How to configure Cisco ASA 5545-X & Nexus Switch 3064-X

This guide typically sets up Cisco ASA 5545-X and Nexus Switch 3064-X in a data center environment.

The data center operator will usually give you a single internet RJ45 cable to connect to your first network device for internet connectivity. As shown in diagram 1, the first network device is ASA 5545-X which is then connected to Nexus Switch 3064-X.

Insert internet cable given by datacenter operator in interface GigabitEthernet0/0. In the second interface GigabitEthernet0/1, insert another RJ45 cable and insert the other end to the first interface Ethernet1/1 of Nexus 3064-X switch.

Grab another RJ-45 cable and insert one end to interface Ethernet1/2 of Nexus 3604-X switch and another end to the first ethernet port of your server. Follow the same procedure if you want to attach more servers to your network.

Flow diagram of network connectivity in a data center

Setup of Cisco ASA 5545-X

• To show the running configuration of ASA, on the command line enter ‘en’ and then ‘config’
• Enter the following command to output details of the running configuration.

ss1(config)# show run

• Set a strong password with the following command

username admin password DLaUiAX3l78qgoB5c7iVNw

or

enable password

• To set IP address on interface GigabitEthernet0/0, run the following commands in config mode on ASA 5545-X.

interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 5.178.114.38 255.255.255.192

• To set IP address on interface GigabitEthernet0/1, run the following commands in config mode on ASA 5545-X.

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 5.178.113.1 255.255.255.224

Setup static route to allow traffic flow to the public internet 5.178.114.62.

route outside 0.0.0.0 0.0.0.0 5.178.114.62

To allow traffic to flow on interfaces with same network security enter;

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

Now permit traffic to flow on different ports as per your requirement. Enter the following commands or install ASDM on your local computer and perform the following tasks in ASDM which is easier.

