manualshive.com logo in svg

Cisco ASA 5506W-X, Configuration Manual

The Cisco ASA 5506W-X Configuration Manual is an essential resource for users to optimally set up and manage their Cisco ASA 5506W-X device. Download the comprehensive manual for free from our website to ensure smooth and secure networking for your organization.

Share
Download
background image

ap(config)#ip default-gateway 10.1.0.1

Step 7. Modify the FirePOWER Module Management IP Address (Optional)

If you also plan to deploy the Cisco FirePOWER (also known as SFR) module then you also need
to change its IP address in order to access it from the physical Management1/1 interface on the
ASA. There are two basic deployment scenarios that determine how to configure the ASA and the
SFR module:

A topology in which the ASA Management1/1 interface is connected to an inside switch (as
per the normal quick start guide)

1.

A topology where an inside switch is not present.

2.

Depending on your scenario,these are the appropriate steps:

If the ASA Management1/1 interface is connected to an inside switch:

You can session into the module and change it from the ASA before connecting it to an inside
switch.  This configuration allows you to access the SFR module via IP by placing it on the same
subnet as the ASA inside interface with an IP address of 10.0.0.254.

Lines in bold are specific to this example and are required for establishing IP connectivity. 

Lines in italics will vary by environment.

asa# session sfr console

Opening console session with module sfr.

Connected to module sfr. Escape character sequence is 'CTRL-^X'.

Cisco ASA5506W v5.4.1 (build 211)

Sourcefire3D login: admin

Password: Sourcefire

<<Output Truncated - you will see a large EULA>>

Please enter 'YES' or press <ENTER> to AGREE to the EULA: YES

System initialization in progress.  Please stand by.

You must change the password for 'admin' to continue.

Enter new password:

Confirm new password:

You must configure the network to continue.

You must configure at least one of IPv4 or IPv6.

Do you want to configure IPv4? (y/n) [y]: y

Do you want to configure IPv6? (y/n) [n]: n

Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:

 

Enter an IPv4 address for the management interface [192.168.45.45]: 10.0.0.254Enter an IPv4

netmask for the management interface [255.255.255.0]: 255.255.255.0

Enter the IPv4 default gateway for the management interface []:

 

10.0.0.1

Enter a fully qualified hostname for this system [Sourcefire3D]: Cisco_SFR

Enter a comma-separated list of DNS servers or 'none' []: 10.0.0.250

Enter a comma-separated list of search domains or 'none' [example.net]: example.net

If your networking information has changed, you will need to reconnect.

For HTTP Proxy configuration, run 'configure network http-proxy'

Applying 'Default Allow All Traffic' access control policy.

Note: It may take a couple minutes for the default access control policy to apply on the SFR

Summary of Contents for ASA 5506W-X

Page 1: ...ide switch FirePOWER Module Configuration without inside switch Verify Configure DHCP with Multiple Wireless VLANs Step 1 Remove Existing DHCP configuration on Gig1 9 Step 2 Create Subinterfaces for Each VLAN on Gig1 9 Step 3 Designate a DHCP pool for each VLAN Step 4 Configure the Access Point SSIDs save the config and reset the module Troubleshoot Introduction This document describes how to perf...

Page 2: ... Adapter DB 9 to RJ 45 Components Used The information in this document is based on these software and hardware versions Cisco ASA 5506W X device Client machine with a terminal emulation program such as Putty SecureCRT etc Console Cable and Serial PC Terminal Adapter DB 9 to RJ 45 ASA FirePOWER Module Integrated Cisco Aironet 702i wireless access point Built in WAP The information in this document...

Page 3: ...s warning when you change the above interface IP addresses This is expected Interface address is not on same subnet as DHCP pool WARNING DHCPD bindings cleared on interface inside address pool removed Step 2 Modify DHCP pool settings on both inside and wifi interfaces This step is required if the ASA is to be used as the DHCP server in the environment If another DHCP server is used to assign IP ad...

Page 4: ...evice Manager ASDM access Since the IP addressing has been changed HTTP access to the ASA also needs to be modified so that clients on the inside and WiFI networks can access ASDM to manage the ASA asa config no http 192 168 1 0 255 255 255 0 inside asa config no http 192 168 10 0 255 255 255 0 wifi asa config http 0 0 0 0 0 0 0 0 inside asa config http 0 0 0 0 0 0 0 0 wifi Note This configuration...

