Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problems with basic config ASA 5505

new ASA 5505, tying to configure it, inside LAN is 192.168.2.x/23 (255.255.254.0). I connect to ASA5505 using ASDM ok when it is on the default 192.168.1.1. I change the ip on 'inside' vlan, and of course lose connection to it. It apparently doesn't totally save the info, though, because I can't connect to it using the new info. So, I made a vlan3, using port 0/2, using ip of 192.168.2.x/23 while connected to 192.168.1.1. Then I changed ip of my computer from 192.168.1.x to 192.168.2.x/23 but cannot even ping that port/ip on the ASA while connected to port 0/2. I switched computer back, and connected again to 192.168.1.1 and it does appear that my new settings for 0/2 are still there, so I'm not sure how to proceed? Thanks.

9 REPLIES
New Member

Re: problems with basic config ASA 5505

You could try:

ciscoasa#config t

ciscoasa(config)#configure factory-default ip-address

I am unsure if you can add a mask to that, but it *should* come up with your new IP address.

Mike

New Member

Re: problems with basic config ASA 5505

Sorry, had family emergency and was off for 2 weeks, then when came back had other work to catch up on.

Thanks for the reply. It would appear that the command you provided sets it back to default settings. I was able to set it back to default settings, but am now unsure as how to proceed to get the "inside" set to 192.168.2.0/23 and still be able to access it.

If I go back in, I can change "inside" to 192.168.2.1/23, but lose connection, so it "sort of" gets saved, in the respect that sometimes I can ping it, sometimes not. But can never connect to it.

Thanks, and sorry again about the delay.

Re: problems with basic config ASA 5505

Before you change the IP, you need to give this new IP address access to telnet/ASDM.

asdm location ...

telnet ... interface

Also are you keeping the same security level for both interfaces?

Regards

Farrukh

New Member

Re: problems with basic config ASA 5505

I had finally gotten it set back to factory defaults, so I had already tried again prior to seeing your reply.

I simply used ASDM to change 0/1 IP to 192.168.2.1/23 and then changed computer's IP. Connected via console, and it seemed ok.

But, no matter what, I cannot connect using the ASDM once I change the IP. I can ping the ASA fine, and connect thru console, but not ASDM.

Since I just changed IP this time, didn't try to set up a VLAN, I didn't change any security level or anything.

Thanks

New Member

Re: problems with basic config ASA 5505

I believe you have to authorize your new network to access the http services on the asa. Try the following from a command line:

asa(config)# http 192.168.2.0 255.255.254.0 inside

asa(config)# write memory

Regards,

Alberto

New Member

Re: problems with basic config ASA 5505

thanks, that did the trick. Can't you set that in ASDM? I'd hate to have to do that whenever I change the internal IP (just trying to learn it right now, not in service yet).

Steve

New Member

Re: problems with basic config ASA 5505

Yes this can be configured in ASDM. Let's say you decided to change your internal address to 10.10.10.1 / 255.255.255.0

You will want to authorize this new network prior to making the ip address change so you can manage the ASA after you apply the new settings.

In ASDM click on the Configuration Icon then in the left pane at the bottom choose Properties. Then in the pane to the right choose Device Access and click on HTTPS/ASDM.

Click ADD.

Interface Name: Inside

IP Address: 10.10.10.0

Mask: 255.255.255.0

Regards,

Alberto

New Member

Re: problems with basic config ASA 5505

Wasn't aware needed to give the IP address access, but have done so now. Ok now.

basic question on security, since you mentioned it, why is the default "outside" level 0, isn't the lowest security? Shouldn't it be 100?

Thanks, Steve

Re: problems with basic config ASA 5505

This is how Cisco has named it. A higher security level implies a 'more secure' zone. As in a 'safer' place :) Since its already 'more secure'/safe the firewall can be a little lenient that that zone.

Regards

Farrukh

964
Views
0
Helpful
9
Replies
CreatePlease to create content