Thursday, May 13, 2010

Cisco ASA 5500 Firewall Configuration - User Interface and Access Modes

By: Harris Andrea




This article describes the user interface and access modes and commands associated with the operation of Cisco ASA 5500 firewall appliances. We assume that you know how to connect to the appliance using a console cable (the blue flat cable with RJ-45 on one end, and DB-9 Serial on the other end) and a Terminal Emulation software (e.g HyperTerminal), and how to use basic Command Line Interface.

A Cisco ASA security appliance has four main administrative access modes:



  • Monitor Mode:
    Displays the monitor> prompt. A special mode that enables you to update the image over the network or to perform password recovery. While in the monitor mode, you can enter commands to specify the location of a TFTP server and the location of the software image or password recovery binary image file to download. You access this mode by pressing the "Break" or "ESC" keys immediately after powering up the appliance.

  • Unprivileged Mode:
    Displays the > prompt. Available when you first access the appliance. If the appliance is a Cisco PIX 500 series, the prompt for unprivileged mode is pixfirewall> and if the appliance is the new Cisco ASA 5500 Series, the prompt is ciscoasa>
    This mode provides restricted view of the security appliance. You cannot configure anything from this mode. To get started with configuration, the first command you need to know is the enable command. Type enable and hit Enter. The initial password is empty, so hit Enter again to move on the next access mode (Privileged Mode).

    ciscoasa> enable <-- Unprivileged Mode
    password: <-- Enter a password here (initially its blank)
    ciscoasa# <-- Privileged Mode

  • Privileged Mode:
    Displays the # prompt. Enables you to change the current settings. Any unprivileged command also works in this mode. From this mode you can see the current configuration by using show running-config. Still, you cannot configure anything yet until you go to Configuration Mode. You access the Configuration Mode using the "configure terminal" command from the Privileged Mode.

  • Configuration Mode:
    This mode displays the (config)# prompt. Enables you to change all system configuration settings. Use exit from each mode to return to the previous mode.


ciscoasa> enable <-- Unprivileged Mode
password: <-- Enter a password here (initially its blank)
ciscoasa# configure terminal <-- Privileged Mode
ciscoasa(config)# <-- Configuration Mode
ciscoasa(config)# exit
ciscoasa# exit <-- Back to Privileged Mode
ciscoasa> <-- Back to Unprivileged Mode

The (config)# mode is sometimes called Global Configuration Mode. Some configuration commands from this mode enter a command-specific mode and the prompt changes accordingly. For example the interface command enters interface configuration mode as shown below:

ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# <-- Configure Interface specific parameters



About the Author


Harris Andrea is a Cisco Certified Network Professional (CCNP) and Cisco Certified Security Professional (CCSP) with more than 10 years experience in the networking field. He is currently employed as a network security senior engineer in a leading ISP company in Europe. He has designed and implemented several projects involving Cisco ASA/PIX firewalls and other Cisco products and technologies.
You can learn how to configure any Cisco ASA Firewall Here.
Go ahead and check out Harris Web Page for more related details about Cisco ASA 5500 Firewalls.

(ArticlesBase SC #877815)


Article Source: http://www.articlesbase.com/ - Cisco ASA 5500 Firewall Configuration - User Interface and Access Modes






Related Articles:


Free CCNA tutorial about Cisco IOS Software Cisco Router Configuration modes and Cisco CLI Command Line Interface

The majority of Cisco routers run Cisco IOS Software with the command-line interface (CLI). The CLI is used to interface with the device and send commands to the device. This is achieved through the use of a terminal, a terminal emulator, or a Telnet connection...



How To Create And Manage Accesscontrol Lists On Cisco Asa And Pix Firewalls

Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface. ACLs are based on various criteria including protocol type source IP address, destination IP address, source port number, and/or destination port number.Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface...



Understanding The Eight Base Commands On A Cisco Asa Security Appliance

There are literally thousands of commands and sub-commands available to configure a Cisco security appliance. As you gain knowledge of the appliance, you will use more and more of the commands. Initially, however, there are just a few commands required to configure basic functionality on the appliance...



