Need help with Cisco ASA 5512-X

C

ClutchAutomatic

Limp Gawd
Joined
Sep 17, 2013
Messages
359
Does anyone know how to set up this type of firewall? I have to set this up in my building which has about 12 small offices and wired for Ethernet throughout. My current configuration in the server room is a Ubee DDW365 modem going into a Dell PowerConnect 2848 Switch that goes throughout the building into all the office rooms. I also have a synology NAS, 2 printers, Trendnet TEW-637AP, and a vonage phone hooked up to the network.
To set this up, my buddy gave me a dell laptop that has the 9 pin serial port for the console cable. I have no idea where to begin on how to connect the interface, what drivers, software, or anything else that is needed to get the firewall going. I took it into my personal office for now and powered it on connected the console cable and that was it. The laptop is not connected to the internet yet but can be. Can it be set up in my office then moved over to where the modem and switches are or do I have to install it there? Which ports on the firewall am I suppose to use? I figured its suppose to be 1 port from the modem to the firewall, then the firewall to the switch port 1 to spread out to the others. Do I need the ip address for all devices connected to the network right now? Like I said I am a total n00b when it comes to the firewall side of technology. This is a new building and I had no real problems figuring out the network switches and modem, just this darn firewall. I called cisco and they told me I'd have to have a partner with them to have any kind of support other than device replacement.
 
You bought a 5512-x for an office with 12 people?

Did you buy this new, its way more than you need.

I am familiar with the ASA's and can help, but I would really like to hear the rational behind getting that vs an asa 5505-x or hell end a linksys router can handle that lol.
 
lol definitely seems excessive and like you underestimated the difference between consumer gear to enterprise, but from my experience when I was contemplating taking CCNA Security, YouTube has a lot of help setting this up. I'm guessing the differences between the models is more about features and hardware capabilities than configuration differences.

Basic configuration should be easy watching a few videos. Depends on how locked down you need the network to be as some stuff might be over your head. Yes, you should be able to configure it from anywhere and drop it into a network so long as you know what you're doing. No offense it just seems like you took the phrase, "Go big or go home" a little too much to the letter lol.
 
k1pp3r said:
You bought a 5512-x for an office with 12 people?

Did you buy this new, its way more than you need.

I am familiar with the ASA's and can help, but I would really like to hear the rational behind getting that vs an asa 5505-x or hell end a linksys router can handle that lol.
Click to expand...

Yes this was purchased new, 5505 was the bare minumum and from what I've heard this firewall is easily flooded. My company deals with proprietary information from the government to mod the F-16 aircraft for Lockheed Martin. So I was tasked by the CyberSecurity department of Lockheed to beef up our network security.
 
ClutchAutomatic said:
Yes this was purchased new, 5505 was the bare minumum and from what I've heard this firewall is easily flooded. My company deals with proprietary information from the government to mod the F-16 aircraft for Lockheed Martin. So I was tasked by the CyberSecurity department of Lockheed to beef up our network security.
Click to expand...

Well an ASA is an ASA, regardless of the version the security features are pretty similar, unless you stick the security module in the back of it.

The ASA will still handle 150 MBPS of total throughput through the firewall.

You may be been better off with a 5505-x and a dedicated security appliance.
 
Was really confused on the 10 device license on the 5505, it was't a big deal to purchase a 5512-x. "Go big or go home," you should see the computer specs in each office for simple work. Anyways on this dell laptop it has a fresh install of windows 7. I want to know what is required in-order to get it to communicate with the 5512-x.
 
You need a console cable and putty.

Likely a Serial to USB converter also, that will get you into the command prompt

Or you can hook up to the inside interface and try to connect to https://192.168.1.1/admin when it comes up.
 
What is the inside interface? Would this be an ethernet port on the switch or after the modem before the switch?
 
Last edited:
Where in the chain link does the firewall sit?
While typing in https://192.168.1.1/admin or even https://192.168.1.1/ I can not go anywhere because I am blocked by my ISP to change modem/router settings. Currently the firewall is not connected to anything except the laptop. I was able to get putty to identify the firewall and went through some basic commands to reboot and set up some default configs.
 
