Меню

Cisco asa 5505 сброс в заводские настройки

Рассеянный админ

Страницы

spoiler

вторник, 17 сентября 2013 г.

Сброс ASA5505 до настроек по умолчанию

Для этого есть одна очень простая команда:
config factory-default

В результате мы получим вот такой конфиг:
Показать конфиг

ASA Version 9.0(2)
!
hostname ciscoasa
enable password XejxZFfyt2wxqfff encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
console timeout 0

dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:5ab5023102c7192bb2198785b8611698
: end

Источник

Обнулить от текущих настроек Cisco ASA 5505

Пока изучаешь как работает сетевое устройства Cisco ASA 5505 что-то не получается с первого раза и понимаешь что хорошо было бы вернуть к дефолтным значениям, начать все заново. Ниже пошаговые действия чтобы осуществить столь простое действия, но это уже после, а сперва было многое не понятно и как-то не по себе. Вообщем нужно разбирать и эмулировать все описанные инструкции и возможности в документации на официальном сайте cisсo чтобы ориентировать в настройках. Ведь ни когда не имевши дело – сложно вообще представить как получить желаемое. Но я не отчаиваюсь и двигаюсь вперед. Многие уже сталкивающиеся скажу, да тут все просто и заострять внимание на таком простом действии – это все пустая трата времени – ответ мой всем таким – не смотрите или напишите что-нибудь свое, поделитесь результатами наработок и будет Вам честь и хвала, а говорить негатив может каждый.

Читайте также:  Сброс настроек хуавей y300

Подключаюсь к устройству через консольный порт:

ciscoasa> enable

ciscoasa# config terminal

ciscoasa(config)# config factory-default

WARNING: The boot system configuration will be cleared.

The first image found in disk0:/ will be used to boot the

system on the next reload.

Verify there is a valid image on disk0:/ or the system will

Begin to apply factory-default configuration:

Clear all configuration

WARNING: DHCPD bindings cleared on interface ‘inside’, address pool removed

Executing command: interface Ethernet 0/0

Executing command: switchport access vlan 2

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/1

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/2

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/3

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/4

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/5

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/6

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface Ethernet 0/7

Executing command: switchport access vlan 1

Executing command: no shutdown

Executing command: exit

Executing command: interface vlan2

Executing command: nameif outside

INFO: Security level for «outside» set to 0 by default.

Executing command: no shutdown

Executing command: ip address dhcp setroute

Executing command: exit

Executing command: interface vlan1

Executing command: nameif inside

INFO: Security level for «inside» set to 100 by default.

Читайте также:  Настройка cisco asa 5505 с нуля asdm

Executing command: ip address 192.168.1.1 255.255.255.0

Executing command: security-level 100

Executing command: allow-ssc-mgmt

ERROR: SSC card is not available

Executing command: no shutdown

Executing command: exit

Executing command: object network obj_any

Executing command: subnet 0.0.0.0 0.0.0.0

Executing command: nat (inside,outside) dynamic interface

Executing command: exit

Executing command: http server enable

Executing command: http 192.168.1.0 255.255.255.0 inside

Executing command: dhcpd address 192.168.1.5-192.168.1.36 inside

Executing command: dhcpd auto_config outside

Executing command: dhcpd enable inside

Executing command: logging asdm informational

Factory-default configuration is completed

Отображаю текущую конфигурацию:

ciscoasa(config)# show running-config

Источник

Сброс и настройка Cisco ASA 5505/5520

Handles instruction

1st reset by pressing ESCAPE at the same time with boot proccess and login in ROM Monitore mode. You will see rommoon prompt (rommon#0>).
The enter command «confreg»- it’s register settings.
rommon #0> confreg
rommon #1>confreg 0×41 (then after configuration need to set confreg 0×1 — its normal booting )
Reset the appliance with the boot command:
rommon #2>boot
When finishing booting proccess you will see User Mode prompt (>):
ciscoasa>
Then enter in Privileged Mode prompt: (#)
ciscoasa>ena (enable)
Password:
ciscoasa#
Then copy startup config to running configuration:
ciscoasa#copy startup-config running-config
Destination filename [running-config]? Press yes [y]

or just «wr».

To configure VLAN 1 for LAN. (or INSIDE)

interface Vlan1
description Local LAN
nameif LAN
security-level 100
ip address [private ip add and mask]
no shutdown
To configure VLAN 2 for WAN (or OUTSIDE).

interface Vlan2
description WAN
nameif WAN
security-level 0
ip address [external IP add and mask]
no shutdown

Security leval means:
Security level 100

Читайте также:  Настройки учетной записи в реестре

The highest possible level and most trusted, it is used by the inside interface by default.

The lowest possible level, most untrusted, it’s used by the outside interface by default.

—-
Configure then defaulr route:
route WAN 0.0.0.0 0.0.0.0 [GW for the network]

dns domain-lookup WAN (enable dns function)
dns nameserver 8.8.8.8 8.8.4.4 (or other DNS, can be your local)

Configure SSH:
ssh 0.0.0.0 0.0.0.0 WAN (all ssh access via WAN interface)
ssh version 2
crypto key generation rsa modules 2048 (use longest for more security)
aaa authentication ssh console LOCAL
——
Create logins:

username [the name of user] password [password of the user] — access for Privileged Mode
enable password [password] — acess for User Mode
———
Don’t forget to save your settings — «wr»
Then check ping and SSH.

Cisco ASA 5520

interface GigabitEthernet0/0
description WAN
nameif OUTSIDE
security-level 0
ip address *.*.*.*
!
interface GigabitEthernet0/1
description LAN
nameif INSIDE
security-level 100
no ip address
!
interface GigabitEthernet0/2
description LAN
nameif INSIDE2
security-level 100
no ip address
!
interface GigabitEthernet0/3
description LAN
nameif INSIDE3
security-level 100
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address

dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
access-list inside_access_out extended permit ip any any

logging enable
logging host OUTSIDE *.*.*.*
mtu OUTSIDE 1500
mtu INSIDE 1500
mtu INSIDE2 1500
mtu INSIDE3 1500

route OUTSIDE 0.0.0.0 0.0.0.0 *.*.*.* 1

user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
snmp-server host OUTSIDE *.*.*.* community ***** version 2c
snmp-server location Moscow
telnet 0.0.0.0 0.0.0.0 INSIDE
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2

Источник