I haved attempted to access it by connecting it to our LAN, then browsing it from various computers, both Linux and Windows. It always times out.
I have pressed and held the Reset button and tried again. No change.
The front and rear lights appear to indicate a proper connection, complete with activity.
Can you give me a hint as to what I have done wrong or should do differently or in addition ?
Solved! Go to Solution.
I'm not sure what the default address is, but your ASA should have come with a rollover cable. (It's a light blue, flat cable with an RJ45 connection on one end and a serial (DB9) connection on the other.)
I would connect this directly to the ASA on the console port. Open hyperterminal up on your PC, and select the appropriate com port.
The settings for Hyperterminal connection should be:
Baud Rate: 9600
Data Bits: 8
Stop Bits: 1
Flow Control: I leave default.
After you click connect, you can hit enter a few times to get data on the screen. Once in, check your ip addresses in there by doing a:
show ip address inside
Once you have your IP address, you should be able to get into it. Also, make sure that your LAN is addressed on the same subnet as the ASA or you'll have to put a workstation in the 192.168.1.0/24 subnet.
Thank you. I'll do that now.
I suspect you provided some part of the answer, because my lan is not on the 1 subnet. That should not have stopped the direct connection, but it should stop the LAN attempt. Maybe with the rollover cable and hyperterminal I can change my Cisco subnet to match the LAN.
At CISCOASA> I entered "show ip address inside"
I got CISCOASA> ERROR: % Invalid input detected at "^" marker.
The marker points to the p in ip.
Hit enter...it may ask you for a password, if so, try Cisco and hit enter.
If that gets you in, type:
CISCOASA# sh ip address inside
Thank you for the fast response.
It did ask for a password. It rejected Cisco.
Any idea what else it could be? I'll check through my booklet.
Thank you. It was
I tried case variations and got locked out after 3 tries. My book says only to see my command line interface guide, and I can't find one in the box.
It showed me the ip, and it is indeed 192.168.1.1, How can I change that ?
To do that, enter the following:
ASA# sh ip address inside
Find the Interface that the 192.168.1.1 address is assigned to. I think it'll be VLAN2, but I'm not sure.
After you find that out, type:
ASA# conf t
ASA(config)# int vlan2 (or whatever interface it's on)
ASA(config-if)# ip address
So it would be like:
ip address 220.127.116.11 255.255.255.0
Don't use the above address, it's only for an example.
Please rate if helpful. :-)
I do want to thank you for being so patient and thorough, complete with examples.
I was sure it was Vlan1, and it kept saying it conflicted with Vlan2. So I changed it to Vlan2 and it took it. I made it 192.168.10.11 to put it on our subnet, and to avoid conflick with our yet to be removed Checkpoint firewall ending in 1.
Next I tried accessing 192.168.10.11. It timed out.
I can hit any other ip on this subnet, but not this new Cisco firewall. Do you think it has to end in a 1?
OK, here's what the book says.
Cisco adaptive security appliances are shipped with a factory-default configuration that enables quick startup. The ASA 5505 comes preconfigured with
* Two Vlans: VLAN1 and VLAN2
* VLAN 1 has the following properties:
- Named "inside"
- Allocated switch ports Ethernet 0/1 through Ethernet 0/7
- Security level 100
- IP address of 192.168.1.1 255.255.255.0
* VLAN2 has the following properties:
- Named "outside"
- Allocated switch port Ethernet 0/0
- Security level of 0
- Configured to obtain its IP address using DHCP
This is why I thought it would be VLan1. Also, with Vlan2 getting its ip from dhcp, it might get it from the Checkpoint firewall.
Also, with it connected to our subnet, it might start suppying IPs with its own dhcp server :O
What do you think ?
Hmm, no it doesn't need to. Can you post your config here? To do that, you need to record the sh run to a text file in hyperterminal.
You'll go to Transfer/Capture Text, give it a name, and it will start to record.
Then at the ASA# prompt type show run and hit spacebar all the way until you get back to the ASA# again. Then you click Transfer/Capture Text/Stop
From the sound of it, it doesn't sound like the ASA is configured for any public access yet, so you should just be able to post the config here without modifying it. Just double check there are no public addresses in the config for your security.
Here's the link copied from by browser:
And here is the run shown:
ASA Version 7.2(3)
enable password encrypted
ip address 192.168.1.1 255.255.255.0
ip address 192.168.10.11 255.255.255.0
switchport access vlan 2
<--- More --->
<--- More --->
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
<--- More --->
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
policy-map type inspect dns preset_dns_map
message-length maximum 512
<--- More --->
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
Well, a couple of things:
Is your workstation that you're trying to connect to the ASA with on the 192.168.1.0 network, or is it on the 192.168.10.0 network? If it's on the latter, you should connect your workstation to the back of the ASA and put your workstation statically on the 192.168.1.0 network. This will get you into it.
If you are trying to connect to it from the 192.168.10.0 network, you'll have to issue:
ASA# config t
ASA(config)# http 192.168.10.0 255.255.255.0 outside
See if that works. You won't be able to ping 192.168.1.1 from the 192.168.10.0 side. ASA doesn't support pinging the opposite side of the device (from outside interface to inside). You can either ping the outside or inside, or through the device to another host on the inside from the outside.
Now that makes all kind of sense.
Yes, its on 192.168.10. I'll put it on 192.168.1 and re-try the direct connection.
On its subnet I connected :)
And it challenged me for a user name and password. Might you have an idea what might be the default username and password ?
The book says to leave both blank and press enter. I did and I'm in.
Thank you very much. I certainly would not have gotten that on my own.
Now all I need is for you to post one more time so I can click on SOLVED :)