Page 5: ...n with module sfr Connected to module sfr Escape character sequence is CTRL X Cisco ASA5506W v5 4 1 build 211 Sourcefire3D login admin Password Sourcefire Output Truncated you will see a large EULA Please enter YES or press ENTER to AGREE to the EULA YES System initialization in progress Please stand by You must change the password for admin to continue Enter new password Confirm new password You ...

Page 6: ...d to module sfr Escape character sequence is CTRL X Cisco ASA5506W v5 4 1 build 211 Sourcefire3D login admin Password Sourcefire Output Truncated you will see a large EULA Please enter YES or press ENTER to AGREE to the EULA YES System initialization in progress Please stand by You must change the password for admin to continue Enter new password Confirm new password You must configure the network...

Page 7: ...r you can apply the example configuration and connect to the SSID of the WAP If you do not use the CLI below you need to plug in the ethernet cable from your client to the Gigabit1 2 interface on the ASA If you prefer to use the CLI to configure the WAP you can session into it from the ASA and use this example configuration This creates an open SSID with the name of 5506W and 5506W_5Ghz so that yo...

Page 8: ...nly apply if you do NOT have an inside switch asa sh run interface gigabitEthernet 1 2 interface GigabitEthernet1 2 nameif inside security level 100 ip address 10 0 0 1 255 255 255 0 asa sh run interface gigabitEthernet 1 3 interface GigabitEthernet1 3 nameif sfr security level 100 ip address 10 2 0 1 255 255 255 0 asa sh run interface gigabitEthernet 1 9 interface GigabitEthernet1 9 nameif wifi s...

Page 9: ...e Opening console session with module sfr Connected to module sfr Escape character sequence is CTRL X show network System Information Hostname Cisco_SFR Domains example net DNS Servers 10 0 0 250 Management port 8305 IPv4 Default route Gateway 10 0 0 1 eth0 State Enabled Channels Management Events Mode MDI MDIX Auto MDIX MTU 1500 MAC Address B0 AA 77 7C 84 10 IPv4 Configuration Manual Address 10 0...

Page 10: ... 1 0 254 and verify that the AP GUI is now accessible 2 Ping the SFR management interface from the inside client and the ASA to verify proper connectivity 3 Configure DHCP with Multiple Wireless VLANs The configuration assumes that you use a single wireless VLAN The Bridge Virtual Interface BVI on the Wireless AP can provide a bridge for Multiple VLANs Because of the syntax for DHCP on the ASA if ...

Page 11: ... 30 0 1 255 255 255 0 Step 3 Designate a DHCP pool for each VLAN Create a separate DHCP pool for each VLAN being configured The syntax for this command requires that you list the nameif out of which the ASA will serve the pool in question A seen in this example which uses VLANs 5 and 30 ciscoasa config dhcpd address 10 5 0 2 10 5 0 254 vlan5 ciscoasa config dhcpd address 10 30 0 2 10 30 0 254 vlan...

Page 12: ...d interface Dot11Radio1 5 encapsulation dot1Q 5 bridge group 5 bridge group 5 subscriber loop control bridge group 5 spanning disabled bridge group 5 block unknown source no bridge group 5 source learning no bridge group 5 unicast flooding interface Dot11Radio1 30 encapsulation dot1Q 30 bridge group 30 bridge group 30 subscriber loop control bridge group 30 spanning disabled bridge group 30 block ...

Page 13: ...log to flash event log Note You do NOT need to reload the entire ASA device You must only reload the built in access point Once the AP finishes reloading then you must have connectivity to the AP GUI from a client machine on the wifi or inside networks It generally takes about two minutes for the AP to completely reboot From this point on you can apply the normal steps to complete the configuratio...

Reviews:

No comments

Related manuals for ASA 5506W-X

Watchguard Firebox V10 Hardware Manual preview
Firebox V10
Brand: Watchguard Pages: 20
Celestix cloud edge Installation Manual preview
cloud edge
Brand: Celestix Pages: 70
PaloAlto Networks Prisma SD-WAN ION 9000 Hardware Reference Manual preview
Prisma SD-WAN ION 9000
Brand: PaloAlto Networks Pages: 34
Check Point M2 Brochure & Specs preview
M2
Brand: Check Point Pages: 4
NETGEAR ProSafe FR114P Installation Manual preview
ProSafe FR114P
Brand: NETGEAR Pages: 20
PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware Reference Manual preview
PA-7050 PAN-AIRDUCT
Brand: PaloAlto Networks Pages: 70

Brands by name

Popular brands

Load more brands