About the Author

author photo

Joe Harris, CCIE No. 6200 (R&S, Security & SP) is a Systems Engineer with Cisco Systems® specializing in Security. In addition to authoring Cisco Network Security Little Black Book, Joe has also been a technical reviewer for several Cisco Press publications and written articles, white papers, and presentations on various security technologies. He also assists various Certification Partners by beta testing their newest CCIE certification workbooks and has been recognized by Cisco as an SE Wall of Fame award winner.

See All Posts by This Author

ASA 5505 Home Config

November 2nd, 2007 • RelatedFiled Under

So I get asked alot about how to configure an ASA 5505 for home use…In fact I actually see people selling home config’s on the big E-auction website…so I thought I would provide for you a configuration of an ASA 5505 that you can use for your home/SMB use. This is my actual home ASA 5505 that is connected to my cable provideres network…You will need to add the “dhcpd” functions of the device if you want to have your 5505 function as a DHCP Server. I do not because have an ISR router behind this ASA that is functioning as my DHCP Server. Also I am running OSPF on the firewall, you may not want/need to do that and in your case you may need to use the “route” to reach the appropriate inside networks. Your outside routing should be taken care of by the use of the “ip address dhcp setroute” command….There are a few items you may want to change, for instance my SSLVPN config…it’s a basic config so you should modify/create the config appropriate to your environment…You can find the config here:  ASA 5505 Home Config

Also don’t forget, you can use the “show running-config all” command to view the complete running configuration of your ASA. This command has tremendously more detail.

***Update***

Oops sorry I forgot to mention, that if you are connected via DSL you will most likely need to configure the PPPoE properties of the outside interface (Vlan 2)…Since my provider does not use PPPoE my config does not contain and PPPoE config. You can configure these properties from the Configuration -> Interfaces screen. Select the outside and then click “edit” and you will see the following screen which will allow you to edit/configure your PPPoE properties.

There Are 6 Responses So Far. »

  1. Gravatar

    Comment by Frank Postle UNITED STATES Windows Server 2003 Internet Explorer 7.0 on 16 June 2008:

    You might want to try to setup dynamic DNS with port forwarding. A lot of folks want to be able to access a machine at home remotely using the MS Remote Desktop Protocol. This is what a lot of people want. I know it was a pain for me to get this to work.

  2. Gravatar

    Comment by Joe Harris UNITED STATES Windows XP Internet Explorer 7.0 on 17 June 2008:

    Hi Frank, I could do that but since you already went through the details of it would you like to post up the details of the experience? If not I can create a post in the next day or so but I think this would be a great opportunity for you to help out others. :-)

  3. Gravatar

    Comment by Be Young UNITED STATES Windows XP Internet Explorer 7.0 on 18 June 2008:

    Hi Joe, just wondering if you can help me with ping issue from internal to external. For example, I can not ping from 192.168.1.2 to yahoo IP address. But if I used CLI at cisco550 able to do that.
    I’m using ASA 7.2. will that make any different.
    Thanks in advance.

  4. Gravatar

    Comment by Joe Harris UNITED STATES Windows XP Internet Explorer 7.0 on 19 June 2008:

    Can you send me a copy of a ’show running-config all”?

  5. Gravatar

    Comment by George Sialmas AUSTRALIA Windows XP Internet Explorer 7.0 on 4 July 2008:

    Hi Joe,

    I’m interested in Purchasing a Cisco ASA 5505 for home use.
    Can you please explain to me what is the benefit of having the above device configured for home use? At the moment I have a cable internet connection, and I have my cable modem connecting to a Netgear RangeMax WPN824 wireless router. I have my PC connecting to the Netgear router using a wired conncection. Can I use the Cisco ASA in conjuction with my current home internet wired/wireless setup I have at home? Would the Cisco ASA make my home network more secure from the outside internet world?

    Thanks in advance.

  6. Gravatar

    Comment by MIchael Tai UNITED STATES Windows Vista Mozilla Firefox 2.0.0.15 on 12 July 2008:

    Hi Joe,

    I have an ASA5505 Base (Version 8.0(3)) for home, and I have Verizon FIOS with dynamic IP address. Would you mind if you could guide me how to update my Dynamic IP from FIOS to http://www.dyndns.com or noip.com.

    Below is my current config for ddns update:

    ddns update method DynDNS
    ddns both
    interval maximum 1 0 0 0

    interface Vlan 2
    nameif outside
    security-level 0
    ddns update hostname http://username:password@updates.dnsomatic.com/nic/update?hostname=xxx.homeftp.net&myip=
    ddns update DynDNS
    ip address dhcp setroute

    Thanks in advance!

    Michael