Cisco ASA 5550 Series Getting Started Manual

Cisco ASA 5550
Getting Started Guide

Corporate Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Customer Order Number: DOC-7817644=
Text Part Number: 78-17644-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as
part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.

CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Wa y We
Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP,
CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the
Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink,
Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers
logo, Networking Academy, Network Registrar, Pa cke t, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast,
SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates
in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (0601R)

Cisco ASA 5550 Getting Started Guide

© 2006 Cisco Systems, Inc. All rights reserved.

CONTENTS

CHAPTER

CHAPTER

CHAPTER

1 Before You Begin 1-1

2 Maximizing Throughput on the ASA 5550 Adaptive Security Appliance 2-1

Embedded Network Interfaces 2-1

Balancing Traffic to Maximize Throughput 2-2

What to Do Next 2-5

3 Installing the Cisco ASA 5550 Security Appliance 3-1

Verifying the Package Contents 3-2

Installing the Chassis 3-3

Rack-Mounting the Chassis 3-4

Installing SFP Modules 3-5

SFP Module 3-6
Installing an SFP Module 3-7

Ports and LEDs 3-9

Front Panel LEDs 3-9
Rear Panel LEDs and Ports in Slot 0 3-10
Ports and LEDs in Slot 1 3-12

CHAPTER

78-17644-01

What to Do Next 3-13

4 Connecting Cables to Network Interfaces 4-1

Connecting Interface Cables 4-1

What to Do Next 4-7

Cisco ASA 5550 Getting Started Guide

iii

Contents

CHAPTER

CHAPTER

5 Configuring the Adaptive Security Appliance 5-1

About the Factory-Default Configuration 5-2

About the Adaptive Security Device Manager 5-2

Using the Startup Wizard 5-3

Before Launching the Startup Wizard 5-4
Running the Startup Wizard 5-4

Setting the Media Type for Fiber Interfaces 5-6

What to Do Next 5-7

6 Scenario: DMZ Configuration 6-1

Example DMZ Network Topology 6-1

Configuring the Security Appliance for a DMZ Deployment 6-4

Configuration Requirements 6-5
Starting ASDM 6-6
Creating IP Pools for Network Address Translation 6-7
Configuring NAT for Inside Clients to Communicate with the DMZ Web

Server

6-12

Configuring NAT for Inside Clients to Communicate with Devices on the
Internet

6-15

Configuring an External Identity for the DMZ Web Server 6-16
Providing Public HTTP Access to the DMZ Web Server 6-18

CHAPTER

iv

What to Do Next 6-24

7 Scenario: Remote-Access VPN Configuration 7-1

Example IPsec Remote-Access VPN Network Topology 7-1

Implementing the IPsec Remote-Access VPN Scenario 7-2

Information to Have Available 7-3
Starting ASDM 7-4
Configuring the ASA 5550 for an IPsec Remote-Access VPN 7-5

Cisco ASA 5550 Getting Started Guide

78-17644-01

Selecting VPN Client Types 7-6
Specifying the VPN Tunnel Group Name and Authentication Method 7-7
Specifying a User Authentication Method 7-8
(Optional) Configuring User Accounts 7-10
Configuring Address Pools 7-11
Configuring Client Attributes 7-12
Configuring the IKE Policy 7-13
Configuring IPsec Encryption and Authentication Parameters 7-15
Specifying Address Translation Exception and Split Tunneling 7-16
Verifying the Remote-Access VPN Configuration 7-17

What to Do Next 7-18

Contents

CHAPTER

APPENDIX

8 Scenario: Site-to-Site VPN Configuration 8-1

Example Site-to-Site VPN Network Topology 8-1

Implementing the Site-to-Site Scenario 8-2

Information to Have Available 8-2
Configuring the Site-to-Site VPN 8-3

Starting ASDM 8-3
Configuring the Security Appliance at the Local Site 8-4
Providing Information About the Remote VPN Peer 8-6
Configuring the IKE Policy 8-7
Configuring IPsec Encryption and Authentication Parameters 8-9
Specifying Hosts and Networks 8-10
Viewing VPN Attributes and Completing the Wizard 8-11

Configuring the Other Side of the VPN Connection 8-13

What to Do Next 8-13

A Obtaining a DES License or a 3DES-AES License A-1

78-17644-01

Cisco ASA 5550 Getting Started Guide

v

Contents

vi

Cisco ASA 5550 Getting Started Guide

78-17644-01

CHA P T E R

1

Before You Begin

Use the following table to find the installation and configuration steps that are
required for your implementation of the adaptive security appliance.

