Deploying Secure Internet Connectivity with Cisco ASA and PIX Firewalls
- Introducing the ASDM Startup Wizard
- Basic Network Topology
- Using the ASDM Startup Wizard
- Summary
This chapter provides you with the necessary information to use the ASDM Startup Wizard to perform the initial configuration of your network. There are three major sections in this chapter.
This chapter addresses the following topics:
- Introduction to the ASDM Startup Wizard—This first section provides a brief overview of the ASDM Startup Wizard and its capabilities.
- Understanding the Basic Network Topology—The second section is a discussion of your basic network topology, explaining some high-level concepts of IP addressing and how it's used in configuring your network. The intent is to give you the basic concepts to enable you to easily move ahead with your firewall and Internet deployment.
- Using the ASDM Startup Wizard to Configure Your Network—The third section is the bulk of the chapter and is a step-by-step tutorial on how to use the wizard to configure your firewall.
This chapter is a step-by-step procedure explaining how to use the ASDM Startup Wizard to set up the initial configuration for your ASA/PIX Security Appliance.
These steps are intended to show you how to achieve secure connectivity to the Internet. After completing these steps, you will have access to the Internet. In addition, you will be protected from both Internet-sourced attacks against the hosts on the inside of your network and denial-of-service (DoS) attacks against your firewall.
Chapter 6, "Deploying Web and Mail Services," covers how to configure ASDM to advertise and secure public services such as web servers and e-mail.
Introducing the ASDM Startup Wizard
The ASDM Startup Wizard is an easy-to-use tool that steps you through the procedures necessary to get your firewall functional. It provides the configurations necessary for both Internet connectivity and protection for your network resources. The wizard queries you for all items pertinent to the configuration of your firewall, including the following:
- Inside IP addresses
- Outside IP addresses
- Default gateway
- Domain name
- Public services
- Network address translations
- Firewall name
- Access passwords
- Interface options
- Inside addressing options (DHCP)
Before you begin, take a look at Table 5-1, which defines the network terms used in the preceding list.
Table 5-1 Networking Terminology
Terminology |
Definition |
Inside IP address |
The IP address of the inside interface of your firewall, which connects to your internal network. |
Outside IP address |
The IP address of the outside interface of your firewall, which connects to your service provider for Internet connectivity. This address is provided by your service provider. |
Default gateway |
The next-hop IP address of your firewall outside interface. This is provided by your service provider. |
Domain name |
This is optional. If you are providing public services, you need to identify a domain name for those services. Either your ISP or a web registration service provides your domain name. |
Public services |
These are services that you are providing to other people over the Internet. Common public services are web servers, mail servers, or DNS servers. You can elect not to manage your own services and have your ISP manage the services for you. |
Network address translation |
This feature enables you to use private addresses inside your network and still obtain Internet access. |
Access passwords |
This password allows you privileged access to your firewall. |
Inside addressing options (DHCP, static) |
These are IP addresses that you assign to devices on the inside of your firewall. You have two options for configuring your inside hosts with IP addresses: You can manually set up each address on each PC, or you can use DHCP on the ASA/PIX Security Appliance to assign addresses for you. |