If you are familiar with Cisco routers and then switches then you might have noticed that the Cisco ASA doesn’t offer the “erase startup-configuration” command. Of course we can erase our startup configuration but there are some other commands to achieve this.
This is the most simple option:
ciscoasa# write erase
Erase configuration in flash memory? [confirm]
[OK]
Just use “write erase” to remove the startup configuration and reboot your firewall. The other option is to use the factory default method:
ciscoasa(config)# configure factory-default 192.168.1.1 255.255.255.0
Based on the management IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256
WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.
Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface management0/0
Executing command: nameif management
INFO: Security level for "management" set to 0 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: no shutdown
Executing command: exit
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 management
Executing command: dhcpd address 192.168.1.2-192.168.1.254 management
Executing command: dhcpd enable management
Executing command: logging asdm informational
Factory-default configuration is completed
As you can see above this clears the configuration and enables the management interface with the IP address we specified. It also enables DHCP server and HTTP server so that we can connect through ASDM.
Hi Shaun & Matt,
If your goal is to study for the exams then it’s best to start with the blueprints that have the exam topics. I’ve added them in the attachment.
Here’s a general overview:
The SIMOS exam has topics like DMVPN, FlexVPN, IPsec, GETVPN, etc. You can test any of these topics on IOS routers and the ASA. I would make sure that you use IOS 15 and the latest ASA images otherwise you might run into issues with commands that are not supported.
SENSS is all about security on switches, routers and the ASA.
In the SITCS exam you have some different topics…t
... Continue reading in our forumHi Rene:
I’ve been looking round for a good reading list regarding firewalls and VPN’s as i already have passed my ccna security exam. The INE website gives you a list but alot of these book came out in 2005 thats a long time ago, and the tech world moves fast. Can you please tell me what books would be a good read i don’t mind if they are CCIE level because i can just take my time understanding them. This is the list i’m thinking of buying
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance / I’ve now got this book really good and upto dat
... Continue reading in our forumHi Shaun,
The “Cisco ASA All-in-One Next Generation Firewall” book is great. It’s up-to-date and covers pretty much everything. The only thing it doesn’t cover I think is Firepower so you might want to look for another resource to learn that.
“The Complete Cisco VPN Configuration Guide” is quite old so I wouldn’t recommend it, especially if you have the “all-in-one” book. The “Cisco Firewalls (Cisco Press Networking Technology) by Alexandre M.S.P.” gets good reviews and it’s from 2011. It might be nice to read just to review everything again.
In the ASA platfor
... Continue reading in our forumGood Time OF The Day Rene,
Hope You Are Well… Stay Blessed…
Rene, All Of Your Lessons Are Great. You Always Start From Scratch And Take It To Peak…
But This ASA Firewall Topic… You Have Simply Started With Configuration… And No Basic Literature …
Can You Please Share Some Basics Toward ASA Firewall … That Would Be Highly Appreciated…
Many Thanks In Anticipation
Muhammad
Hi Rene
I have this Cisco ASAv version 9.5.1
I am trying to set the management interface with ip address 10.8.32.199 and gateway 10.8.32.1 with mask 255.255.240.0
... Continue reading in our forum