To Do This ... See ...

Install the chassis Chapter 3, “Installing the Cisco ASA

5550 Security Appliance”

Connect cables to network interfaces Chapter 4, “Connecting Cables to

Network Interfaces”

Perform initial setup of the adaptive
security appliance

Configure the adaptive security
appliance for your implementation

Refine configuration

Configure optional and advanced
features

Chapter 5, “Configuring the Adaptive
Security Appliance”

Chapter 6, “Scenario: DMZ
Configuration”

Chapter 7, “Scenario: Remote-Access
VPN Configuration”

Chapter 8, “Scenario: Site-to-Site VPN
Configuration”

Cisco Security Appliance Command
Line Configuration Guide

Cisco Security Appliance Command
Reference

Cisco Security Appliance Logging
Configuration and System Log
Messages

78-17644-01

Cisco ASA 5550 Getting Started Guide

1-1

Chapter 1 Before You Begin

1-2

Cisco ASA 5550 Getting Started Guide

78-17644-01

Maximizing Throughput on the ASA 5550 Adaptive Security Appliance

The Cisco ASA 5550 Series Security Appliance is designed to deliver maximum
throughput when configured according to the guidelines described in this chapter.

This chapter includes the following sections:

• Embedded Network Interfaces, page 2-1

• Balancing Traffic to Maximize Throughput, page 2-2

• What to Do Next, page 2-5

Embedded Network Interfaces

CHA P T E R

2

78-17644-01

The adaptive security appliance has two internal buses providing copper Gigabit
Ethernet and fiber Gigabit Ethernet connectivity:

• Slot 0 (corresponding to Bus 0) has four embedded copper Gigabit Ethernet

ports

• Slot 1 (corresponding to Bus 1) has four embedded copper Gigabit Ethernet

ports and four embedded SFPs that support fiber Gigabit Ethernet
connectivity

Cisco ASA 5550 Getting Started Guide

2-1

Chapter 2 Maximizing Throughput on the ASA 5550 Adaptive Security Appliance

Balancing Traffic to Maximize Throughput

Note To establish fiber connectivity on the adaptive security appliance, you must order

and install SFP modules for each fiber port you want to use. For more information
on fiber ports and SFP modules, see the “Installing SFP Modules” section on

page 3-5.

Figure 2-1 shows the embedded ports on the FWSM.

Figure 2-1 Embedded Ports on the ASA 5550

Slot 1

LNK

SPD0123

PWR

STATUS

Ethernet Fiber

MGMT

USB2

USB1

Slot 0

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

Ethernet

CONSOLE

FLASH

STATUS

ACTIVE

VPN

FLASH

0

POWER

AUX

Note Although Slot 1 has four copper Ethernet ports and four fiber Ethernet ports, you

can use only four Slot 1 ports at a time. For example, you could use two Slot 1
copper ports and two fiber ports, but you cannot use fiber ports if you are already
using all four Slot 1 copper ports.

Balancing Traffic to Maximize Throughput

To maximize traffic throughput, configure the adaptive security appliance so that
traffic is distributed equally between the two buses in the device. To achieve this,
lay out the network so that all traffic flows through both Bus 0 (Slot 0) and Bus 1
(Slot 1), entering through one bus and exiting through the other.

153217

2-2

Cisco ASA 5550 Getting Started Guide

78-17644-01

Chapter 2 Maximizing Throughput on the ASA 5550 Adaptive Security Appliance

Balancing Traffic to Maximize Throughput

In Figure 2-2 and Figure 2-3, network traffic is distributed so that all traffic flows
through both buses in the device, enabling the adaptive security appliance to
deliver maximum throughput.

Figure 2-2 Traffic Evenly Distributed for Maximum Throughput (Copper to Copper)

Maximum

Slot 1

throughput

Slot 0

LNK

Incoming and

outgoing traffic

MGMT

SPD0123

PWR

STATUS

USB2

USB1

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

0

POWER

STATUS

FLASH

ACTIVE

VPN

FLASH

Incoming and

outgoing traffic

CONSOLE

AUX

Figure 2-3 Traffic Evenly Distributed for Maximum Throughput (Copper to Fiber)

Maximum

Slot 1

LNK

SPD0123

PWR

STATUS

Incoming and

outgoing traffic

throughput

MGMT

USB2

USB1

Slot 0

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

0

Incoming and

outgoing traffic

POWER

STATUS

FLASH

ACTIVE

CONSOLE

AUX

VPN

FLASH

153104

153305

78-17644-01

Cisco ASA 5550 Getting Started Guide

2-3

Balancing Traffic to Maximize Throughput

Figure 2-4 illustrates several configurations that do not enable the adaptive

security appliance to deliver maximum throughput because network traffic flows
through only one bus on the device.

