ASA 5506W-X FIREpower setup

postit001 · ‎07-22-2016

As a newbie in ASA configuration and use of ASDM I'm about to exchange some old non-Cisco firewalls with new ASA 5506W-X. This seems to be more confusing than first assumed. The infrastructure is fairly simple with a main office featuring an inside network with local servers and clients, a card payment terminal and a wifi network for guests and an IP surveillance camera. The first 5506W is supposed to keep this office secure and provide a VPN to the remote office. The remote office only contains the second 5506W and a client which needs access to the servers at the main office.

I've got connected to the main office 5506 with ASDM via the wifi interface, but I'm struggling to get it on net and make the traffic pass across interfaces. The unit is not run in default config due to it is going to fit in an existing infrastructure with static IP to the outside world. Please see the attached file for a visual presentation of the main office infrastructure. Unit is running ASA version 9.5 and ASDM version 7.5

After configuring the radio properties and running the startup wizard, i got in touch with the ASDM at the wifi interface. From there I've not got the traffic through to other interfaces. However I'm able to ping the outside internet gateway at the ISP and clients on the inside network with success from ASDM tools. This tells me the physical connections are ok, but I'm stuck in the traffic routing setup. Reading different setup guides hasn't helped me much further in the jungle of NAT, routes and rules. If someone has a valuable link to this type of setup or some smart config tricks to share, it would make my day.

Summer regards

I.B.

postit001 · ‎07-27-2016

The running config less public IP-address is as shown in the attached file. I'm only able to connect to the unit by the wifi interface using ASDM. Any attempt to connect via cable to inside port or management port is not successful when attaching my computer (via a switch) and setting the network adapter properties to fit the IP-addresses of the unit. How come? Does it require some additional config to access by cable?

I believe the ASA Firepower licence tab in the ASDM setup pane also is absent due to this. Hence the licence key is not reachable and I'm not able to activate any licences.

Any sensible solutions to try would be very welcome.

I.B.

postit001 · ‎08-23-2016

This is about to take to long. After spending a lot of time on noncooperative devices, I'm about to throw the ASA5506-units in the bin. I've never dealt with more confusing interfaces on a firewall regarding configuration. Lack of documentation and poor help-functions within ASDM doesn't help for the better.

Local representative is not helpful and doesn't even answer simple questions regarding config without a running servicecontract. What kind of after sales service is that supposed to be?

I'm still only able to get ASDM connected to the device via the wifi link. The radio setup worked fine, but after running ASDM Startup Wizard no normal traffic seems to pass across interfaces. I can ping from ASDM tools to inside and outside devices.

The config is as shown in the last post attached file. If anyone got some fresh tricks to share to get them running, I'll give the devices to live to the end of the week before throwing them away.

I.B.

postit001 · ‎09-03-2016

Thats it for my Cisco ASA5506W-X units. New devices are bought from an other manufacturer and they were up running in 2 days. Cisco has a long way to go making their ASAs configuration procedure handy. There should be no need for running a web-portal, an ASDM and a CLI + a second WEB-portal to configure a device. Everything should be in one user interface with proper help functions and a couple of hours aftersales services. I've learned and will probably not buy any other ASA-product again. I've got two new ASA 5506W-X for sale though.......

Regards

I.B.