2-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter2 Getting Started
Factory Default Configurations
IP addresses— Outside address from DHCP; inside address set manually to 192.168.1.1/24.
Network Address Translation (NAT)—All inside IP addresses are translated when accessing the
outside using interface PAT.
Traffic flow—IPv4 and IPv6 traffic allowed from inside to outside (this behavior is implicit on the
ASA). Outside users are prevented from accessing the inside.
DHCP server—Enabled for inside hosts, so a PC connecting to the inside interface receives an
address between 192.168.1.5 and 192.168.1.254. DNS, WINS, and domain information obtained
from the DHCP client on the outside interface is passed to the DHCP clients on the inside interface.
Default route—Derived from DHCP.
ASDM access—Inside hosts allowed.
Figure 2-1 shows the traffic flow for an ASA5505 in routed mode.
Figure2-1 ASA 5505 Routed Mode
The configuration consists of the following commands:
interface Ethernet 0/0
switchport access vlan 2
no shutdown
interface Ethernet 0/1
switchport access vlan 1
no shutdown
interface Ethernet 0/2
switchport access vlan 1
no shutdown
interface Ethernet 0/3
switchport access vlan 1
no shutdown
interface Ethernet 0/4
switchport access vlan 1
no shutdown
interface Ethernet 0/5
switchport access vlan 1
no shutdown
interface Ethernet 0/6
switchport access vlan 1
192.168.1.5
(from ASA DHCP)
inside VLAN 1 (Ethernet 0/1-0/7)
192.168.1.1
ASDM
Internet Gateway Router
outside VLAN 2 (Ethernet 0/0)
(from router DHCP)
Internet
IP traffic
outside interface
PAT
330618