Cisco configure ASA 55xx firewall

Links

• https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/

Reset configuration

enable
configure terminal
configure factory-default X.X.X.X M.M.M.M
boot system flash:/asa902-k8.bin
reload save-config

where X.X.X.X is an IP and M.M.M.M is a mask for management interface

NAT

object network INSIDE-NETWORK
  subnet 172.16.30.0 255.255.255.0

Concepts

• object = single item in your network environment
• network object = one IP, subnet or IP range
• service object = one set of protocol, source port (optional) and destination port (optional)

username admin password admin
username admin attributes
 service-type remote-access

enable password enable
passwd cisco

aaa authentication ssh console LOCAL

interface Ethernet0/0
 nameif IF-WAN
 security-level 0
 ip address dhcp setroute

interface Etherner0/3
 nameif IF-LAN
 security-level 0
 ip address 192.168.77.1 255.255.255.0

dhcpd address 192.168.77.10-192.168.77.99 IF-LAN
dhcpd enable IF-LAN

object network INSIDE-NET-77
 subnet 192.168.77.0 255.255.255.0
 nat (IF-LAN,IF-WAN) dynamic interface

dhcpd dns 192.168.80.82

http server enable
http 192.168.77.0 255.255.255.0 IF-LAN
http 192.168.80.0 255.255.255.0 IF-WAN


ssh 192.168.77.0 255.255.255.0 IF-LAN
ssh 192.168.80.0 255.255.255.0 IF-WAN

Firmware

REF: cisco Downloads Home /Security / Security Management / Adaptive Security Device Manager /Adaptive Security Appliance (ASA) /Software - 9.1.7 Interim

Downloads Home/ Security / Firewalls / Adaptive Security Appliances (ASA) / Adaptive Security Virtual Appliance (ASAv)

• asa917-32-k8.bin

  • MD5: 6a179b18475c91bef114f36a93b50357
  • SHA512: b0864b3a77cddb17dff2822c6ab2048616014e15f82341f395fe7114d82dadecae22b96f94b3d2aeb5fbcaa4de655bd23b600e1390f934685253da0dac24af70

• asa904-42-k8.bin (24-OUT-2016)

  • MD5: 7253cda75264abda06bcfd9cdab76c3f
  • SHA512: 948636133d02cd96de3023ff79013b63c2cf8b0126e8995796e61fe7c058455456311d0fcb0af1856220ba45a4fe2ec92e37be27fbe511f9a50939ad558cdaec

  https://wiki.polaire.nl/doku.php?id=cisco_asa_5505_upgrade_firmware]

  asdm-781-150.bin

  • e58a555d6ac31c2f9400c58f35da4b4b
  • 5f0910bcc1dc4b8ad421cd53eca9388dcd3e65cc1aaec5a4a3fc844e33b911e426bb821f9018f168f0974aa9813ded67bb2fe054783fad634ac38b08c25e1316

asdm-791.bin af7fe78af954facc93f5e1357224483e 653a2bc6468437cf3a5ae96a2a6096f1de78b508717546052b081bea5cd9d185caff36dace821297d459ce93122071ad88c303eb091037fc5045db8d8e38229f

running OpenWebStart

\Users$USER.cache\icedtea-web\jvm-cache\adoptium_11.0.13_x64\conf\security\java.security change this:

#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
#    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
#    include jdk.disabled.namedCurves

to this

# JJN 20200508
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

remove MD5

jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, \
      DSA keySize < 1024, include jdk.disabled.namedCurves