ASA Firewall - Switch question

Nobylspoon

So I just picked up an ASA 5505 after having worked with a PIX 506E and I am just trying to get a better understanding of the VLANs and built in switch.

I have 2 devices plus a WAP all on the same subnet that I would like to connect to the ASA. So in order to do this, should I connect each device to a port and configure them on the same VLAN?

Do I need to use the "switchport access vlan" command for all three devices on all three ports to be able to talk to each other?

Or should I just go buy a $20 switch and plug it into the ASA and connect everything though that, lol :P

Thanks for the help.

ConstantlyLearning

I think the default config on the 5505 puts e0/0 in VLAN1 and e0/0 to e0/7 in VLAN2.

If you're configuring it manually from scratch then you can just do it yourself with the commands you mentioned.

phoeneous

Nobylspoon wrote: »

Or should I just go buy a $20 switch and plug it into the ASA and connect everything though that, lol :P

Thanks for the help.

I wouldn't suggest that.

Does the ASA already have a config or is it just out-of-box? If it hasn't been configured yet and still has all the default settings, then:

About the Factory Default Configuration

Cisco adaptive security appliances are shipped with a factory-default configuration that enables quick startup. The ASA 5505 comes preconfigured with the following:
•Two VLANs: VLAN 1 and VLAN2
•VLAN 1 has the following properties:
–Named "inside"
–Allocated switch ports Ethernet 0/1 through Ethernet 0/7
–Security level of 100
–Allocated switch ports Ethernet 0/1 through 0/7
–IP address of 192.168.1.1 255.255.255.0
•VLAN2 has the following properties:
–Named "outside"
–Allocated switch port Ethernet 0/0
–Security level of 0
–Configured to obtain its IP address using DHCP
•Inside interface to connect to the device and use ASDM to complete your configuration.
By default, the adaptive security appliance Inside interface is configured with a default DHCP address pool. This configuration enables a client on the inside network to obtain a DHCP address from the adaptive security appliance to connect to the appliance. Administrators can then configure and manage the adaptive security appliance using ASDM.
The default configuration that ships with the adaptive security appliance, in most cases, is sufficient for your basic deployment. However, you can modify the default configuration so that you can customize the security policy to suit your deployment. To modify the default settings, you can use the ASDM or the CLI. In ASDM, run the Startup Wizard to change the following settings from their factory default settings:
•Hostname
•Domain name
•Administrative passwords
•IP address of the outside interface
•Interfaces such as DMZ interfaces
•Address translation rules
•Dynamic IP address settings for the inside interface
For more informationa bout configuring the adaptive security appliance by using ASDM, see the online Help.
For more information about using the CLI configuration, see the Cisco Security Appliance Command Line Configuration Guide.

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/setup.html

Nobylspoon

Sounds like those factory defaults are just what I was looking for. I bought it used and I was just trying to reconfigure the corrent setup but I think I will go ahead and restore those settings instead. Thanks for the help.