Part 3 Basics: Cisco ASA Commands
Part 3 Basics: Cisco ASA Commands
What is Cisco ASA ?
Cisco ASA is a security device that includes a firewall, antivirus, intrusion prevention, and a virtual private network (VPN). It enables proactive threat defence, preventing assaults from spreading throughout the network.
Fig 1.1- Cisco ASA Firewall |
Configure the DMZ interface Gi1/1 on the ASA
Configure DMZ interface Gi1/1, which is where the public access web server will reside. Assign Gi1/1 the IP address 10.10.2.1/24, name it dmz, and assign a security level of 70
CCNAS-ASA(config)# int gi1/1
CCNAS-ASA(config-if)# ip address 10.10.2.1 255.255.255.0
CCNAS-ASA(config-if)# nameif dmz
CCNAS-ASA(config-if)# security-level 70
CCNAS-ASA(config-if)# no shut
Configure static NAT to the DMZ server using a network object
CCNAS-ASA(config)# object network dmz-server
CCNAS-ASA(config-network-object)# host 10.10.2.3
CCNAS-ASA(config-network-object)# nat (dmz,outside) static 112.23.16.11
Configure an ACL to allow access to the DMZ server from the Internet
CCNAS-ASA(config)# access-list OUTSIDE-DMZ permit ip any host 10.10.2.3
CCNAS-ASA(config)# access-group OUTSIDE-DMZ in interface outside
Clear the NAT counters using the clear nat counters command.
CCNAS-ASA# clear nat counters
No comments
Note: only a member of this blog may post a comment.