Skip to main content
CallTower Solutions Center

ASA 5505 Configuration

ASA 5505 Config

 

This document will go over how to setup and configure a ASA 5505.  The 5505’s will need to have their firmware replaced. This document will go over how to replace the firmware, add the asa in connect, configure asa, and then perform testing.

Items needed:

Phillips head Screwdriver

CF card reader

ASA config

Firmware .bin files

 

Replacing firmware

  1. When you receive the asa you can verify the serial number on the bottom of the device. You will need to remove the 3 screws 

          removescrews.jpg

 

 

  1. Turn over asa and pull off the cover to expose the flash drive.

removeflashdrive.jpg

  1. Place flash drive in the usb card reader connected to your PC.

cardreader.jpg

 

4. In Windows Explorer browse to the flash drive and remove all the files.

removeasafiles.jpg

5.  Place the new firmware files in the folder they are:

asa917-k8.bin

asdm-713.bin

2 files.PNG

Once the files are on the flash card go ahead and right click on the drive and eject the media.

 

  1. Place the flash card back into the slot in the ASA. You can use your screwdriver to very gently push the flash drive in place. Do not push so hard that it damages the flash card.

file4.jpeg

7. Plug in the power cable, data cable, phone cable, and console cable into the corresponding ports.

Console Port - Console cable

Power port - Power cable

Port 0 - Data cable

Port 6 – Phone cable

cableports.jpg

8. Open Putty to console into the ASA. Click on serial and make sure the com port is correct. Select “Open”.

Note: If you do not know the com port, you can verify in Device manager. You will need to go to the Control Panel -> view as small icons -> Select Device Manager. Scroll down and expand the Ports(Com & LPT)

              image.png

 

  1. When the ASA boots up: 

    If screen diplays:

    rommon #0>

    Type: boot

    Press enter

           screen1.PNG

          When prompted:

  1. Pre-configure Firewall now through interactive prompts [yes]? n
  2. Type “en” and press enter

                      ciscoasa>

  1. At password prompt press enter:

                      Password:

  1. Type “wr erase” and press enter to erase the config. Press enter a second time to confirm

                     ciscoasa# wr erase

                     Erase configuration in flash memory? [confirm]

  1. Type Reload to reboot the ASA and press enter. Press enter a second time to confirm the reboot.

                      ciscoasa# reload

            When the rebooted router comes back up:

            screen2.PNG

     When prompted:

  1. Pre-configure Firewall now through interactive prompts [yes]? n
  2. Type “en” and press enter

                      ciscoasa>

  1. At password prompt press enter:

                      Password:

  1. Type “conf t” and press enter to enter the configuration mode.

                      ciscoasa# conf t

  1. Type either “n”,”a”, or “y” at the reporting prompt.  Once in config mode you will copy the correct ASA config to the ASA. Make sure you have typed in the correct tftp server IP and have included the correct IP rang The ip range should hand out the same amount of IP’s that the license allows.

Unlimited ASA –

                      dhcpd address 192.168.22.2-192.168.22.254 inside

                50 License ASA –

                      dhcpd address 192.168.22.2-192.168.22.51 inside

                10 License ASA –

                      dhcpd address 192.168.22.2-192.168.22.11 inside

 

                Once the config is copied copy over the VPN lines from Connect to allow the asa to connect to the VPN. The vpn user will need to be added in ISE. So you can check with NET to verify if the user has                        been added.

        10. Do a "wr mem" on the asa to save the configuration. If this command is not done the configuration will erase once the asa is rebooted or powered off. 

 

 

Add ASA in connect:

 

  1. Select the customer you wish to add the ASA for
  2. Click on the administration icon in the top right of connect and then select “Corporate administration”

 

connectadmin.PNG

  1. An Administration tab should have opened up. Select “SOHO Devices”

connectsoho.PNG

  1. To add an ASA “Select Add”

connectadd.PNG

  1. You will need to populate the following fields in this format:

Description:

     Companydomain-location-type of ASA and/or License. All 5506 asa’s have unlimited license.

Examples:

     Loanpacific-inventoryTX-5506

     Calltower-ut-550510Lic

     Papersource-boston-5505Unl

Serial Number:

     Should Be the JMX serial number on the ASA or salesforce case number. Do not use the JAD number off the ASA 5506. Provisioning doesn’t use the JAD number for tracking.

Location:

      Select the location the asa is going to reside in. This field should be the same location on the case unless specified somewhere else.

vpnsoho.PNG

 

  1. Press Save. This will save the config in connect and also send an email to NET with a notification to add the VPN user to ISE.
  2. Copy the config t statements and paste them in the ASA. Also paste the vpn lines into the Salesforce case as a unpublic comment.

vpnconfig.PNG

8. Do a "wr mem" on the asa to save the configuration. If this command is not done the configuration will erase once the asa is rebooted or powered off. 

9. Test a sip phone. Plug a sip phone into the asa and dial a cell phone. Test to make sure there is two way audio. You can also do a inbound call from the cell phone to the sip phone. 

10. Once the testing is complete add a asa label on the asa, make a comment in the case saying that the equiptment was tested for two way audio and registration. Make sure to "wr mem" before powering off the asa.