Part 2 Basics: Cisco ASA Commands
Part 2 Basics: Cisco ASA Commands
What is Cisco ASA ?
Cisco ASA is a security device that includes a firewall, antivirus, intrusion prevention, and a virtual private network (VPN). It enables proactive threat defence, preventing assaults from spreading throughout the network.
 |
| Fig 1.1- Cisco ASA Firewall |
Configuring DHCP, AAA, and SSH
Securedna-ASA(config)# dhcpd address 10.10.10.3-10.10.10.100 inside
Securedna-ASA(config)# dhcpd dns 112.110.112.5
Securedna-ASA(config)# dhcpd option 3 ip 10.10.10.1
Securedna-ASA(config)# dhcpd enable inside
Configure AAA to use the local database for authentication
Securedna-ASA(config)# username admin password securedna1@
Securedna-ASA(config)# aaa authentication ssh console LOCAL
Configure SSH remote access to the ASA
Securedna-ASA(config)# crypto key generate rsa modulus 1024
Allow SSH connections from any host on the inside network
Securedna-ASA(config)# ssh 10.10.10.0 255.255.255.0 inside
Securedna-ASA(config)# ssh 10.10.1.3 255.255.255.255 outside
Securedna-ASA(config)# ssh timeout 10
Configure a static default route for the ASA
Securedna-ASA(config)# route outside 0.0.0.0 0.0.0.0 112.23.16.11
Configure address translation using PAT and network objects
Securedna-ASA(config)# object network INSIDE-NET
Securedna-ASA(config-network-object)# subnet 10.10.10.0 255.255.255.0
Securedna-ASA(config-network-object)# nat (inside,outside) dynamic interface
Securedna-ASA(config-network-object)# end
Add the inspection of ICMP traffic to the policy map list
Securedna-ASA(config)# policy-map global_policy
Securedna-ASA(config-pmap)# class inspection_default
Securedna-ASA(config-pmap-c)# inspect icmp
Display the default MPF polich map to verify ICMP
CCNA-ASA(config-pmap-c)# show run policy-map
No comments
Note: only a member of this blog may post a comment.