The Cisco ASA 5505 Firewall is the smallest model of the new Cisco 5500 series hardware devices. Although this model is suitable for small businesses, branch offices or even home use, your firewall security capabilities are the same as the larger models (5510, 5520, 5540, etc). Adaptive Security of ASA firewall provides solid protection and reliable firewall security conscious application of advanced denial of service attack protection, and more. Moreover, the performance of the ASA 5505 appliance supports 150 Mbps of firewall and 4000 connections per second firewall, which is more than sufficient for small networks.

In this article I will explain the basic configuration steps required to configure a firewall Cisco ASA 5505 to connect a small network to the Internet. We assume that our ISP has assigned a static public IP address (eg 200.200.200.1 for example) and our internal network range is 192.168.1.0/24. We will use Port Address Translation (PAT) to translate our internal IP addresses to the public address for the external interface. The 5505 model differs from the larger models is that ASA has an 8-port 10/100, which acts as a layer 2 only. That is, you can not configure the physical ports and Layer 3 ports, and not have to create Vlan interface and assign the level 2 interfaces on each VLAN. By default, interface Ethernet0 / 0 is assigned to VLAN 2 and is the external interface (which connects to the Internet), and the other 7 interfaces (Ethernet0 / 1-0 / 7) is assigned by default to VLAN 1 and to connect to the internal network. Let’s see the basic configuration settings of the most important steps you need to configure.

Step1: Configure the internal interface vlan
——————————————————
ASA5505(config)# interface Vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0
ASA5505(config-if)# no shut

Step 2: Configure the external interface vlan (connected to Internet)
————————————————————————————-
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 200.200.200.1 255.255.255.0
ASA5505(config-if)# no shut

Step 3: Assign Ethernet 0/0 to Vlan 2
————————————————-
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Step 4: Enable the rest interfaces with no shut
————————————————–
ASA5505(config)# interface Ethernet0/1
ASA5505(config-if)# no shut

Do the same for Ethernet0/1 to 0/7.

Step 5: Configure PAT on the outside interface
—————————————————–
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Step 6: Configure default route towards the ISP (assume default gateway is 200.200.200.2
———————————————————————————————————
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 200.200.200.2 1

The above steps are the absolutely necessary steps you need to configure for making the appliance operational. Of course there are much more configuration details that you need to implement in order to enhance the security and functionality of your appliance, such as Access Control Lists, Static NAT, DHCP, DMZ zones, authentication etc.