Figure 2-4 Configurations Not Enabling Maximum Throughput

Chapter 2 Maximizing Throughput on the ASA 5550 Adaptive Security Appliance

Slot 1

LNK

SPD0123

Slot 1

LNK

SPD0123

Slot 1

LNK

SPD0123

Incoming and

outgoing traffic

S
U
T

R

A

W

T

P

S

S
U
T

R

A

W

T

P

S

Incoming and

outgoing traffic

S
U
T

R

A

W

T

P

S

Slot 0

MGMT

USB2

USB1

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

Incoming and

outgoing traffic

Slot 0

MGMT

USB2

USB1

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

Slot 0

MGMT

USB2

USB1

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

CONSOLE

FLASH

0

0

0

VPN

ACTIVE

POWER

STATUS

FLASH

VPN

ACTIVE

POWER

STATUS

FLASH

VPN

ACTIVE

POWER

STATUS

AUX

FLASH

CONSOLE

AUX

FLASH

CONSOLE

AUX

FLASH

2-4

Slot 1

LNK

SPD0123

S
U
T

R

A

W

T

P

S

Incoming and outgoing traffic

Cisco ASA 5550 Getting Started Guide

Slot 0

MGMT

USB2

USB1

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

FLASH

0

VPN

ACTIVE

POWER

STATUS

CONSOLE

AUX

FLASH

153306

78-17644-01

Chapter 2 Maximizing Throughput on the ASA 5550 Adaptive Security Appliance

Note You can use the show traffic command to see the traffic throughput over each bus.

For more information about using the command, see the Cisco Security Appliance
Command Reference.

What to Do Next

Continue with Chapter 3, “Installing the Cisco ASA 5550 Security Appliance.”

What to Do Next

78-17644-01

Cisco ASA 5550 Getting Started Guide

2-5

What to Do Next

Chapter 2 Maximizing Throughput on the ASA 5550 Adaptive Security Appliance

2-6

Cisco ASA 5550 Getting Started Guide

78-17644-01

CHA P T E R

3

Installing the Cisco ASA 5550 Security Appliance

Warning

Caution Read the safety warnings in the Regulatory Compliance and Safety Information

Only trained and qualified personnel should be allowed to install, replace, or
service this equipment.

for the Cisco ASA 5500 Series and follow proper safety procedures when
performing these steps.

This chapter describes the ASA 5550 adaptive security appliance and rack-mount
and installation procedures for the adaptive security appliance. This chapter
includes the following sections:

• Verifying the Package Contents, page 3-2

• Installing the Chassis, page 3-3

• Installing SFP Modules, page 3-5

• Ports and LEDs, page 3-9

• What to Do Next, page 3-13

78-17644-01

Cisco ASA 5550 Getting Started Guide

3-1

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Verifying the Package Contents

Verifying the Package Contents

Verify the contents of the packing box, shown in Figure 3-1, to ensure that you
have received all items necessary to install the Cisco ASA 5550.

Figure 3-1 Contents of ASA 5550 Package

L
N

K

3

2

1

0

Cisco SSM-4GE

S

P

D

POWER

MGMT

USB2

STATUS

USB1

L

IN

K

S

P

D

L

IN

3

F

L

A
S

K

S

P

2

H

D

L

IN

K

S

P

D

L
IN

K

1

S

R

P

D

E

S

0

W

U

O

T

E

P

A

IV

T

N

T

H

S

P

S

C

V

A

A
L
F

Cisco ASA 5550 adaptive

security appliance

Mounting brackets

(700-18797-01 AO) right

(700-18798-01 AO) left

2 long cap screws

(48-0654-01 AO)

4 flathead screws

(48-0451-01 AO)

4 cap screws

(48-0523-01 AO)

4 rubber feet

Yellow Ethernet cable

(72-1482-01)

Blue console cable

PC terminal adapter

Cable holder

Cisco ASA

5550 Adaptive

Security Appliance

Product CD

Documentation

Safety and

Compliance

Guide

153215

3-2

Cisco ASA 5550 Getting Started Guide

78-17644-01

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Installing the Chassis

This section describes how to rack-mount and install the adaptive security
appliance. You can mount the adaptive security appliance in a 19-inch rack (with
a 17.5- or 17.75-inch opening).

