The Basic configuration of Adaptive Security Appliance (ASA)

Adaptive Security Appliance (ASA) is a type of CISCO security appliance. It is the combination of intrusion prevention, antivirus capabilities, and firewall features with a VPN. It has a strong defense system that provides protection for the network.

The main role of an administrator is to ensure protection against unauthorized access to the firewall. The administrator can also set the password for the login and enable the password protection system. Now we are going to discuss how to configure the IP address of the Adaptive Security Appliance (ASA).

Administrative Configuration

First, we must bring up the interface and assign an IP address to the Adaptive Security Appliance (ASA). Then we have to configure an IP address on the interface of the Adaptive Security Appliance (ASA).

The configuration process has four steps. These steps are as follows:

1. Bring up the interface

After entering the global interface mode, we have to activate the interface by the command no shut.

2. Assign an IP address to the interface of the Adaptive security appliance(ASA)

After activating the interface, we need to assign the IP address to it by using the below command.

We can also assign the IP address to the router with the help of the above command. We can also assign the IP address to the Adaptive Security Appliance (ASA) interface without the help of a subnet mask also. Now the new command for assigning the IP address is as below.

If we don't have a subnet mask, then the Adaptive Security Appliance (ASA) automatically creates a classfull subnet mask. For example, if we have an IP address 192.168.1.1 without the subnet mask, then the Adaptive security appliance (ASA) automatically accepts 255.255.255.0 as a subnet mask.

3. Assign nameif to the Adaptive Security Appliance (ASA) interface

In an Adaptive Security Appliance (ASA), we have to assign a name to the interface. If we don't do so, then the interface will be down. The most popular names are DMZ, INSIDE, and OUTSIDE. We have to use these names while applying for the police. We can assign the name for the interface of the Adaptive Security Appliance (ASA) with the help of the below commands.

Where NAME= the name we have to assign for the interface of Adaptive Security Appliance (ASA).

4. Assign a security level to the interface

The range of the integer that is used to improve the security level is 0 to 100, where 0 means less trusted and 100 means most trusted. It shows that the interface is most trustworthy. If we set an interface name as INSIDE, then the Adaptive Security Appliance (ASA) automatically assigns the security level 100 to it. But if we set OUTSIDE or DMZ, then the Adaptive Security Appliance (ASA) assigned 0 to it. But the security level can be changed manually. We can assign the security level to the interface by the following command.

Here is an example where we will provide IP address 192.268.1.1 and subnet mask 255.255.255.0, name as INSIDE and security-level as 100.

asa(config)#int e0
asa(config-if)#no shut
asa(config-if)#ip address 192.168.1.1 255.255.255.0
asa(config-if)#nameif INSIDE 
asa(config-if)#security level 10

Giving hostname to ASA

It is used to set a name to a device stating an identity to a device. It is given by the same command that is used on the router:-

Setting passwords

As ASA is a security device, by default it will ask for a password while we try to enter privilege mode. By default, no password is set therefore by simply clicking enter, we can enter the privilege mode.

Enable password

The enable password is used for securing privilege mode. In routers, this password is shown in clear text in running configuration but in ASA, this password is encrypted (therefore no enable secret is required.) The password is a case-sensitive password of up to 16 alphanumeric and special characters. We can set an enable password by

Or by the command

Here, javaTpoint is the password.

If we want to disable this password or set a password to default then simply enter the command.