Which statement about the Cisco ASA 5505 configuration is true?
A.
The IP address is configured under the physical interface (ethemet 0/0 to ethemet 0/7).
B.
With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address
C.
With the default factory configuration, Cisco ASDM access is not enabled.
D.
The switchport access vlan command can be used to assign the VLAN to each physical interface (ethemet 0/0 to ethemet 0/7).
E.
With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.
I think this is wrong – I believe the answer is D, you use the ‘switchport access vlan {vlan}’ command as the 5505 uses an 8-port switch for it’s interfaces. Also the ‘configure factory-default’ includes the http commands to enable ASDM access as default
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# show version | inc Hardware
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
ciscoasa(config)#
ciscoasa(config)# clear configure all
WARNING: DHCPD bindings cleared on interface ‘inside’, address pool removed
ciscoasa(config)#
ciscoasa(config)# pager 0
ciscoasa(config)#
ciscoasa(config)# configure factory-default
Based on the inside IP address and mask, the DHCP address
pool size is reduced to 250 from the platform limit 256
WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.
Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for “outside” set to 0 by default.
Executing command: no shutdown
Executing command: ip address dhcp setroute
Executing command: exit
Executing command: interface vlan1
Executing command: nameif inside
INFO: Security level for “inside” set to 100 by default.
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command: security-level 100
Executing command: allow-ssc-mgmt
ERROR: SSC card is not available
Executing command: no shutdown
Executing command: exit
Executing command: global (outside) 1 interface
INFO: outside interface address added to PAT pool
Executing command: nat (inside) 1 0 0
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 inside
Executing command: dhcpd address 192.168.1.5-192.168.1.254 inside
Executing command: dhcpd auto_config outside
Executing command: dhcpd enable inside
Executing command: logging asdm informational
Factory-default configuration is completed
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# show running-config
: Saved
:
ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http authentication-certificate inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:97cebdb61edf9c3f9694e5bb48edc71e
: end
ciscoasa(config)#
Yes, Dean, the answer should be D.
Thanks your explanation.
Ref: http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/getstart.html
ASA 5505 Default Configuration
The default factory configuration for the ASA 5505 adaptive security appliance configures the following:
•An inside VLAN 1 interface that includes the Ethernet 0/1 through 0/7 switch ports. If you did not set the IP address in the configure factory-default command, then the VLAN 1 IP address and mask are 192.168.1.1 and 255.255.255.0.
•An outside VLAN 2 interface that includes the Ethernet 0/0 switch port. VLAN 2 derives its IP address using DHCP.
•The default route is also derived from DHCP.
•All inside IP addresses are translated when accessing the outside using interface PAT.
•By default, inside users can access the outside with an access list, and outside users are prevented from accessing the inside.
•The DHCP server is enabled on the security appliance, so a PC connecting to the VLAN 1 interface receives an address between 192.168.1.2 and 192.168.1.254.
•The HTTP server is enabled for ASDM and is accessible to users on the 192.168.1.0 network.
The configuration consists of the following commands:
interface Ethernet 0/0
switchport access vlan 2
no shutdown
interface Ethernet 0/1
switchport access vlan 1
no shutdown
interface Ethernet 0/2
switchport access vlan 1
no shutdown
interface Ethernet 0/3
switchport access vlan 1
no shutdown
interface Ethernet 0/4
switchport access vlan 1
no shutdown
interface Ethernet 0/5
switchport access vlan 1
no shutdown
interface Ethernet 0/6
switchport access vlan 1
no shutdown
interface Ethernet 0/7
switchport access vlan 1
no shutdown
interface vlan2
nameif outside
no shutdown
ip address dhcp setroute
interface vlan1
nameif inside
ip address 192.168.1.1 255.255.255.0
security-level 100
no shutdown
global (outside) 1 interface
nat (inside) 1 0 0
http server enable
http 192.168.1.0 255.255.255.0 inside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational
No Answer shud be C, Because DHCP is not enable on Vlan 1