startupconfig (default)
runningconfig
firewall#
write erase
• Clears the startup configuration
Fw1# write erase
© 2005 Cisco Systems, Inc. All rights reserved.
SNPA v4.0—3-16
Functions of the Security Appliance: Security Algorithm
• Implements stateful connection control through the security appliance.
• Allows one-way (outbound) connections with a minimum number of configuration changes. An outbound connection is a connection originating from a host on a more-protected interface and destined for a host on a less-protected network.
firewall> firewall# firewall<config># monitor>
© 2005 Cisco Systems, Inc. All rights reserved.
SNPA v4.0—3-3
Access Privilege Mode
Internet
firewall>
enable [priv_level]
• copy run start – show running-config – show startup-config
• write memory – write terminal
To save configuration changes: copy run start
startupconfig (saved)
firewall# dir
Directory of flash:/
3
-rw- 4902912
13:37:33 Jul 27 2005 pix-701.bin
4
-rw- 6748932
13:21:13 Jul 28 2005 asdm-501.bin
16128000 bytes total (4472832 bytes free)
SNPA v4.0—3-11
File System
Release 6.
and earlier
• Software Image • Configuration file • Private data file • PDM image • Crash
information
© 2005 Cisco Systems, Inc. All rights reserved.
iscoasa(config)# boot system disk0:/asa-802.bin
© 2005 Cisco Systems, Inc. All rights reserved.
SNPA v4.0—3-14
Verifying the Startup System Image
Boot Image flash:/pix-701.bin
firewall#
exit
• Used to exit from an access mode
Ciscoasa> enable password: ciscoasa# configure terminal ciscoasa(config)# exit ciscoasa# exit ciscoasa>
firewall(config)#
sh•owDisbpolaoyttvhearsystem boot image.
10.0.0.11
ciscoasa# show bootvar
BOOT variable = disk0:/asa-802.bin Current BOOT variable = disk0:/asa-802.bin CONFIG_FILE variable = Current CONFIG_FILE variable =
SNPA v4.0—3-2
Security Appliance Access Modes
A Cisco security appliance has four administrative access modes:
• Unprivileged • Privileged • Configuration • Monitor
• Used to control access to the privileged mode • Enables you to enter other access modes
pixfirewall> enable password: pixfirewall#
© 2005 Cisco Systems, Inc. All rights reserved.
pixfirewall > help enable
USAGE:
enable [<priv_level>]
DESCRIPTION:
enable
Turn on privileged commands
© 2005 Cisco Systems, Inc. All rights reserved.
SNPA v4.0—3-6
10.0.0.11
Release 7.
and later
• Software image • Configuration file • Private data • ASDM image • Backup image* • Backup
configuration file* • Virtual firewall
Configuration file*
* Space available
SNPA v4.0—3-12
Displaying Stored Files: System and Configuration
10.0.0.11
firewall(config)#
PIX Firewall Flash:
ASA Disk0: Disk1:
SNPA v4.0—3-10
Reload the Configuration: reload Command
firewall(config)#
reload [noconfirm] [cancel] [quick] [save-config] [max-hold-time [hh:]mm [{in [hh:]mm | {at hh:mm [{month day} | {day month}]}] [reason text]
SNPA v4.0—3-4
Access Configuration Mode: configure terminal Command
firewall#
configure terminal
• Used to start configuration mode to enter configuration commands from a terminal
• Reboots the security appliance and reloads the configuration
• Reboots can be scheduled
ciscoasa# reload Proceed with reload?[confirm] y Rebooting...
© 2005 Cisco Systems, Inc. All rights reserved.
runningconfig
Configuration Changes
ciscoasa# show running-config ciscoasa# show startup-config ciscoasa# write memory
© 2005 Cisco Systems, Inc. All rights reserved.
firewall(config)#
Boot [system | config} <url>
• Can store more than one system image and configuration file
• Designates which system image and startup configuration file to boot
dir [/recursive] [[•{dDiisspkla0y:t|hedidisrekc1to:r|yfcloanstehn:ts}. ][<path>}]]
ciscoasa# dir
Directory of flash:/
3
-rw- 4902912
13:37:33 Jul 27 2005 asa-802.bin
File Management
© 2005 Cisco Systems, Inc. All rights reserved.
SNPA v4.0—3-7
Viewing and Saving Your Configuration
The following commands enable you to view or save your configuration:
clear configure all
• Clears the running-configuration
© 2005 Cisco Systems, Inc. All rights reserved.