I was fortunate to configure and install a Cisco ASA 5516-X firewall for a site in Thailand. The visio stencil for Cisco ASA 5516-X and 5508-X aren't available yet (as of this writing) in Cisco's stencil website but someone in Cisco Support Community forum was generous to share this personally created stencil. Below are the front and back panel of an Cisco ASA 5516-X firewall.
Rom image verified correctly
Cisco Systems ROMMON, Version 1.1.8, RELEASE SOFTWARE
Copyright (c) 1994-2015 by Cisco Systems, Inc.
Compiled Thu 06/18/2015 12:15:56.43 by builders
Current image running: Boot ROM1
Last reset cause: PowerOn
DIMM Slot 0 : Present
DIMM Slot 1 : Present
Platform ASA5516 with 8192 Mbytes of main memory
MAC Address: 00:fe:c8:41:41:23
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Located '.boot_string' @ cluster 821499.
#
Attempt autoboot: "boot disk0:"
Located 'asa951-lfbff-k8.spa' @ cluster 11.
############################################################
LFBFF signature verified.
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this.
Starting check/repair pass.
Starting verification pass.
/dev/sdb1: 110 files, 811208/1918808 clusters
dosfsck(/dev/sdb1) returned 0
Processor memory 3754858905
Compiled on Wed 12-Aug-15 12:18 PDT by builders
Total NICs found: 13
i354 rev03 Gigabit Ethernet @ irq255 dev 20 index 08 MAC: 00fe.c841.4ea8
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x512bf123 0x643f9456 0xb082c789 0x8bdc5abc 0x06072def
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 300 perpetual
Total VPN Peers : 300 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 1000 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
VPN Load Balancing : Enabled perpetual
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Cisco Adaptive Security Appliance Software Version 9.5(1)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
libgcc, version 4.8.1, Copyright (C) 2007 Free Software Foundation, Inc.
libgcc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.3 (http://www.gnu.org/licenses/gpl-3.0.html)
See User Manual (''Licensing'') for details.
libstdc++, version 4.8.23, Copyright (C) 2007 Free Software Foundation, Inc.
libstdc++ comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Mdadm tools, version 3.2.6, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Copyright (C) 2002-2009 Neil Brown <neilb@suse.de>
mdadm comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Cisco Adaptive Security Appliance Software, version 9.5
Copyright (c) 1996-2015 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!.
Cryptochecksum (unchanged): dee26e3b 1a333d4c 1cace476 b644621b
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Type help or '?' for a list of available commands.
ciscoasa> enable
Password: // JUST PRESS ENTER
ciscoasa# dir
Directory of disk0:/
94 -rwx 74369568 13:54:48 Nov 28 2015 asa951-lfbff-k8.spa
95 -rwx 25025404 13:55:06 Nov 28 2015 asdm-751.bin
96 -rwx 33 15:12:38 Nov 28 2015 .boot_string
11 drwx 4096 13:58:06 Nov 28 2015 log
21 drwx 4096 13:58:58 Nov 28 2015 crypto_archive
22 drwx 4096 13:59:00 Nov 28 2015 coredumpinfo
7859437568 bytes total (4536729600 bytes free)
ciscoasa#
ciscoasa# show run
: Saved
:
: Serial Number: JAD19480123
: Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
:
ASA Version 9.5(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (any,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:dee26e3b1a333d4c1cace476b644621b
: end
ciscoasa# dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
disk0: Directory or file name
disk1: Directory or file name // USB FLASH DRIVE INSERTED
