Cisco ASA Grundlagen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen


Unprivilegierter Modus

Befehle anzeigen

  • asa> ?
At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

enable         Turn on privileged commands
help           Help list
login          Log in as a particular user
logout         Exit from current user profile, and to unprivileged mode
pager          Control page length for pagination
quit           Quit from the current mode, end configuration or logout

Show nachgeordnete Befehle anzeigen

*asa> show ?

At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

checksum        View configuration information cryptochecksum
curpriv         Display current privilege level
history         Display the session command history
pager           Control page length for pagination
version         Display PIX system software version

Version anzeigen

  • asa# show version
Cisco Adaptive Security Appliance Software Version 9.2(2)4 
Device Manager Version 7.4(1)

Compiled on Tue 29-Jul-14 22:39 by builders
System image file is "disk0:/asa922-4-k8.bin"
Config file at boot was "startup-config"

cisco-asa up 44 mins 15 secs

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00 
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2_05
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.09
                             Number of accelerators: 1

 0: Int: Internal-Data0/0    : address is 001f.caf3.17c9, irq 11
 1: Ext: Ethernet0/0         : address is 001f.caf3.17c1, irq 255
 2: Ext: Ethernet0/1         : address is 001f.caf3.17c2, irq 255
 3: Ext: Ethernet0/2         : address is 001f.caf3.17c3, irq 255
 4: Ext: Ethernet0/3         : address is 001f.caf3.17c4, irq 255
 5: Ext: Ethernet0/4         : address is 001f.caf3.17c5, irq 255
 6: Ext: Ethernet0/5         : address is 001f.caf3.17c6, irq 255
 7: Ext: Ethernet0/6         : address is 001f.caf3.17c7, irq 255
 8: Ext: Ethernet0/7         : address is 001f.caf3.17c8, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 3              DMZ Restricted
Dual ISPs                         : Disabled       perpetual
VLAN Trunk Ports                  : 0              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Disabled       perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 10             perpetual
Total VPN Peers                   : 12             perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has a Base license.

Serial Number: JMX1215Z1SQ
Running Permanent Activation Key: 0x47215973 0xa89d4595 0x58c09560 0x85b4f41c 0xc5049fb0 
Configuration register is 0x1
Configuration last modified by enable_15 at 13:13:30.669 MET Wed Feb 10 2016

Enable Modus

Wechsel in den Enable Modus

  • asa> enable
Password: ******
  • asa#

Befehle anzeigen

  • asa# ?
At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

arp             Change or view arp table, set arp timeout value, view statistics
capture         Capture inbound and outbound packets on one or more interfaces
configure       Configure from terminal
copy            Copy image or PDM file from TFTP server into flash.
.......

Konfigurations Modus

Wechsel in den Konfigurations Modus

  • asa# configure terminal
  • asa(config)#

Befehle anzeigen

  • asa(config)# ?
At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

aaa             Enable, disable, or view TACACS+, RADIUS or LOCAL
                user authentication, authorization and accounting
aaa-server      Define AAA Server group
........

Hostname setzen

  • asa(config)# hostname lurchie
  • lurchie(config)#

Alte Konfiguration sichern

IP setzen

  • lurchie# config terminal
  • lurchie(config)# interface ethernet 1
  • lurchie(config)# ip address 192.168.244.99 255.255.255.0

TFTP Server bestimmen und Konfiguration sichern

  • lurchie# config terminal
  • lurchie(config)# tftp-server inside 192.168.240.200 cisco/pix.conf
  • lurchie(config)# exit
  • lurchie# copy running-config tftp

Konfiguration löschen

  • lurchie# write erase
Erase PIX configuration in flash memory? [confirm]
  • lurchie# show configure
No Configuration

Warmstart

  • lurchie# reload
Proceed with reload? [confirm] 

Rebooting...
Abgerufen von „http://wiki.ixheim.de/index.php?title=Cisco_ASA_Grundlagen&oldid=8275