Installing the Chassis

Warning

Warning

To prevent bodily injury when mounting or servicing this unit in a rack, you must
take special precautions to ensure that the system remains stable. The
following guidelines are provided to ensure your safety.

The following information can help plan equipment rack installation:

• Allow clearance around the rack for maintenance.

• When mounting a device in an enclosed rack ensure adequate ventilation. An

enclosed rack should never be overcrowded.

Make sure that the rack is not

congested, because each unit generates heat.

• When mounting a device in an open rack, make sure that the rack frame does

not block the intake or exhaust ports.

• If the rack contains only one unit, mount the unit at the bottom of the rack.

• If the rack is partially filled, load the rack from the bottom to the top, with the

heaviest component at the bottom of the rack.

• If the rack contains stabilizing devices, install the stabilizers prior to

mounting or servicing the unit in the rack.

Before performing any of the following procedures, ensure that the power
source is off. (AC or DC). To ensure that power is removed from the DC circuit,
locate the circuit breaker on the panel board that services the DC circuit,
switch the circuit breaker to the OFF position, and tape the switch handle of the
circuit breaker in the OFF position.

78-17644-01

Cisco ASA 5550 Getting Started Guide

3-3

Installing the Chassis

Rack-Mounting the Chassis

To rack-mount the chassis, perform the following steps:

Step 1 Attach the rack-mount brackets to the chassis using the supplied screws. Attach

the brackets to the holes as shown in Figure 3-2. After the brackets are secured to
the chassis, you can rack-mount it.

Figure 3-2 Installing the Right and Left Brackets

LNK

3

2

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

1

153216

3-4

Step 2

Cisco ASA 5550 Getting Started Guide

Attach the chassis to the rack using the supplied screws, as shown in Figure 3-3.

78-17644-01

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Figure 3-3 Rack-Mounting the Chassis

Installing SFP Modules

C
IS

CO

A

S

A

POWER

STATUS

ACT

IVE

VP

554

A

0

d

a

S

p

E

tiv

R

I

e

E

S

S

e

c
u

r
ity

A

p
p

N

FLASH

lia

n

c
e

119633

To remove the chassis from the rack, remove the screws that attach the chassis to
the rack, and then remove the chassis.

Installing SFP Modules

The adaptive security appliance uses a field-replaceable SFP module to establish
fiber Gigabit Ethernet connections.

This section describes how to install and remove SFP modules in the adaptive
security appliance. This section includes the following topics:

• SFP Module, page 3-6

• Installing an SFP Module, page 3-7

78-17644-01

Cisco ASA 5550 Getting Started Guide

3-5

Installing SFP Modules

SFP Module

Note If you install an SFP module after the switch has powered on, you must reload the

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

The SFP (Small Form-Factor Pluggable) module is a hot-swappable input/output
device that plugs into the fiber ports.

adaptive security appliance to enable the SFP module.

Table 3-1 lists the SFP modules that are supported by the adaptive security

appliance.

Table 3-1 Supported SFP Modules

SFP Module Type of Connection Cisco Part Number

1000BASE-LX/LH Fiber GLC-LH-SM=

1000BASE-SX Fiber GLC-SX-MM=

The 1000BASE-LX/LH and 1000BASE-SX SFP modules are used to establish
fiber connections. Use fiber cables with LC connectors to connect to an SFP
module. The SFP modules support 850 to 1550 nm nominal wavelengths. The
cables must not exceed the required cable length for reliable communications.

Table 3-2 lists the cable length requirements.

Table 3-2 Cabling Requirements for Fiber-Optic SFP Modules

SFP Module

62.5/125 micron
Multimode 850
nm Fiber

50/125 micron
Multimode 850
nm Fiber

62.5/125 micron
Multimode
1310 nm Fiber

— — 550 m at

LX/LH

SX

275 m at
200 Mhz-km

Cisco ASA 5550 Getting Started Guide

550 m at
500 Mhz-km

500 Mhz-km

———

3-6

50/125 micron
Multimode
1310 nm Fiber

550 m at
400 Mhz-km

9/125 micron
Single-mode
1310 nm Fiber

10 km

78-17644-01

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Use only Cisco-certified SFP modules on the adaptive security appliance. Each
SFP module has an internal serial EEPROM that is encoded with security
information. This encoding provides a way for Cisco to identify and validate that
the SFP module meets the requirements for the adaptive security appliance.