flash: Directory or file name
system: Directory or file name
<cr>
ciscoasa# dir disk1:
Directory of disk1:/
115 -rwx 62682268 12:04:58 Mar 29 2012 c2900-universalk9-mz.SPA.150-1.M4.bin
116 -rwx 4968160 11:44:34 Dec 09 2014 TeamViewerQS_en-idch93gk2g.exe
117 -rwx 125231421 17:00:24 Feb 12 2015 lms5.1.bin
118 -rwx 95947928 08:01:34 Sep 26 2015 c2900-universalk9-mz.SPA.153-3.M6.bin
119 -rwx 302988468 14:29:12 Mar 29 2016 cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin
120 -rwx 97911420 18:25:44 Mar 27 2015 c3900-universalk9-mz.SPA.154-1.T1.bin
121 -rwx 52420608 13:13:32 Apr 01 2016 asa924-8-smp-k8.bin
122 -rwx 69285888 14:55:24 Mar 24 2016 asa942-11-smp-k8.bin
123 -rwx 1402 23:39:00 Jun 30 2016 BOOTEX.LOG
125 -rwx 45424992 13:59:18 Aug 12 2016 c2800nm-advsecurityk9-mz.151-4.M10.bin
126 -rwx 25819140 21:45:52 Nov 26 2016 asdm-761.bin
127 -rwx 86678080 21:48:12 Nov 26 2016 asa961-10-lfbff-k8.SPA
128 -rwx 174131122 06:30:38 Nov 25 2016 AIR-CT2500-K9-8-0-140-0.aes
129 -rwx 420461412 05:54:08 Nov 25 2016 isr4300-universalk9.03.13.06a.S.154-3.S6a-ext.SPA.bin
2013200384 bytes total (448921600 bytes free)
ciscoasa# show bootvar
BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa# show run boot
ciscoasa# dir
Directory of disk0:/
94 -rwx 74369568 13:54:48 Nov 28 2015 asa951-lfbff-k8.spa
95 -rwx 25025404 13:55:06 Nov 28 2015 asdm-751.bin
96 -rwx 33 15:12:38 Nov 28 2015 .boot_string
11 drwx 4096 13:58:06 Nov 28 2015 log
21 drwx 4096 13:58:58 Nov 28 2015 crypto_archive
22 drwx 4096 13:59:00 Nov 28 2015 coredumpinfo
7859437568 bytes total (4536729600 bytes free)
ciscoasa# copy disk1:/asa961-10-lfbff-k8.SPA disk0:
Source filename [asa961-10-lfbff-k8.SPA]?
Destination filename [asa961-10-lfbff-k8.SPA]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Done!
Computed Hash SHA2: 9a63472ffae36c28ba572248372e639e
04661962d91b1e66100c0dd2b1319c23
0e05e02346015885babf75eef19893fd
75ae7a13e31b3df61681c58ded963680
Embedded Hash SHA2: 9a63472ffae36c28ba572248372e639e
04661962d91b1e66100c0dd2b1319c23
0e05e02346015885babf75eef19893fd
75ae7a13e31b3df61681c58ded963680
Digital signature successfully validated
Writing file disk0:/asa961-10-lfbff-k8.SPA...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
86678080 bytes copied in 25.50 secs (3467123 bytes/sec)
ciscoasa# copy disk1:/asdm-761.bin disk0:
Source filename [asdm-761.bin]?
Destination filename [asdm-761.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
!!!!!!!!!!!!!!!!!!!!!!!!!
INFO: No digital signature found
25819140 bytes copied in 6.390 secs (4303190 bytes/sec)
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)#
ciscoasa(config)# boot system disk0:/asa961-10-lfbff-k8.SPA
ciscoasa(config)# asdm image disk0:/asdm-761.bin
ciscoasa(config)# end
ciscoasa#
ciscoasa# show bootvar
BOOT variable =
Current BOOT variable = disk0:/asa961-10-lfbff-k8.SPA
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa#show run asdm
asdm image disk0:/asdm-761.bin
no asdm history enable
ciscoasa(config)# end
ciscoasa# write memory
Building configuration...
Cryptochecksum: 431b791f ef0b8e02 fdc91c8c 26d1aa95
3204 bytes copied in 0.90 secs
[OK]
ciscoasa#
ciscoasa# reload
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
ciscoasa#
ciscoasa# Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
<OUTPUT TRUNCATED>
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Cisco Adaptive Security Appliance Software Version 9.6(1)10
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.6
Copyright (c) 1996-2016 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Ignoring the rest of the file
Reading from flash...
!.
