problems with basic config ASA 5505

stevew295 · ‎07-28-2008

new ASA 5505, tying to configure it, inside LAN is 192.168.2.x/23 (255.255.254.0). I connect to ASA5505 using ASDM ok when it is on the default 192.168.1.1. I change the ip on 'inside' vlan, and of course lose connection to it. It apparently doesn't totally save the info, though, because I can't connect to it using the new info. So, I made a vlan3, using port 0/2, using ip of 192.168.2.x/23 while connected to 192.168.1.1. Then I changed ip of my computer from 192.168.1.x to 192.168.2.x/23 but cannot even ping that port/ip on the ASA while connected to port 0/2. I switched computer back, and connected again to 192.168.1.1 and it does appear that my new settings for 0/2 are still there, so I'm not sure how to proceed? Thanks.

mherald · ‎07-28-2008

You could try:

ciscoasa#config t

ciscoasa(config)#configure factory-default ip-address

I am unsure if you can add a mask to that, but it *should* come up with your new IP address.

Mike

stevew295 · ‎08-18-2008

Sorry, had family emergency and was off for 2 weeks, then when came back had other work to catch up on.

Thanks for the reply. It would appear that the command you provided sets it back to default settings. I was able to set it back to default settings, but am now unsure as how to proceed to get the "inside" set to 192.168.2.0/23 and still be able to access it.

If I go back in, I can change "inside" to 192.168.2.1/23, but lose connection, so it "sort of" gets saved, in the respect that sometimes I can ping it, sometimes not. But can never connect to it.

Thanks, and sorry again about the delay.

Farrukh Haroon · ‎08-18-2008

Before you change the IP, you need to give this new IP address access to telnet/ASDM.

asdm location ...

telnet ... interface

Also are you keeping the same security level for both interfaces?

Regards

Farrukh

stevew295 · ‎08-19-2008

I had finally gotten it set back to factory defaults, so I had already tried again prior to seeing your reply.

I simply used ASDM to change 0/1 IP to 192.168.2.1/23 and then changed computer's IP. Connected via console, and it seemed ok.

But, no matter what, I cannot connect using the ASDM once I change the IP. I can ping the ASA fine, and connect thru console, but not ASDM.

Since I just changed IP this time, didn't try to set up a VLAN, I didn't change any security level or anything.

Thanks

albertom · ‎08-19-2008

I believe you have to authorize your new network to access the http services on the asa. Try the following from a command line:

asa(config)# http 192.168.2.0 255.255.254.0 inside

asa(config)# write memory

Regards,

Alberto

stevew295 · ‎08-19-2008

thanks, that did the trick. Can't you set that in ASDM? I'd hate to have to do that whenever I change the internal IP (just trying to learn it right now, not in service yet).

Steve

albertom · ‎08-20-2008

Yes this can be configured in ASDM. Let's say you decided to change your internal address to 10.10.10.1 / 255.255.255.0

You will want to authorize this new network prior to making the ip address change so you can manage the ASA after you apply the new settings.

In ASDM click on the Configuration Icon then in the left pane at the bottom choose Properties. Then in the pane to the right choose Device Access and click on HTTPS/ASDM.

Click ADD.

Interface Name: Inside

IP Address: 10.10.10.0

Mask: 255.255.255.0

Regards,

Alberto

stevew295 · ‎08-19-2008

Wasn't aware needed to give the IP address access, but have done so now. Ok now.

basic question on security, since you mentioned it, why is the default "outside" level 0, isn't the lowest security? Shouldn't it be 100?

Thanks, Steve

Farrukh Haroon · ‎08-19-2008

This is how Cisco has named it. A higher security level implies a 'more secure' zone. As in a 'safer' place :) Since its already 'more secure'/safe the firewall can be a little lenient that that zone.

Regards

Farrukh