Note Only SFP modules certified by Cisco are supported on the adaptive security

appliance.

Caution Protect your SFP modules by inserting clean port plugs into the SFPs after the

cables are extracted from them. Be sure to clean the optic surfaces of the fiber
cables before you plug them back into the optical bores of another SFP module.
Avoid getting dust and other contaminants into the optical bores of your SFP
modules: The optics do not work correctly when obstructed with dust.

Installing SFP Modules

Warning

Because invisible laser radiation may be emitted from the aperture of the port
when no cable is connected, avoid exposure to laser radiation and do not stare
into open apertures.

Installing an SFP Module

To install an SFP module in a fiber port in Slot 1, perform the following steps:

Step 1 Line up the SFP module with the port and slide the SFP module into the port slot

until it locks into position as shown in Figure 3-4.

78-17644-01

Statement 70

Cisco ASA 5550 Getting Started Guide

3-7

Installing SFP Modules

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Figure 3-4 Installing an SFP Module

3

2

132985

1

1 Port plug 3 SFP module

2 Port slot

3-8

Caution Do not remove the port plugs from the SFP module until you are ready to connect

the cables.

Step 2 Remove the port plug; then connect the network cable to the SFP module.

Step 3 Connect the other end of the cable to your network. For more information on

connecting the cables, see Chapter 4, “Connecting Cables to Network Interfaces.”

Caution The latching mechanism used on many SFP modules locks them into place when

cables are connected. Do not pull on the cabling in an attempt to remove the SFP
module.

Cisco ASA 5550 Getting Started Guide

78-17644-01

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Ports and LEDs

This section describes the front and rear panels. Figure 3-5 shows the front panel
LEDs. This section includes the following topics:

• Front Panel LEDs, page 3-9

• Rear Panel LEDs and Ports in Slot 0, page 3-10

• Ports and LEDs in Slot 1, page 3-12

Front Panel LEDs

Figure 3-5 shows the LEDs on the front panel of the adaptive security appliance.

Figure 3-5 Front Panel LEDs

Ports and LEDs

POWER STATUS

1

2

ACTIVE

3

CISCO ASA 5540

VPN

FLASH

5

4

SERIES

Adaptive Security Appliance

119638

LED Color State Description

1 Power Green On The system has power.

2 Status Green Flashing The power-up diagnostics are running or the system is booting.

Solid The system has passed power-up diagnostics.

Amber Solid The power-up diagnostics have failed.

3 Active Green Flashing There is network activity.

4 VPN Green Solid VPN tunnel is established.

5 Flash Green Solid The CompactFlash is being accessed.

78-17644-01

Cisco ASA 5550 Getting Started Guide

3-9

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Ports and LEDs

Rear Panel LEDs and Ports in Slot 0

Figure 3-6 shows the rear panel LEDs and ports in Slot 0.

Figure 3-6 Rear Panel LEDs and Ports on Slot 0 (AC Power Supply Model Shown)

1

MGMT

LNK

SPD0123

PWR

1 Management Port

STATUS

1

USB2

USB1

6

LINK SPD2LINK SPD1LINK SPD

LINK SPD

3

0

7

6 USB 2.0 interfaces

2 External CompactFlash slot 7 Network interfaces

2

FLASH

ACTIVE

POWER

STATUS

8 10 12

11

9

2

3

3

CONSOLE

AUX

VPN

FLASH

13

11 VPN LED

12 Flash LED

4

5

153103

14

3 Serial Console port 8 Power indicator LED 13 AUX port

4 Power switch 9 Status indicator LED 14 Power connector

5 Power indicator LED 10 Active LED

1. The management 0/0 interface is a Fast Ethernet interface designed for management traffic only.

2. Reserved for future use.

3. GigabiteEthernet interfaces, from right to left, GigabitEthernet 0/0, GigabitEthernet 0/1, GigabitEthernet 0/2, and
GigabitEthernet 0/3.

3-10

For more information on the Management Port, see the management-only
command in the Cisco Security Appliance Command Reference.

Cisco ASA 5550 Getting Started Guide

78-17644-01

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Figure 3-7 shows the adaptive security appliance rear panel LEDs.

