4/21/2021 0 Comments Cisco Asa Basic Configuration
We will need to configure ACL and allow Internet inbound traffic to access the web server.The new X product line incorporated the industry leading IPS technologies, provides next-generation Intrusion Prevention (NGIPS), Application Visibility and Control (AVC), Advanced Malware Protection (AMP) and URL Filtering.In the basic Cisco ASA 5506-x Configuration example, we will cover the fundamentals to setup an ASA firewall for a typical business network.
FirePOWER module configuration is covered in a separate document. For a more comprehensive, multi-DMZ network configuration example please sees: Cisco ASA 5506-X FirePOWER Module Configuration Example Part 1-4. Cisco Asa Basic Configuration How To Configure BasicWe will cover how to configure basic ACL (Access Control List), Network Address Translation (NAT) and a simple DMZ network hosting WWW server. The equipment used in this example is Cisco ASA 5506-X with FirePOWER module, running code 9.5(2). We ask for your email address to keep you notified when the article is updated. The DMZ network is used to host publically accessible servers such as web server, Email server and so on. The Cisco ASA acts as a Firewall, as well as an Internet gateway. This can be overridden by an ACL applied to that lower security interface. Also the ASA, by default, will allow traffic from higher to lower security interfaces. The security levels are defined by numeric numbers between 0 and 100. Internet. In our example we assign security levels as following: LAN 100, DMZ1 50 and outside 0. It not only hosts internal user workstations as well as mission critical production servers. However, no inbound access is allowed from any other networks unless explicitly allowed. All inbound access to the LAN is denied unless the connection is initiated from the inside hosts. Servers in DMZ1 serve Internet web traffic and internal user traffic from the LAN. All user and server traffic point to the ASA as their default gateway to the Internet. ![]() We are going to use three of the interfaces in this network inside (100), dmz1(50) and outside (0). You do not need an ACL because all outbound traffic is traversing from higher security level (inside and dmz1) to lower security level (outside). The after-auto keyword simply set this NAT the least preferred rule to be evaluated after Manual NAT and Auto NAT are evaluated. The reason we want to give it the least preference is to avoid possible conflict with other NAT rules. It allows icmp return traffic to pass the ASA while the Ping is initiated from inside hosts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |