ASA5506-X simple setup NOT understanding HELP

Myleslandish · ‎03-27-2024

I’m not sure if I’m posting this in the right spot; I’m new to this needing help with setup of a device.

I’ve been trying and failing at setting up my 5506. I have a few questions I think if I can get cleared up I can maybe get this working. Please help with understanding of a big lack in network management and understanding.

Is there any harm or misstep by not using the command line and solely using the ASDM to configure the device? I’m asking bc what’s absolutely made this process of trying to watch videos to see how to program the thing they ALL use a combination of CL and then it seems all that to just access the ASDM.

If I just wanted to have two interfaces set up. The internet service in and the second be the internet service out. I don’t need the device to manage a whole internal lan or anything. I’m sure this makes it simpler to explain.

Also, I’m not sure if it matters what my internet line in has as its IP and all that network info when choosing the ip address for that interface. That’s been part that’s thrown me off on understanding what ip’s to set the interfaces up.

My plan is to use my 5505 in basic setup as a switch that gets its internet to spread along from the 2nd (out) interface on the 5506 (the fire walled internet service out from the 5506)

So I guess there’s also the management port but that interface, and the service in, then last the out from the 5506. Another thing I’m unclear on is the security levels. Is the larger the number the higher security? 75 is more scrutiny than 50? They word that weird on everything too. Who writes this stuff lol. Anyways, thank you for any and all help.

Myleslandish · ‎03-27-2024

And one more question… What would cause this to happen? I’ve never seen that on anything and it happened when making the above post

Georg Pauwen · ‎03-30-2024

Hello,

weird indeed, as there is no obvious HTML in your post; maybe the text editor you used has inserted some hidden HTML. Try to copy and paste the text into a simple text editor (such as Notepad), and try to post again...

liviu.gheorghe · ‎03-30-2024

Hello @Myleslandish ,

you will need a combination of command line configuration at the beginning and after that you can download the ASDM from the ASA and start using it.

First of all you need to configure your management interface and your http server in order to be able to run ASDM:

interface Management0/0
management-only
nameif mgmt
security-level 100
ip address ip-address network-mask

http server enable

http allowed-IP-address network-mask mgmt

After you have configured your ASA management interface, enabled https server and specified from which IP addresses the ASA accepts connections, you can point your browser to the IP of the management interface: https://ASA management IP

Click on the Install ASDM Launcher and you are ready to go.

The security levels for the interfaces are like this - the higher the number, it represents an interface with higher security. Usually the inside interface is given security 100 and the outside interface is given security 0. A DMZ interface would have a security setting of 50 for example.

Hope this helps.

Regards, LG
*** Please Rate All Helpful Responses ***

Myleslandish · ‎04-05-2024

Ok, see idk if I’m the only one to be confused by the way the security levels are explained. And no matter how basic it’s explained or put in words it doesn’t clear it up for me. I would suspect that if I want the security to be higher meaning “more secure/harder to penetrate/less vulnerable” or words to that effect. And I assume that if I say I want these particular interfaces to have a high security level then I would set it to the highest number being the 100. Is this sounding more or less accurate to the idea or in the opposite direction?

On the 5506 front; I was finally able to get it set up just a few hours after making these posts in desperation to find out how. Then as luck would have it after I got the 5506 set up; I pull out the 5505 and somehow it’s lost it’s 192.168.1.1 IP setup and I can’t for the life of me figure out how to get it back. Everything I read on it says the reset button on the 5505 is basically useless so no help there. I’m beyond unfamiliar with tech nowadays but really want to get back in the know of things bc I’m far enough behind as it is. I’ve downloaded the putty program to try and open a command line to the device but it just keeps saying it can’t connect. Is there any way to figure out what the IP address is that way I can go straight into the ADSM? When I “ipconfig” on command prompt it gives an IP address of 169.something as does the second 5505 I ordered. Ik it originally had the factory setup IP address bc when I would connect it to Wi-Fi with an AP ip of the same the network was thrown out of wack. I’m thinking the odds that two different ASA5505’s wouldn’t just default to the same random IP address ranges on a whim so, if there’s anyone that that sounds familiar to that may have some insight or ideas please help. Also, thank you all for your help:)

balaji.bandi · ‎03-31-2024

as per my understanding, you like to use 5506 use for Internet FW - and 5505 act as Switch right.

You can setup 5505 as bridge / transparent mode to use Lan Interface to connect (this is FW not Switch so keep in mind)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Myleslandish · ‎04-18-2024

I was able to get the device up and running. Im new to this community and apologize if im not doing it right by clickimg which was helpful and which wasnt. In truth i got it up and running before i made it bk to even check the replies. But i still wanted to express my EMENSE appreciation and gratitude for ALL of your help and advice.

Myleslandish · ‎04-18-2024

Also, i was able to find an online explanation of the “0-100 security levels” and if im incorrect in what i say here please let me know so i can make needed changes accordingly. If i want MORE security on a particular interface and leave it LESS open to attack I need to set its security level to a HIGHER number on the security level… I figured this made the most sense but its just how everyone and every online explanation worded their descriptions of the security levels that threw me off.