Figure 3-7 Rear Panel Link and Speed Indicator LEDs

21

MGMT

USB2

USB1

Ports and LEDs

LNK SPD

LNK SPD2LNK SPD1LNK SPD

3

0

126917

1 MGMT indicator LEDs 2 Network interface LEDs

Table 3-3 lists the rear MGMT and Network interface LEDs.

Table 3-3 Link and Speed LEDs

Indicator Color Description

Left side Solid green

Green flashing

Right side Not lit

Green

Amber

Physical link

Network activity

10 Mbps

100 Mbps

1000 Mbps

78-17644-01

Cisco ASA 5550 Getting Started Guide

3-11

Ports and LEDs

Ports and LEDs in Slot 1

Figure 3-8 illustrates the ports and LEDs in Slot 1.

Figure 3-8 Ports and LEDs in Slot 1

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

8

7

153212

LNK

Cisco SSM-4GE

3

2

SPD0123

PWR

STATUS

5

1

4

6

1 Copper Ethernet ports 5 Status LED

2 RJ-45 Link LED 6 Fiber Ethernet ports

3 RJ-45 Speed LED 7 SFP Link LED

4 Power LED 8 SFP Speed LED

Note Figure 3-8 shows SFP modules installed in the fiber Ethernet ports. You must

order and install the SFP modules if you want to establish fiber Ethernet
connectivity. For more information on fiber ports and SFP modules, see the

“Installing SFP Modules” section on page 3-5.

Table 3-4 describes the LEDs in Slot 1.

3-12

Table 3-4 LEDs on Bus G1

LED Color State Description

2, 7 LINK Green Solid There is an Ethernet link.

Flashing There is Ethernet activity.

Cisco ASA 5550 Getting Started Guide

78-17644-01

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

Table 3-4 LEDs on Bus G1 (continued)

LED Color State Description

3, 8 SPEED Off

Green

Amber

4 POWER Green On The system has power.

5 STATUS Green

Green

Amber

What to Do Next

Continue with Chapter 4, “Connecting Cables to Network Interfaces.”

What to Do Next

10 MB There is no network activity.

100 MB There is network activity at

100 Mbps.

1000 MB
(GigE)

Flashing The system is booting.

Solid The system booted correctly.

Solid The system diagnostics failed.

There is network activity at
1000 Mbps.

78-17644-01

Cisco ASA 5550 Getting Started Guide

3-13

What to Do Next

Chapter 3 Installing the Cisco ASA 5550 Security Appliance

3-14

Cisco ASA 5550 Getting Started Guide

78-17644-01

CHA P T E R

4

Connecting Cables to Network Interfaces

This chapter describes how to connect the appropriate cables to the Console,
Auxiliary, Management, copper Ethernet, and fiber Ethernet ports.

This chapter includes the following sections:

• Connecting Interface Cables, page 4-1

• What to Do Next, page 4-7

Warning

Caution Read the safety warnings in the Regulatory Compliance and Safety Information for

Only trained and qualified personnel should install, replace, or service this
equipment. Statement 49

the Cisco ASA 5500 Series and follow proper safety procedures when performing

these steps.

Connecting Interface Cables

To connect cables to the network interfaces, perform the following steps:

Step 1 Place the chassis on a flat, stable surface, or in a rack (if you are rack-mounting it).

Step 2 Connect to the Management port.

78-17644-01

Cisco ASA 5550 Getting Started Guide

4-1

Connecting Interface Cables

The adaptive security appliance has a dedicated interface for device management
that is referred to as the Management0/0 port. The Management0/0 port is a Fast
Ethernet interface. This port is similar to the Console port, but the Management0/0
port only accepts incoming traffic to the adaptive security appliance.

Note You can configure any interface to be a management-only interface using

a. Locate an Ethernet cable, which has an RJ-45 connector on each end.

b. Connect one RJ-45 connector to the Management0/0 port, as shown in

c. Connect the other end of the Ethernet cable to the Ethernet port on your

Figure 4-1 Connecting to the Management Port

Chapter 4 Connecting Cables to Network Interfaces

the management-only command. You can also disable management-only
mode on the management interface. For more information about this
command, see the management-only command in the Cisco Security
Appliance Command Reference.

Figure 4-1.

computer or to your management network.

4-2

1

MGMT

USB2

USB1

LNK SPD

1 Management port 2 RJ-45 to RJ-45 Ethernet cable

Cisco ASA 5550 Getting Started Guide

LNK SPD2LNK SPD1LNK SPD

3

2

0

92684

78-17644-01