Skip to content

Priyabug/Cisco-ASA-Firewall-Basic-Configuration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

12 Commits
Cisco ASA Firewall Basic Configuration.pdf
Cisco ASA Firewall Basic Configuration.pdf
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸ” Cisco ASA Firewall Configuration – Multi-Zone Network

πŸ”Έ What is ASA?

The Cisco Adaptive Security Appliance (ASA) is an advanced security solution that integrates:

  • βœ… Classic firewall capabilities
  • πŸ”’ VPN (Virtual Private Network)
  • πŸ›‘ Intrusion Prevention (IPS)
  • 🦠 Antivirus protection

ASA is designed to prevent threats before they penetrate the internal network, making it a vital component in modern enterprise and SMB security infrastructures.

🌐 Network Security Zones

In this configuration, we define three security zones:

Zone Description Trust Level
INSIDE Internal network zone (users, internal resources) Trusted
DMZ Servers (web, DNS, mail) exposed to outside access Semi-trusted
OUTSIDE Internet/ISP connectivity Untrusted

These zones allow for granular control of traffic entering and leaving each segment of the network.

image

βš™οΈ Basic ASA Configuration Steps

Below are the foundational setup steps for Cisco ASA:

1️⃣ Configure Hostname and Authentication

hostname ASA-FW
enable password [YourEnablePassword]
username admin password [YourAdminPassword] privilege 15

2️⃣ Configure System Clock and Date

Set the system time and date on the ASA firewall to ensure accurate logging and synchronization.

clock set HH:MM:SS MONTH DAY YEAR

πŸ“Œ Example:

clock set 10:30:00 Jun 15 2025

3️⃣ Assign IP Address to Interfaces

Use the following command to assign an IP address to a Cisco ASA interface:

interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 no shutdown

➑️ Repeat this step for each interface (e.g., INSIDE, DMZ, OUTSIDE) using the appropriate IP addressing scheme.

4️⃣ Set Name and Security Level for Each Interface

Assign logical names and security levels to each interface to define trusted, semi-trusted, and untrusted zones:

interface GigabitEthernet0/0
 nameif INSIDE
 security-level 100

interface GigabitEthernet0/1
 nameif DMZ
 security-level 50

interface GigabitEthernet0/2
 nameif OUTSIDE
 security-level 0

πŸ” Security Levels in Cisco ASA

The Cisco ASA firewall uses security levels to determine the trustworthiness of each interface and apply implicit access rules.

Security Level Trust Level Example
100 Fully Trusted Internal LAN (e.g., INSIDE)
50 Semi-Trusted DMZ with public-facing servers
0 Untrusted External network (e.g., OUTSIDE)

πŸ“Ž Note:
Security levels help ASA enforce default traffic behavior:

  • Traffic from higher to lower security levels is allowed by default.
  • Traffic from lower to higher levels is denied unless explicitly permitted.

πŸ’Ύ 5️⃣ Save and Verify Configuration

Once your configuration is complete, use the following commands to save your work and review current settings:

write memory
show running-config

πŸ“ Explanation

  • write memory – πŸ’Ύ Saves the current running configuration to the startup configuration, ensuring changes persist after a reboot.
  • show running-config – πŸ“‹ Displays all active configurations currently applied on the device.

βœ… Always remember to save your changes to avoid losing your configuration after a restart.

About

Cisco ASA Firewall Configuration

Topics

hostname cisco-asa authetication intrusion-prevention-system virtual-private-network inside-zone outside-zone dmz-zone security-levels

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published