Cryptochecksum (unchanged): 431b791f ef0b8e02 fdc91c8c 26d1aa95
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Type help or '?' for a list of available commands.
ciscoasa> enable
Password: // PRESS ENTER
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.6(1)10
Device Manager Version 7.6(1)
Compiled on Tue 09-Aug-16 17:47 PDT by builders
System image file is "disk0:/asa961-10-lfbff-k8.SPA"
Config file at boot was "startup-config"
ciscoasa up 1 min 14 secs
Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 8192MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is 00fe.c841.4ea9, irq 255
2: Ext: GigabitEthernet1/2 : address is 00fe.c841.4eaa, irq 255
3: Ext: GigabitEthernet1/3 : address is 00fe.c841.4eab, irq 255
4: Ext: GigabitEthernet1/4 : address is 00fe.c841.4eac, irq 255
5: Ext: GigabitEthernet1/5 : address is 00fe.c841.4ead, irq 255
6: Ext: GigabitEthernet1/6 : address is 00fe.c841.4eae, irq 255
7: Ext: GigabitEthernet1/7 : address is 00fe.c841.4eaf, irq 255
8: Ext: GigabitEthernet1/8 : address is 00fe.c841.4eb0, irq 255
9: Int: Internal-Data1/1 : address is 00fe.c841.4ea8, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 00fe.c841.4ea8, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 300 perpetual
Total VPN Peers : 300 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total UC Proxy Sessions : 1000 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
VPN Load Balancing : Enabled perpetual
Serial Number: JAD19480123
Running Permanent Activation Key: 0x512bf276 0x643f9735 0xb082c1a8 0x8bdc5abc 0x06072123
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.
Cisco Systems ROMMON, Version 1.1.8, RELEASE SOFTWARE
Copyright (c) 1994-2015 by Cisco Systems, Inc.
Compiled Thu 06/18/2015 12:15:56.43 by builders
Current image running: Boot ROM1
Last reset cause: PowerOn
DIMM Slot 0 : Present
DIMM Slot 1 : Present
Platform ASA5516 with 8192 Mbytes of main memory
MAC Address: 00:fe:c8:41:41:23
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
Boot in 10 seconds.
Located '.boot_string' @ cluster 821499.
#
Attempt autoboot: "boot disk0:"
Located 'asa951-lfbff-k8.spa' @ cluster 11.
############################################################
LFBFF signature verified.
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this.
Starting check/repair pass.
Starting verification pass.
/dev/sdb1: 110 files, 811208/1918808 clusters
dosfsck(/dev/sdb1) returned 0
Processor memory 3754858905
Compiled on Wed 12-Aug-15 12:18 PDT by builders
Total NICs found: 13
i354 rev03 Gigabit Ethernet @ irq255 dev 20 index 08 MAC: 00fe.c841.4ea8
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
INFO: Unable to read cluster interface-mode from flash
Writing default mode "None" to flash
Verify the activation-key, it might take a while...
Running Permanent Activation Key: 0x512bf123 0x643f9456 0xb082c789 0x8bdc5abc 0x06072def
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 300 perpetual
Total VPN Peers : 300 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 1000 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual
VPN Load Balancing : Enabled perpetual
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Cisco Adaptive Security Appliance Software Version 9.5(1)
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
libgcc, version 4.8.1, Copyright (C) 2007 Free Software Foundation, Inc.
libgcc comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.3 (http://www.gnu.org/licenses/gpl-3.0.html)
See User Manual (''Licensing'') for details.
libstdc++, version 4.8.23, Copyright (C) 2007 Free Software Foundation, Inc.
libstdc++ comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Mdadm tools, version 3.2.6, Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Copyright (C) 2002-2009 Neil Brown <neilb@suse.de>
mdadm comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the General
Public License v.2 (http://www.gnu.org/licenses/gpl-2.0.html)
See User Manual (''Licensing'') for details.
Cisco Adaptive Security Appliance Software, version 9.5
Copyright (c) 1996-2015 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Reading from flash...
!.