object-group service DM_INLINE_SERVICE_2
service-object ip
service-object icmp
service-object udp
service-object igmp
service-object icmp6
service-object tcp
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_3
service-object icmp
service-object icmp6
service-object tcp destination eq ssh
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object icmp
service-object tcp destination eq ssh
object-group service All_services
service-object ip
service-object icmp
service-object pim
service-object pcp
service-object snp
service-object sctp
service-object udp
service-object igmp
service-object ipinip
service-object gre
service-object esp
service-object ah
service-object icmp6
service-object tcp
service-object eigrp
service-object ospf
service-object igrp
service-object nos
service-object icmp alternate-address
service-object icmp conversion-error
service-object icmp echo
service-object icmp echo-reply
service-object icmp information-reply
service-object icmp information-request
service-object icmp mask-reply
service-object icmp mask-request
service-object icmp mobile-redirect
service-object icmp parameter-problem
service-object icmp redirect
service-object icmp router-advertisement
service-object icmp router-solicitation
service-object icmp source-quench
service-object icmp time-exceeded
service-object icmp timestamp-reply
service-object icmp timestamp-request
service-object icmp traceroute
service-object icmp unreachable
service-object icmp6 echo
service-object icmp6 echo-reply
service-object icmp6 membership-query
service-object icmp6 membership-reduction
service-object icmp6 membership-report
service-object icmp6 neighbor-advertisement
service-object icmp6 neighbor-redirect
service-object icmp6 neighbor-solicitation
service-object icmp6 packet-too-big
service-object icmp6 parameter-problem
service-object icmp6 router-advertisement
service-object icmp6 router-renumbering
service-object icmp6 router-solicitation
service-object icmp6 time-exceeded
service-object icmp6 unreachable
service-object tcp-udp destination eq cifs
service-object tcp-udp destination eq discard
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq echo
service-object tcp-udp destination eq www
service-object tcp-udp destination eq kerberos
service-object tcp-udp destination eq nfs
service-object tcp-udp destination eq pim-auto-rp
service-object tcp-udp destination eq sip
service-object tcp-udp destination eq sunrpc
service-object tcp-udp destination eq tacacs
service-object tcp-udp destination eq talk
service-object tcp destination eq aol
service-object tcp destination eq bgp
service-object tcp destination eq chargen
service-object tcp destination eq cifs
service-object tcp destination eq citrix-ica
service-object tcp destination eq ctiqbe
service-object tcp destination eq daytime
service-object tcp destination eq discard
service-object tcp destination eq domain
service-object tcp destination eq echo
service-object tcp destination eq exec
service-object tcp destination eq finger
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq gopher
service-object tcp destination eq h323
service-object tcp destination eq hostname
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ident
service-object tcp destination eq imap4
service-object tcp destination eq irc
service-object tcp destination eq kerberos
service-object tcp destination eq klogin
service-object tcp destination eq kshell
service-object tcp destination eq ldap
service-object tcp destination eq ldaps
service-object tcp destination eq login
service-object tcp destination eq lotusnotes
service-object tcp destination eq lpd
service-object tcp destination eq netbios-ssn
service-object tcp destination eq nfs
service-object tcp destination eq nntp
service-object tcp destination eq pcanywhere-data
service-object tcp destination eq pim-auto-rp
service-object tcp destination eq pop2
service-object tcp destination eq pop3
service-object tcp destination eq pptp
service-object tcp destination eq rsh
service-object tcp destination eq rtsp
service-object tcp destination eq sip
service-object tcp destination eq smtp
service-object tcp destination eq sqlnet
service-object tcp destination eq ssh
service-object tcp destination eq sunrpc
service-object tcp destination eq tacacs
service-object tcp destination eq talk
service-object tcp destination eq telnet
service-object tcp destination eq uucp
service-object tcp destination eq whois
service-object udp destination eq biff
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq cifs
service-object udp destination eq discard
service-object udp destination eq dnsix
service-object udp destination eq domain
service-object udp destination eq echo
service-object udp destination eq www
service-object udp destination eq isakmp
service-object udp destination eq kerberos
service-object udp destination eq mobile-ip
service-object udp destination eq nameserver
service-object udp destination eq netbios-dgm
service-object udp destination eq netbios-ns
service-object udp destination eq nfs
service-object udp destination eq ntp
service-object udp destination eq pcanywhere-status
service-object udp destination eq pim-auto-rp
service-object udp destination eq radius
service-object udp destination eq radius-acct
service-object udp destination eq rip
service-object udp destination eq secureid-udp
service-object udp destination eq sip
service-object udp destination eq snmp
service-object udp destination eq snmptrap
service-object udp destination eq sunrpc
service-object udp destination eq syslog
service-object udp destination eq tacacs
service-object udp destination eq talk
service-object udp destination eq tftp
service-object udp destination eq time
service-object udp destination eq who
service-object udp destination eq xdmcp
access-list global_access extended permit object-group DM_INLINE_SERVICE_2 any a ny
access-list global_access extended permit object-group DM_INLINE_SERVICE_3 any a ny
access-list outside_access_in extended permit object-group All_services any any log
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 host 194.126.175.218 any

Setup of Cisco Nexus 3064-X

On your switch it is better to reload NX-OS operating system on switch.

On switch enter following commands to reload NX-OS. Note that these commands will erase all your current switch configuration.

ss1(config-if)#write erase
ss1(config-if)#reload
You can set seitch password with following command.

ss1(config-if)# username admin password 5 yourpassword role network-admin

After switch boots select default settings, add IPs of management port and select L3 for switch settings.

ss1(config-if)# interface ethernet 1/1
ss1(config-if)# speed 1000
ss1(config-if)# switchport
ss1(config-if)# switchport access vlan 1
ss1(config-if)# show vlan

ss1(config-if)# interface ethernet 1/2
ss1(config-if)# speed 1000
ss1(config-if)# switchport
ss1(config-if)# switchport access vlan 1
ss1(config-if)# show vlan

Add both interfaces configured above in VLan 1 by entering the following commands.

ss1(config-if)# feature interface-vlan
ss1(config)# interface vlan 1
ss1(config-if)# ip address 5.178.113.1/27

Set routing, so all traffic goes out from VLAN 1 to ASA port GigabitEthernet0/1.

ss1(config-if)# IP route 0.0.0.0/5.178.113.1
ss1(config-if)# IP route 0.0.0.0/0 5.178.114.38

After setting the route to connect the cable from interface ethernet 1/2 of the switch to your server nic0 port of first ethernet port. Check all devices by pinging to switch, ASA, and gateway IP. Your network should be functioning and if you get any issues you can chat with us live 24/7 for a free consultation.