Cisco ASA hacking – Getting started

My wife (Team Murphy’s CFO) allowed me to purchase a Cisco ASA 5505 for home. We use ASAs at work, and I am interested in how we can leverage these devices to their fullest. I am new to Cisco and to their IOS (the original IOS). I was impressed, the 5505 was easy to setup, I just swapped out my existing DDWRT and it worked out of the box. The 5505 had DHCP running on the internal interface, and NAT configured correctly.

Next I wanted to change the default network to use a different range. That proved more difficult when trying to do it over a network connection. I know I should be using the serial connection, but I did not want to sit in my coat closet to make the change. I also knew I would be hacking my config, and I wanted a scenario where I could early reset to the defaults. Every time I tried to reset to the defaults, the interface would hang because i was trying to do it over the network (as expected).

I found this link in the ASA documentation that described the default config for an ASA. I also found the environmental variable CONFIG_FILE. My thinking was, I could use the default config listed in the ASA documentation and save it to a file on the flash. If I wanted to return to the defaults, I could just change the  CONFIG_FILE environmental to point to that default config file on disk0:, and I would be back up and running in “factory defaults”.

I took it a step further and I added the following to my “jbmurphy_factory_defaults”:

ssh 192.168.XX.0 255.255.255.0 inside
ssh timeout 5
aaa authentication ssh console LOCAL
ssh scopy enable

These 4 lines enable ssh access to the ASA and allow me to scp my config file to disk0. Now, when I am working on a new config, I can scp it from my filesystem to the onboard storage, and issue a reboot.

That is my workflow so far. Thoughts?

3 Responses to Cisco ASA hacking – Getting started

  1. cisco asa September 23, 2011 at 6:44 am #

    Hello Mr Murphy,

    I work with Cisco ASA as well and although they are a little bit difficult to configure, they are very robust and reliable. I have ASA firewalls in my work environment working for years now without interruption and they are very sturdy and robust.

    I didn’t know you can enable scp now. Which version are you using?

    Thanks

    Harris

  2. jbmurphy September 23, 2011 at 8:51 am #

    I believe scp has been available since 7.1. I am running 8.4. I like the idea of pulling all the configs from a centralized place, although we have not gotten that far yet. As I said in the article, I am new to Cisco ASAs – keep an eye out for more posts!

    Thanks for taking the time to comment!

  3. Nicholas December 15, 2015 at 6:30 pm #

    I know that this is a fairly old thread but I am having some trouble getting into one of these. It was being thrown out at a local electronics recycling depo, and they said I could have it, but I cannot seem to get into it at all and am wondering if someone could help me.
    It is asigning me an address of 172.22.35.100, I’ve tried getting to the access page with may different addressing along those ligns, and of course the 192.168.1.1 (all of course with the /admin.htm at the end).
    Thanks.

Powered by WordPress. Designed by WooThemes