Cisco ASA 5505 Reference Configuration

The Cisco ASA 5505 is ancient by today’s standards, still it supports most functions for the ASA platform. However, using ASDM, AnyConnect, or even SSH may prove challenging as the platform does not support modern ciphers. You’ll have to weaken your client to connect. Cisco ASA 5505 Front

The ASA 5505 is also unique among the ASA platoform in that it functions as a mini-switch rather than having routed ports. It even has 2x 802.11af PoE-out ports. Cisco ASA 5505 Back

The ASA is powered by an AMD Geode chip running @ 500MHz… It’s slow. Cisco ASA 5505 Inside

Below is a reference configuration for the Cisco 5505 ASA Firewall The ASA 5505 does not support routed interfaces and uses Switched Virtual Interfaces (SVIs) by default. In this case, I assign the first port to VLAN 666 and configure that VLAN to act as the Outside interface.

ASA Version 9.2(2)4 
!
hostname Example-ASA
domain-name davissystem.net
enable password super-secret-password
!
interface Ethernet0/0
 switchport access vlan 666
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif Inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0 
!
interface Vlan666
 nameif Outside
 security-level 0
 ip address dhcp setroute 
!
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Outside
dns server-group DefaultDNS
 name-server 1.1.1.1
 name-server 1.0.0.1
 domain-name davissystem.net
object network RFC1918_10-NET
 subnet 10.0.0.0 255.0.0.0
object network RFC1918_172-NET
 subnet 172.16.0.0 255.240.0.0
object network RFC1918_192-NET
 subnet 192.168.0.0 255.255.0.0
object-group network RFC1918
 network-object object RFC1918_10-NET
 network-object object RFC1918_172-NET
 network-object object RFC1918_192-NET
pager lines 24
logging enable
logging buffer-size 16384
logging buffered informational
logging asdm informational
mtu Inside 1500
mtu Outside 1500
no failover
asdm image disk0:/asdm-792-152.bin
nat (Inside,Outside) source dynamic RFC1918 interface
user-identity default-domain LOCAL
aaa authentication enable console LOCAL 
aaa authentication http console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication ssh console LOCAL 
aaa authorization exec LOCAL 
!
http server enable
http 0.0.0.0 0.0.0.0 Inside
http redirect Inside 80
!
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 Inside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha1
console timeout 0
!
dhcpd dns 1.1.1.1 1.0.0.1
dhcpd lease 86400
dhcpd domain davissystem.net
!
dhcpd address 192.168.0.10-192.168.0.250 Inside
dhcpd enable Inside
!
ntp server 72.14.183.39 source Outside
ntp server 104.131.155.175 source Outside
username admin password super-secret-password privilege 15

DavisSystem

Consolidated Notes From the Desk of Sean Davis.

Reference Configuration for the Cisco 5505 ASA Firewall

By Sean, 2024-10-18