Last edited:
This firewall (and many others) can also essentially act as a "router," or you can use it between your uplink (modem or whatever) and router as just a firewall/UTW.

You will indeed want to set up an RS-232 link to it.

You could look into pfSense or something as a potentially easier option, though it might not be approved, either. Though I suppose it's not like you'll be able to return the relatively expensive Cisco box either way, so I guess your only option is to start researching Cisco. Even if you find tutorials that make it easy right now, when problems happen, you won't be appreciated if you have to find tutorials for everything to fix it, if you can even find them.

Also, you shouldn't give us a whole lot of identifying information.
 
Last edited:
If you are asking these kinds of questions, configuring and maintaining one of these is going to be completely beyond your skill level. Find a managed services provider that can perform the configuration for you. There's no way you're going to get this thing up and running properly just by looking up some guides on the internet if you don't even know how to access the serial console. No offense, but your company also has other problems if they just dumped this on your lap.
 
Blue Fox said:
If you are asking these kinds of questions, configuring and maintaining one of these is going to be completely beyond your skill level. Find a managed services provider that can perform the configuration for you. There's no way you're going to get this thing up and running properly just by looking up some guides on the internet if you don't even know how to access the serial console. No offense, but your company also has other problems if they just dumped this on your lap.
Click to expand...

Agreed, if you have no idea what you're doing then doing then you might as well have a basic firewall in place. An ASA is no better than a cheap SonicWall if you can't configure it. The fact that you deal with sensitive information related to government matters suggests to me that you should probably have it done well.
 
I'll throw my 2 cents in.
Yes, you did get yourself a BIG toy to play with :)
I would suggest that you read some of the great cisco quickstart documents such as this:
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html
ASDM will enable you to quickly configure the basics.
Also look at Youtube, you'll find many videos that will help you.
Once you get the basics configured, get yourself a SmarNET contract (it's not expensive) and Cisco TAC team will help you 'fine tune' your configuration as per your requirements.
http://www.cisco.com/web/services/portfolio/product-technical-support/smartnet/index.html
Finally, get into the habit of 'previewing' the commands that ASDM sends into the ASA and slowly start learning the command line.
That should start you off.
Come back for any specific configuration questions.
 
systemx said:
I'll throw my 2 cents in.
Yes, you did get yourself a BIG toy to play with :)
I would suggest that you read some of the great cisco quickstart documents such as this:
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html
ASDM will enable you to quickly configure the basics.
Also look at Youtube, you'll find many videos that will help you.
Once you get the basics configured, get yourself a SmarNET contract (it's not expensive) and Cisco TAC team will help you 'fine tune' your configuration as per your requirements.
http://www.cisco.com/web/services/portfolio/product-technical-support/smartnet/index.html
Finally, get into the habit of 'previewing' the commands that ASDM sends into the ASA and slowly start learning the command line.
That should start you off.
Come back for any specific configuration questions.
Click to expand...
I called up cisco for support only to them telling me to F of basically for not having a service contract. I was able to get on a live chat with another cisco rep and he was able to direct me to have an expert call me and point me in the direction on having someone come out and install it. Thanks for the feedback,
 
ClutchAutomatic said:
I called up cisco for support only to them telling me to F of basically for not having a service contract. I was able to get on a live chat with another cisco rep and he was able to direct me to have an expert call me and point me in the direction on having someone come out and install it. Thanks for the feedback,
Click to expand...

If you own a cisco product, buy smartnet. Period

TAC Support is great and you get hardware coverage also, its not that expensive compared to having to replace the device, then they will help you.
 
k1pp3r said:
If you own a cisco product, buy smartnet. Period

TAC Support is great and you get hardware coverage also, its not that expensive compared to having to replace the device, then they will help you.
Click to expand...

Yes, this expert will get me access to TAC support with their service
 
You must log in or register to reply here.
Back
Top