Cisco Certified Security Professional SNAF

Securing Networks with ASA Fundamentals

Lab Manual
Developed by

M. Irfan Ghauri M. Tanzeel Nasir

C-32/1 Block-5 Gulshan-e-Iqbal, Karachi Ph #021-6034003

ESP Press Copyrights 2011

1
ASA Lab Manual

LAB.

LABS DESCRIPTION

PAGE NO.
3

1

ASA Basic & Accessing ASA through Telnet/SSH/HTTP

2

NETWORK ADDRESS TRANSLATION • • • • • • • Nat Control Static NAT Dynamic NAT PAT STATIC PAT POLICY NAT NAT 0

8

3

Fitering ACTIVEX Objects and JAVA Applets

17

4

Transparent Firewall

18

5

Syslog server

20

6

Cut through proxy through LOCAL database & AAA server Downloadable Acl

21

7

24

8 9 10

Tcp intercept Max connection Object Grouping and Time-based Acl Routing a.Static Routing b.Dynamic Routing

29 30 32

2
ASA Lab Manual

11

Dynamic Host Configuration Protocol

34

12

Demilitarized Zone

37

13 14

Intervlan Routing with ASA Modular Policy Framework

39 41

15

Virtual Private Network Site to Site VPN Web VPN Remote Access VPN

42

10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto • • • • .0.3 ASA Lab Manual Lab # 1 ASA Basic Configuration How to verify Version ciscoasa(config)# sh version How to Set Hostname ciscoasa(config)# hostname ESP How to Set Time & Date ciscoasa# clock set 03:40:50 29 december 2010 How to Set Desired Banners ciscoasa(config)# banner exec "you are off" How to Configure a particular Interface ciscoasa(config)# interface ethernet 0/0 • Assign IP ciscoasa(config-if)# ip address 20.0.0.0.10 Alive Interface ciscoasa(config-if)# no shutdown Set Speed ciscoasa(config-if)# speed auto Give Label ciscoasa(config-if)# nameif outside Mention Security Level ciscoasa(config-if)# security-level 0 ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.

4 ASA Lab Manual ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100 How to check Particular Interface information ciscoasa# sh interface ethernet 0/0 ciscoasa# sh interface ethernet 0/1 How to check the applied IP Addresses on the Device ciscoasa# sh ip addresses How to check interface Labels & Security Levels ciscoasa# sh nameif How to check Interfaces summary ciscoasa(config)# sh interface ip brief How to Save Configuration ciscoasa(config)# copy running-config start How to check state table ciscoasa(config)# sh conn How to check memory status ciscoasa# sh memory How to restrict access on Privilege mode ciscoasa(config)# enable password cisco How to check running configuration ciscoasa(config)# sh run How to check History of CLI ciscoasa# sh history .

0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.255.0.0.255.0.4 255.1 255.255.255 inside ciscoasa(config)# ssh 20.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside How to Telnet Adaptive Security Appliance ciscoasa(config)# telnet 10.255 inside How to SSH Adaptive Security Appliance ciscoasa(config)# crypto key generate rsa modulus 1024 ciscoasa(config)# ssh 10.4 255.5 ASA Lab Manual Accessing ASA through Telnet/HTTP/SSH Configuration Assigning Speed & IP Address on Inside & Outside Interfaces.0. ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.255 outside Authentication With local database ciscoasa(config)#username tanzeel password cisco123 ciscoasa(config)# aaa authentication ssh console LOCAL .0.1 255.255 inside ciscoasa(config)# passwd cisco ciscoasa(config)# enable password cisco (Telnet only allow from inside) How to HTTP Adaptive Security Appliance ciscoasa(config)#http server enable ciscoasa(config)#http 10.255.255.255.255.0.0.0.0.0.255.

6 ASA Lab Manual At Machine 10.1: .0.0.

7 ASA Lab Manual Verification Commands: ciscoasa(config)# show ssh ciscoasa(config)# show ssh session ciscoasa(config)# ssh disconnect session_id ciscoasa(config)# show crypto key mypubkey rsa .

0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0. ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.8 ASA Lab Manual Lab # 2 NETWORK ADDRESS TRANSLATION Network Address Translation allows to translate Private Addresses into Public Addresses • • • • • • • Nat Control Static NAT Dynamic NAT PAT STATIC PAT POLICY NAT NAT 0 Configuration Assigning Speed & IP Address on Inside & Outside Interfaces.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside ciscoasa (config)#nat-control ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside .

ciscoasa (config)# static (inside.52 10.0.9 ASA Lab Manual STATIC NETWORK ADDRESS TRANSLATION Configuration Establish Static NAT & ACLs.0.1 ciscoasa (config)# static (inside.0.51 10.0.2 Verify Configuration by using following commands.0. ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1 .outside) 20.outside) 20.0.0.0.

0.51-20.0. POOL & ACLss on Inside Interfaces.60 Verify Configuration by using following commands. ciscoasa (config)# show running-config global ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1 . ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 20.0.10 ASA Lab Manual DYNAMIC NETWORK ADDRESS TRANSLATION Configuration Establish Dynamic NAT.0.

11 ASA Lab Manual DYNAMIC PORT ADDRESS TRANSLATION Configuration Establish Dynamic PAT.0.0.51 OR Establish Dynamic PAT by assigning Outside Interface IP Address to POOL ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 interface ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside . POOL & ACLs ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 20.

12 ASA Lab Manual Verify Configuration by using following commands. ciscoasa (config)# show running-config global ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1 .

0.0. (Outside Machine will successfully access local Web Server) Verify Configuration by using following commands. ciscoasa (config)# show running-config nat ciscoasa (config)# show running-config xlate .0.outside) tcp 20.0.0.13 ASA Lab Manual STATIC PAT Configuration Establish Port Redirection & ACLs ciscoasa (config)# static (inside.1 80 Verify results by browsing 20.50 http 10.0.50 from outside machine.

