You can either ping the outside or inside, or through the device to another host on the inside from the outside.

John Tue, 11/11/2008 - 09:28

Now that makes all kind of sense.

Yes, its on 192.168.10. I'll put it on 192.168.1 and re-try the direct connection. Tue, 11/11/2008 - 09:36

On its subnet I connected :)

And it challenged me for a user name and password. Might you have an idea what might be the default username and password ? Tue, 11/11/2008 - 09:41

The book says to leave both blank and press enter. I did and I'm in.

Thank you very much. I certainly would not have gotten that on my own.

Now all I need is for you to post one more time so I can click on SOLVED :)


This Discussion