Home > Others

Configuring ASA Interfaces

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Overview:
    • Configuring Physical Interfaces
    • Configuring VLAN Interfaces
    • Configuring Interface Security Parameters
    • Configuring the Interface MTU
    • Verifying Interface operation

ASA interfaces can be physical or logical. To pass and inspect traffic, each interface must configure three security attributes:

    • Interface Name
    • IP Address and Subnet mask
    • Security level

Part 1:configuring Physical Interfaces

Can see a list of the physical firewall interfaces:

asa1# Show Version

Cisco Adaptive Security Appliance software Version 9.1 (5) 16

Compiled on Mon 06-oct-14 18:55 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot is "Startup-config"

ASA1 up 2 mins secs

hardware:asa5520, MB RAM, CPU clarkdale 2393 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash Unknown @ 0x0, 0KB


0:ext:gigabitethernet0:address is 000c.2982.6d88, IRQ ten
1:ext:gigabitethernet1:address is 000c.2982.6db0, IRQ ten
Span style= "Background-color: #ffff00;" > 2:ext:gigabitethernet2:address is 000c.2982.6d92, IRQ 5
3:ext: Gigabitethernet3:address is 000C.2982.6DBA, IRQ 5
4:ext: Gigabitethernet4:address is 000c.2982.6d9c, IRQ 9
5:ext: Gigabitethernet5:address is 000c.2982.6da6, IRQ one-by-one

Licensed features for this platform:
Maximum Physical interfaces:unlimited Perpetual
Maximum vlans:100 Perpetual
Inside hosts:unlimited Perpetual
Failover:active/active Perpetual
encryption-des:enabled Perpetual
encryption-3des-aes:enabled Perpetual
Security contexts:20 Perpetual
gtp/gprs:enabled Perpetual
AnyConnect Premium peers:10000 Perpetual
AnyConnect essentials:10000 Perpetual
Other VPN peers:5000 Perpetual
Total VPN peers:0 Perpetual
Shared license:enabled Perpetual
AnyConnect for mobile:enabled Perpetual
AnyConnect for Cisco VPN phone:enabled Perpetual
Advanced Endpoint assessment:enabled Perpetual
UC Phone Proxy sessions:5000 Perpetual
Total UC Proxy sessions:10000 Perpetual
Botnet Traffic filter:enabled Perpetual
Intercompany Media engine:disabled Perpetual
cluster:disabled Perpetual

This platform have an ASA 5520 VPN Plus license.

Serial Number:123456789ab
Running Permanent Activation key:0x9933e843 0x88a03a01 0xdd60b0f8 0xd2886c64 0x0f28fd93
Configuration Register is 0x0
The Configuration has not been modified since last system restart.

Configuring Interface Parameters

Ciscoasa (config) #interface G0ciscoasa (config-if) Ciscoasa (config-if) #duplex {Auto | full | half}ciscoasa (config-if) #[no] Shutdown

Configuring Interface Redundancy

To keep a ASA interface up and active all the time, you can configure physical interfaces as redundant pairs.

Ciscoasa (config) # interface redundant 1
Ciscoasa (config-if) # Member-interface ethernet0/0
Info:security-level and IP address is cleared on ethernet0/0.
Ciscoasa (config-if) # Member-interface ETHERNET0/1
Info:security-level and IP address is cleared on ETHERNET0/1.
Ciscoasa (config-if) # no shutdown

Be aware that the Member interface cannot has a security level or an IP address configured. In fact, as soon as you enter the Member-interface command, the ASA would automatically clear those parameters from the PHY Sical interface configuration. You should repeat this command to add a second physical interface to the redundant pair.

Keep in mind, the order in which you configure the interfaces is important. The first physical interface added to a logical redundant interface would become the active interface. That interface would stay active until it loses it link status, causing the second or standby interface to take over. The standby interface can also take over when the active interface are administratively shut down with the shutdown int Erface configuration command.

The redundant interface also takes on the MAC address of the first member interface so you configure. Regardless of which physical interface is active, that same MAC address would be used. Can override this behavior by manually configuring a unique MAC address on the redundant interface with the mac-ad Dress mac_address Interface configuration command.

Configuring VLAN Interfaces

Configuring ASA Interfaces

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More