Nextelco:ASA1

= ASA 1 =

ASA1 is the responsible of analysing and filtering all the connections originated in Internet which want to reach the CNOC. At the same time it creates an IPsec VPN (layer 3) connections to all ASA-Africa devices in order to provide communication between CNOC and end-users, CPEs and BSs sitting behind ASA-Africa device. All the traffic to Internet generated by end-users behind ASA2 will go through it. At the same time, it will prevent any connection to the Internet generated by the CNOC, the Application Server and other equipment like BSs or CPEs. The next Figure shows how it will be connected.



Initial setup
ASA 1 came with cnocasa configuration. These are the steps we followed to save the configuration: cnocasa(config)#copy startup-config disk0: Destination filename [startup-config]?cnocasa_startup-config_20140524 cnocasa(config)#copy running-config disk0: Destination filename [startup-config]?cnocasa_running-config_20140524 cnocasa#write erase Erase configuration in flash memory? [confirm] cnocasa#reload Proceed with reload? [confirm] After saving the configuration and recoverying its initial state, ASA starts with the oldest image it finds in disk0. In this case the ASA software version 8.2(5) and ASDM version 6.4(5). If there is any newer software version is convenient to change it. Unfortunately there is no any newer software version in disk0 and we do not have a Cisco account to download it.

Specifications
This device has the following specifications:
 * Hardware
 * ASA5505
 * 512MB RAM
 * CPU Geode 500 MHz
 * Internal ATA Compact Flash 128MB
 * BIOS Flash Firmware Hub @ 0xffe00000 1024KB
 * Licensed features for this platform:
 * Maximum Physical Interfaces : 8
 * VLANs : 3, DMZ Restricted
 * Inside Hosts : 50
 * Failover : Disabled
 * VPN-DES : Enabled
 * VPN-3DES-AES : Enabled
 * SSL VPN Peers : 2
 * Total VPN Peers : 10
 * Dual ISPs : Disabled
 * VLAN Trunk Ports : 0
 * Shared license : Disabled
 * AnyConnect for Mobile : Disabled
 * AnyConnect for Cisco VPN phone : Disabled
 * AnyConnect Essentials : Disabled
 * Advanced Endpoint Assessment : Disabled
 * UC Proxy Sessions : 2
 * Botnet Traffic Filter : Disabled
 * This platform has a Base license.
 * Serial Number : JMX16264094

Required capabilities

 * 1) Two VLAN
 * 2) VLAN 1 for inside
 * 3) VLAN 2 for outside
 * 4) Minimum of two interfaces, up to three
 * 5) * If Internet and VSAT are connect trough the same interface
 * 6) *# Ethernet 0/0 for outside (Internet & VSAT)
 * 7) *# Ethernet 0/1 for inside (CNOC)
 * 8) * If Internet and VSAT are connect trough different interfaces
 * 9) *# Ethernet 0/0 for outside (Internet)
 * 10) *# Ethernet 0/1 for outside (VSAT)
 * 11) *# Ethernet 0/2 for inside (CNOC)
 * 12) NAT for traffic originated by CNOC (inside --> outside)
 * 13) Ping functionality from inside to outside (inside --> outside)
 * 14) echo
 * 15) echo-reply
 * 16) time-exceeded
 * 17) unreachable
 * 18) traceroute

Configuration
The official configuration guide for this software version, 8.2(5) can be found here.

Modules for SPAM filtering
CISCO VPN sec Botnet traffic filter by CISCO

ASA5505-BOT-1YR=

Discussion
Virus interface should be at the ASA-Africa which is in Congo. The challenge then is that every satellite ground station needs an own ASA.

Return to the Technology page.