Cryptochecksum (unchanged): dee26e3b 1a333d4c 1cace476 b644621b
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Type help or '?' for a list of available commands.
ciscoasa> enable
Password: // JUST PRESS ENTER
ciscoasa# dir
Directory of disk0:/
94 -rwx 74369568 13:54:48 Nov 28 2015 asa951-lfbff-k8.spa
95 -rwx 25025404 13:55:06 Nov 28 2015 asdm-751.bin
96 -rwx 33 15:12:38 Nov 28 2015 .boot_string
11 drwx 4096 13:58:06 Nov 28 2015 log
21 drwx 4096 13:58:58 Nov 28 2015 crypto_archive
22 drwx 4096 13:59:00 Nov 28 2015 coredumpinfo
7859437568 bytes total (4536729600 bytes free)
ciscoasa#
ciscoasa# show run
: Saved
:
: Serial Number: JAD19480123
: Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
:
ASA Version 9.5(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address dhcp setroute
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (any,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:dee26e3b1a333d4c1cace476b644621b
: end
ciscoasa# dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
disk0: Directory or file name
disk1: Directory or file name // USB FLASH DRIVE INSERTED
flash: Directory or file name
system: Directory or file name
<cr>
ciscoasa# dir disk1:
Directory of disk1:/
115 -rwx 62682268 12:04:58 Mar 29 2012 c2900-universalk9-mz.SPA.150-1.M4.bin
116 -rwx 4968160 11:44:34 Dec 09 2014 TeamViewerQS_en-idch93gk2g.exe
117 -rwx 125231421 17:00:24 Feb 12 2015 lms5.1.bin
118 -rwx 95947928 08:01:34 Sep 26 2015 c2900-universalk9-mz.SPA.153-3.M6.bin
119 -rwx 302988468 14:29:12 Mar 29 2016 cat3k_caa-universalk9.SPA.03.06.04.E.152-2.E4.bin
120 -rwx 97911420 18:25:44 Mar 27 2015 c3900-universalk9-mz.SPA.154-1.T1.bin
121 -rwx 52420608 13:13:32 Apr 01 2016 asa924-8-smp-k8.bin
122 -rwx 69285888 14:55:24 Mar 24 2016 asa942-11-smp-k8.bin
123 -rwx 1402 23:39:00 Jun 30 2016 BOOTEX.LOG
125 -rwx 45424992 13:59:18 Aug 12 2016 c2800nm-advsecurityk9-mz.151-4.M10.bin
126 -rwx 25819140 21:45:52 Nov 26 2016 asdm-761.bin
127 -rwx 86678080 21:48:12 Nov 26 2016 asa961-10-lfbff-k8.SPA
128 -rwx 174131122 06:30:38 Nov 25 2016 AIR-CT2500-K9-8-0-140-0.aes
129 -rwx 420461412 05:54:08 Nov 25 2016 isr4300-universalk9.03.13.06a.S.154-3.S6a-ext.SPA.bin
2013200384 bytes total (448921600 bytes free)
ciscoasa# show bootvar
BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa# show run boot
ciscoasa# dir
Directory of disk0:/
94 -rwx 74369568 13:54:48 Nov 28 2015 asa951-lfbff-k8.spa
95 -rwx 25025404 13:55:06 Nov 28 2015 asdm-751.bin
96 -rwx 33 15:12:38 Nov 28 2015 .boot_string
11 drwx 4096 13:58:06 Nov 28 2015 log
21 drwx 4096 13:58:58 Nov 28 2015 crypto_archive
22 drwx 4096 13:59:00 Nov 28 2015 coredumpinfo
7859437568 bytes total (4536729600 bytes free)
ciscoasa# copy disk1:/asa961-10-lfbff-k8.SPA disk0:
Source filename [asa961-10-lfbff-k8.SPA]?
Destination filename [asa961-10-lfbff-k8.SPA]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Done!
Computed Hash SHA2: 9a63472ffae36c28ba572248372e639e
04661962d91b1e66100c0dd2b1319c23
0e05e02346015885babf75eef19893fd
75ae7a13e31b3df61681c58ded963680
Embedded Hash SHA2: 9a63472ffae36c28ba572248372e639e
04661962d91b1e66100c0dd2b1319c23
0e05e02346015885babf75eef19893fd
75ae7a13e31b3df61681c58ded963680
Digital signature successfully validated
Writing file disk0:/asa961-10-lfbff-k8.SPA...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
86678080 bytes copied in 25.50 secs (3467123 bytes/sec)
ciscoasa# copy disk1:/asdm-761.bin disk0:
Source filename [asdm-761.bin]?
