Follow

Cisco ASA 5505

Updated 8/2015

NOTE- As of IoS 9.1(6), we believe the SIP implementation to be broken. We recommend a rollback to the previous version and will update when we have more information.

In order to disable the SIP implementation-  in global config mode on the router go to the policy map and remove the "inspect sip” line. In the policy-map global_policy go into the class inspection-default section and add “no inspect sip” to remove it from the config then write the config to memory.

This article is to assist users unfamiliar with the Cisco ASA 5505 running software version 7.2 in getting their device up and running to the point where they can register their devices and make and receive phone calls. The ASA is a firewall device and is not a router per se, however there is a level of manageability and base level PAT (Port Address Translation) which makes it a wonderful device for use in smaller offices of up to ten users.

This walk through requires a degree of networking familiarity and is not designed for every networking eventuality, choosing accessibility over specifics in every instance. Your company’s own security and networking policies may contradict information presented within this document.

You will need to know your basic network information beforehand. If your provider supplies DHCP or if you are given a static IP, you’ll need the IP address, Subnet Mask and gateway address.

Screen shots are not supplied for every step. In the instance a screen shot is not supplied, verify that there are no specific instructions for that step, if there are not hit Next accepting the defaults options provided.

Log into the ASA using https://192.168.1.1/ (you must use this format or your web-browser will not bring up the web page. We had difficulty using IE8 and ultimately settled on using Firefox 3 for this walk through.

When prompted for log in information, the default user name and password will both be blank

Run ASDM Start up Applet

The default user name and password will both be blank

Reset to factory defaults to clear out any lingering configurations which could cause issues. It will ask you to provide the IP the device is to use. We highly recommend using 192.168.1.1 as shown here.

It will write the new configuration and then appear to put you back at the starting point. This time, select Modify Existing Configuration.

You’ll be asked to provide a basic host name, you may name this device whatever you like. Choose a simple domain. If you wish to enable a password (recommended) do so here.

You will be asked if you want to Enable Auto Update. For the purposes of this article, we will not.

Configuring the outside interface Choose a VLAN, the default is vlan2 which is fine. Ensure that you have selected the interface. Keep the security level at “0” which is untrusted. For IP address, your ISP will provide you with DHCP (commonly for cable or DSL) or a static IP address. If you are uncertain which you have, contact your ISP. If you have a static address, ensure that you have your IP address, Gateway and Subnet mask.

Configuring the inside interface. Choose a VLAN, the default is vlan1 which is fine. Ensure that you have selected the interface. Keep the security level at “100” which is trusted. Determine if you want the device to act as a DHCP server or if you want to provide static IP addresses to your devices.

Configuring the Home interface. Options on this page are outside the scope of this document and as such assumes to just use the default information.

Switch Port Allocation. This essentially tells the device to treat the physical ports as being part of the inside or outside VLANs as outlined previously. The default is to select Ethernet port 0 as the one that connects to the ISP and the rest to connect to the LAN. The default configurations are assumed for the purposes of this document.

General Interface Configuration. Leave these options as is.

Static Routes. Add a static route by clicking Add and you will see the screen below.

Set interface name to Outside. Set IP address to 0.0.0.0 set Mask: to 0.0.0.0. Set gateway IP from your ISP. This is default and will allow all traffic to travel freely from your network to your ISP’s gateway.

Enable DHCP Server on the inside interface. The default is Enabled and it will display how many connections are licensed to be used through the interface.

Address Translation. Select Use Port Address Translation (PAT). The default is Use the IP address on the outside interface.

Administrative Access. This is who can access the ASA to make changes. For the purposes of this document, it is left at default. Review your own organization’s security procedures before setting this.

Easy VPN Remote Configuration. For the purposes of this document, it is left at default.

Startup Wizard Summary. This will give you in clean text what changes you have selected. Choose to launch the ASDM after configuring the ASA. Hitting Finish will write the configuration and launch the interface.

When that launches, you'll see the screen below. Your device is now configured and you may set up the rest of your phones for use with OnSIP.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk