Scribd
Upload
122 views

Asa Lab Manual

The document discusses configurations made on a Cisco ASA firewall including hostname configuration, interface configurations for the WAN and LAN interfaces, static route configuration, enabling SSH and Telnet, allowing ICMP ping over the WAN, access control policies for HTTP and DNS, blocking Telnet for LAN users, object configurations for networks, hosts, ranges and services, and configuring dynamic NAT for the LAN network.

Uploaded by

Azaan Khan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
122 views

Asa Lab Manual

The document discusses configurations made on a Cisco ASA firewall including hostname configuration, interface configurations for the WAN and LAN interfaces, static route configuration, enabling SSH and Telnet, allowing ICMP ping over the WAN, access control policies for HTTP and DNS, blocking Telnet for LAN users, object configurations for networks, hosts, ranges and services, and configuring dynamic NAT for the LAN network.

Uploaded by

Azaan Khan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Host Name configuration

Cisco asa ( config-if) #hostname ASA-HYD

Wan interface configuration with static ip address

Cisco asa ( config-if) # int g1/0

Cisco asa ( config if ) # ip address 1.1.1.1 255.255.255.0

Cisco asa ( config if ) # name if WAN

Cisco asa ( config if ) # security-level 0

Cisco asa ( config if ) #no shut

Wan interface configuration with dhcp ( Broadband connection)

Cisco asa ( config if ) int g0/1

Cisco asa ( config if ) ip address dchp setroute


Static Route configuration

Cisco asa ( config if)#route outside 0.0.0.0 0.0.0.0 1.1.1.2

Enable Telnet

Enabling SSH

Cisco asa ( config if)#domain-name dhoom.com

Cisco asa ( config if)# crypto key generate rsa

Cisco asa ( config if)#username user1 password user1

Cisco asa ( config if)aaa authentication ssh console LOCAL

Cisco asa ( config if)# ssh 192.168.2.0 255.255.255.0 LAN

Lan interface configuration

Cisco asa ( config-if) # int g0/0

Cisco asa ( config if ) # ip address 192.168.1.1 255.255.255.0

Cisco asa ( config if ) # name if LAN

Cisco asa ( config if ) # security-level 100

Cisco asa ( config if ) #no shut

Allowing ping ( Icmp) over wan interface

Need to change Default policy-map global_policy

Cisco asa ( config if )# policy-map global_policy

Cisco asa ( config if )#class inspection_default

Cisco asa ( config if )# inspect icmp

Cisco asa ( config if )#exit


Creating access policies for allowing http services

Cisco asa ( config-if) # access-list access_policy permit tcp 192.168.2.0 255.255.255.0 any eq 80

Cisco asa ( config-if) # access-list access_policy permit udp 192.168.2.0 255.255.255.0 any eq 53

Cisco asa ( config-if) # access-group access-policy in interface LAN

Blocking telnet and allowing all services for lan users

Cisco asa ( config-if) #access-list test deny tcp 192.168.2.0 255.255.255.0 any eq 23

Cisco asa ( config-if) #access-list test permit ip any any

Cisco asa ( config-if) #access-group test in interface LAN

Cisco asa ( config-if) #wr

Cisco asa ( config-if) #exit

OBJECTS:

Cisco asa ( config-if) #object network shaik-pc

Cisco asa ( config-if) # host 192.168.2.10

Cisco asa (config-if) #exit

Creating Object by using ip range

Cisco asa (config-if) #object network test_range

Cisco asa (config-if) #range 192.168.2.10 192.168.2.20

Cisco asa (config-if) #exit

Creating object for Lan_network

Cisco asa (config-if) #object network Lan_Network

Cisco asa (config-if) #subnet 192.168.2.0 255.255.255.0

Cisco asa (config-if) #exit


Creating Service Objects

Cisco asa (config-if) #object service RDP

Cisco asa (config-if) #service tcp destination eq 3389

Creating Object Groups


ACLS
Configuring dynamic nat

Ciscoasa(config)# object network public_pool

Ciscoasa(config-network-object)# range 1.1.1.10 1.1.1.20

Ciscoasa(config-network-object)#exit

Ciscoasa(config)#object network Lan_net

Ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0

Ciscoasa(config-network-object)#nat (LAN,WAN) dynamic public_pool

Ciscoasa(config)#

You might also like