Destination filename [asdm-761.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
!!!!!!!!!!!!!!!!!!!!!!!!!
INFO: No digital signature found
25819140 bytes copied in 6.390 secs (4303190 bytes/sec)
ciscoasa# configure terminal
ciscoasa(config)#
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later:
ciscoasa(config)#
ciscoasa(config)# boot system disk0:/asa961-10-lfbff-k8.SPA
ciscoasa(config)# asdm image disk0:/asdm-761.bin
ciscoasa(config)# end
ciscoasa#
ciscoasa# show bootvar
BOOT variable =
Current BOOT variable = disk0:/asa961-10-lfbff-k8.SPA
CONFIG_FILE variable =
Current CONFIG_FILE variable =
ciscoasa#show run asdm
asdm image disk0:/asdm-761.bin
no asdm history enable
ciscoasa(config)# end
ciscoasa# write memory
Building configuration...
Cryptochecksum: 431b791f ef0b8e02 fdc91c8c 26d1aa95
3204 bytes copied in 0.90 secs
[OK]
ciscoasa#
ciscoasa# reload
Proceed with reload? [confirm]
ciscoasa#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
ciscoasa#
ciscoasa# Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting.....
<OUTPUT TRUNCATED>
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Cisco Adaptive Security Appliance Software Version 9.6(1)10
****************************** Warning *******************************
This product contains cryptographic features and is
subject to United States and local country laws
governing, import, export, transfer, and use.
Delivery of Cisco cryptographic products does not
imply third-party authority to import, export,
distribute, or use encryption. Importers, exporters,
distributors and users are responsible for compliance
with U.S. and local country laws. By using this
product you agree to comply with applicable laws and
regulations. If you are unable to comply with U.S.
and local laws, return the enclosed items immediately.
A summary of U.S. laws governing Cisco cryptographic
products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by
sending email to export@cisco.com.
******************************* Warning *******************************
Cisco Adaptive Security Appliance Software, version 9.6
Copyright (c) 1996-2016 by Cisco Systems, Inc.
For licenses and notices for open source software used in this product, please visit
http://www.cisco.com/go/asa-opensource
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Ignoring the rest of the file
Reading from flash...
!.
Cryptochecksum (unchanged): 431b791f ef0b8e02 fdc91c8c 26d1aa95
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Type help or '?' for a list of available commands.
ciscoasa> enable
Password: // PRESS ENTER
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.6(1)10
Device Manager Version 7.6(1)
Compiled on Tue 09-Aug-16 17:47 PDT by builders
System image file is "disk0:/asa961-10-lfbff-k8.SPA"
Config file at boot was "startup-config"
ciscoasa up 1 min 14 secs
Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 8192MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is 00fe.c841.4ea9, irq 255
2: Ext: GigabitEthernet1/2 : address is 00fe.c841.4eaa, irq 255
3: Ext: GigabitEthernet1/3 : address is 00fe.c841.4eab, irq 255
4: Ext: GigabitEthernet1/4 : address is 00fe.c841.4eac, irq 255
5: Ext: GigabitEthernet1/5 : address is 00fe.c841.4ead, irq 255
6: Ext: GigabitEthernet1/6 : address is 00fe.c841.4eae, irq 255
7: Ext: GigabitEthernet1/7 : address is 00fe.c841.4eaf, irq 255
8: Ext: GigabitEthernet1/8 : address is 00fe.c841.4eb0, irq 255
9: Int: Internal-Data1/1 : address is 00fe.c841.4ea8, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 00fe.c841.4ea8, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 300 perpetual
Total VPN Peers : 300 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total UC Proxy Sessions : 1000 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
VPN Load Balancing : Enabled perpetual
Serial Number: JAD19480123
Running Permanent Activation Key: 0x512bf276 0x643f9735 0xb082c1a8 0x8bdc5abc 0x06072123
Configuration register is 0x1
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.
No comments:
Post a Comment