Latest

Home / Security / Cisco Security: Cisco ASA 5505 Interfaces configuration for Access Ports

Cisco Security: Cisco ASA 5505 Interfaces configuration for Access Ports

December 09, 2020

Today I am going to talk about the basic Cisco ASA configuration on the access ports and also to make that Cisco ASA with the failover link. Later on, I will come up with the configuration part of the Cisco ASA with the trunk port configurations. We are putting two ASA where one is the primary one and another is the failover ASA in the DMZ zone.

In our previous article we discussed about the Cisco Security: Cisco ASA 5505 Interfaces configuration for Trunk Port and now we are going to discuss about Cisco Security: Cisco ASA 5505 Interfaces configuration for Access ports.

Lets talk about the Cisco ASA configurations where we configures five VLAN interfaces, including the failover interface which is configured using the failover lan command. 

Configuration Examples for ASA 5505 Interfaces
Here in the below example, we are taking VLAN 2, VLAN 3, VLAN 4 and VLAN 5 where VLAN 6 will be the failover link and after that all VLANs will be assigned to the interfaces.


Fig 1.1- Cisco ASA 5505 Failover Sample Topology 


This is the basic configuration of the access ports in the Cisco ASA 5505 Firewall.

VLAN 2 Configuration
NDNA_asa(config)# interface vlan 2
NDNA_asa(config-if)# nameif outside 
NDNA_asa(config-if)# security-level 0 
NDNA_asa(config-if)# ip address 10.1.1.1 255.255.255.0 
NDNA_asa(config-if)# no shutdown 

VLAN 3 Configuration
NDNA_asa(config-if)# interface vlan 3
NDNA_asa(config-if)# nameif inside 
NDNA_asa(config-if)# security-level 100 
NDNA_asa(config-if)# ip address 10.2.1.1 255.255.255.0 
NDNA_asa(config-if)# no shutdown 

VLAN 4 Configuration
NDNA_asa(config-if)# interface vlan 4
NDNA_asa(config-if)# nameif dmz
NDNA_asa(config-if)# security-level 50 
NDNA_asa(config-if)# ip address 10.3.1.1 255.255.255.0 
NDNA_asa(config-if)# no shutdown 

VLAN 5 Configuration
NDNA_asa(config-if)# interface vlan 5
NDNA_asa(config-if)# nameif backup-isp 
NDNA_asa(config-if)# security-level 50 
NDNA_asa(config-if)# ip address 10.1.2.1 255.255.255.0 
NDNA_asa(config-if)# no shutdown 

VLAN 6 Failover Configuration
NDNA_asa(config-if)# failover lan faillink vlan 6
NDNA_asa(config)# failover interface ip faillink 10.4.1.1 255.255.255.0 standby 10.4.1.2 255.255.255.0 

Assigning Interfaces with the VLAN ID
NDNA_asa(config)# interface ethernet 1/0
NDNA_asa(config-if)# switchport access vlan 2 
NDNA_asa(config-if)# no shutdown 
NDNA_asa(config-if)# interface ethernet 1/1
NDNA_asa(config-if)# switchport access vlan 3 
NDNA_asa(config-if)# no shutdown 
NDNA_asa(config-if)# interface ethernet 1/2 
NDNA_asa(config-if)# switchport access vlan 4 
NDNA_asa(config-if)# no shutdown 
NDNA_asa(config-if)# interface ethernet 1/3 
NDNA_asa(config-if)# switchport access vlan 5 
NDNA_asa(config-if)# no shutdown 
NDNA_asa(config-if)# interface ethernet 1/4 
NDNA_asa(config-if)# switchport access vlan 6 
NDNA_asa(config-if)# no shutdown