Cisco CBAC a The Poor Mans Firewall





Password Recovery On The Cisco Asa Security Appliance

In this article, I'll explain how to perform a password "reset" on your Cisco ASA security appliance. The more commonly used term for this procedure is "password recovery" which is left over from the days when you could actually view passwords in configuration files in plain text. Today, such passwords are encrypted and not actually recoverable...



Looking for a Secure Migration for Cisco SSL VPN Remote Access

One of the vexing issues facing enterprises today €“ is how to realize the administrative cost savings and increase user functionality of Cisco€™s ASA SSL VPN offering. Many CIO's have trouble with the implementation of a migration solution. Ensuring secure remote access with user and enterprise friendly solutions can be a difficult challenge indeed...



On the Importance of Good User Interface Design

It seems obvious, but it's often ignored. A good user interface design can spell the difference between acceptance of a software product and its failure in the marketplace. If the end-users find the software to be too cumbersome or difficult to understand, then an otherwise excellent product could be doomed to failure...



CCNA Certification Three Occasions To Reload Or Reopen A Cisco Router Interface

Passing the CCNA certification exam means that you know how to configure and troubleshoot a Cisco router instead of using what I call the "hope method" - you know, "Let's reload the router and hope that takes care of it." The majority of Cisco router configurations take effect without the need for a reload, but every once in a while you just have to reload a router or shut and reopen an interface. Let's take a look at three such scenarios...



CCNA Cisco Certification Training Case Study How Multiple Passwords Affect Router Access

Your CCNA certification exam efforts must include practicing with different password types and knowing how to configure them on a Cisco router - but for CCNA exam success and to thrive in real-world networks, you also have to know how to examine a Cisco router configuration and determine the level of network security that is already present. After all, most routers you work with already have passwords set, and it's up to you to determine if those passwords are getting the job done.Your CCNA certification exam efforts must include practicing with different password types and knowing how to configure them on a Cisco router - but for CCNA exam success and to thrive in real-world networks, you also have to know how to examine a Cisco router configuration and determine the level of network security that is already present...



Finding the Logged in User during Access Database Corruption

When the Access Database gets corrupted, in few of the cases you need to know which of the user is logged into the database. This can help to know the reason and probably the way of Access recovery. The users can take benefit of getting the list of users who are at the time logged into the database...

Most Recent News





More Related Articles


CCNA Certification Exam Tutorial Cisco Switching Modes

To pass the CCNA exam and earn this important certification, you've got to know switching inside and out. While you're learning all the basic switching theory, make sure to spend some time with the one of three switching modes Cisco routers can use.To pass the CCNA exam and earn this important certification, you've got to know switching inside and out...



Cisco CCNA Certification Exam Tutorial Access List Details You Must Know

To pass the CCNA exam, you have to be able to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you'll see more and more uses for ACLs. Therefore, you had better know the basics!To pass the CCNA exam, you have to be able to write and troubleshoot access lists...



Cisco CCNP BSCI Exam Tutorial The Passive Interface Command And OSPF

To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies, but here we'll review the basic concept and clear up one misconception regarding passive interfaces and OSPF.To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces...



Cisco CCNA Exam Tutorial Configuring Standard Access Lists

Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command...



Cisco CCNA CCNP Home Lab Tutorial Configuring An Access Server

As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, we'll look at the basic configuration for an access server and discuss how to connect to the other routers and switches in your pod through the AS.As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make...



Cisco CCNA CCNP Home Lab Tutorial Cabling Your Access Server

A Cisco home lab is an invaluable study tool when you're preparing for CCNA and CCNP exam success. Once you've gotten a couple of routers and switches, you'll quickly get tired of moving that blue console cable every time you want to configure a different device. The solution to this problem is purchasing and configuring an access server (AS)...



Cisco CCNA CCNP Home Lab Tutorial Buying And Configuring An Access Server

A Cisco access server is generally the last item a CCNA or CCNP candidate has on their mind when they're putting together a home lab. The thinking tends to be that since this router isn't really doing anything in the production part of your practice lab, it's not really important.A Cisco access server is generally the last item a CCNA or CCNP candidate has on their mind when they're putting together a home lab...


Posted by youssef at 4:03 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)