0.0.0.0 255.0 host 20.0.0.0.14 ASA Lab Manual POLICY NAT Configuration Apply ACLs & NAT POLICY ciscoasa (config)# access-list 101 permit ip 10.0.0.0 host 20.0.0.0.0 255.0.51 ciscoasa (config)# nat (inside) 2 access-list 102 ciscoasa (config)# global (outside) 2 20.0.0.0.52 .0.1 ciscoasa (config)# access-list 102 permit ip 10.2 ciscoasa (config)# nat (inside) 1 access-list 101 ciscoasa (config)# global (outside) 1 20.

15 ASA Lab Manual Verify Configuration by using following commands. ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show running-config global .

0.255 Verify Configuration by using following commands.2 255.0.0.10 IP Address 20.2 IP Address 20. ciscoasa (config)# show xlate ciscoasa (config)# show running-config global .0.0.0.0.0. ciscoasa (config)# nat-control Apply NAT 0 Policy for ATIF.1 IP Address 10.0.0.0.2 EO IP Address 20.0.0.255.16 ASA Lab Manual NAT CONTROL AND NAT 0 ALI requires a NAT rule IP Address 10.0.10 IP Address 10.0.2→10. ciscoasa (config)# nat (inside) 0 10.0.255.0.1 E1 ATIF using NAT0 policy 10.0.2 Configuration Enable Nat control.

17 ASA Lab Manual Lab # 3 FILTERING ACTIVEX OBJECTS AND JAVA APPLETS Configuration Apply Filters. ciscoasa (config)# filter java 80 0 0 0 0 ciscoasa (config)# filter activex 80 0 0 0 0 Verify results by browsing outside machine from any inside machine. (Host will successfully access the HTML page ) .

0.0.1 IP Address 10.0.18 ASA Lab Manual Lab # 4 TRANSPARENT FIREWALL IP Address 10.0.2 IP Address 10.3 Configuration Assigning Speed & no Shut Inside & Outside Interfaces.0.0. ciscoasa (config)# firewall transparent ciscoasa (config)# interface ethernet 0/0 ciscoasa (config-if)# no shutdown ciscoasa (config-if)# speed auto ciscoasa (config-if)# nameif outside ciscoasa (config)# interface ethernet 0/1 ciscoasa (config-if)# no shutdown ciscoasa (config-if)# speed auto ciscoasa (config-if)# nameif inside .

0.10 255.255.0.255.0 Verify results by IOS commands. ciscoasa (config)# show firewall ciscoasa (config)# show mac-address-table .19 ASA Lab Manual ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside ciscoasa (config)# ip address 10.

20 ASA Lab Manual Lab # 5 SYSLOG SERVER IP Address 10.2 Configuration: ciscoasa(config)# logging on ciscoasa(config)# logging host inside 10.0.0.10 SYSLOG IP Address 10.0.0.0.10 IP Address 20.0.0.0.2 IP Address 20.0.1 E1 EO IP Address 20.0.0.0.1 IP Address 10.2 ciscoasa(config)# logging trap 7 Verification Commands: ciscoasa(config)# show logging .0.0.

21
ASA Lab Manual

Lab # 6 Cut through proxy through LOCAL database & AAA server

IP Address 10.0.0.2 E1 EO

IP Address 20.0.0.1

IP Address 10.0.0.10 IP Address 10.0.0.3

IP Address 20.0.0.10

IP Address 20.0.0.2 AAA SERVER IP Address 10.0.0.1

Configuration
Cut through Proxy through Local database ciscoasa(config)# username admin password admin ciscoasa(config)# aaa authentication include any inside 0 0 0 0 LOCAL Cut through Proxy with AAA server ciscoasa(config)# aaa-server esp protocol tacacs+ ciscoasa(config-aaa-server-group)# aaa-server esp host 10.0.0.1 cisco123 ciscoasa(config)# aaa authentication include any inside 0 0 0 0 esp

22
ASA Lab Manual

Configuration on ACS server

23
ASA Lab Manual

User accounts on AAA

Verification Commands: ciscoasa(config)# show uauth ciscoasa(config)# clear uauth

0.4 cisco ciscoasa(config-aaa-server-host)# aaa authentication include any inside 0 0 0 0 esp .10 IP Address 10.0.0.0. By this various ACLs can be formed for different users. Step 1:Configure AAA server using Radius Protocol.0.3 IP Address 20.10 IP Address 20. Downloadable ACL will be activated only when the particular user sign in.2 AAA SERVER IP Address 10. ciscoasa(config)# aaa-server esp protocol radius ciscoasa(config-aaa-server-group)# aaa-server esp host 10.0.0.0.0.0.2 E1 EO IP Address 20.24 ASA Lab Manual Lab # 7 Downloadable Acl ALI IP Address 10.0.1 ATIF IP Address 10.0.0.0.0.1 Cisco Secure ACS allows to create downloadable ACLs.0.

25 ASA Lab Manual Configuration on ACS server Step 2:Form Downloadable ACL through Shared profile Components (if Downloadable option is not available then click on Interface Configuration. ) .

26 ASA Lab Manual .

27 ASA Lab Manual Now option is added in Shared Profile Components .

( Atif can successfully browse & ftp outside network) BUT ( Ali can only successfully ftp outside network) Verification Commands: ciscoasa(config)# show uauth ciscoasa(config)# clear uauth ciscoasa(config)# show conn . Step 3: Verify results.28 ASA Lab Manual Step 3: Add User “Ali” and apply Downloadable ACL on users profile.

29 ASA Lab Manual Lab # 8 TCP Intercept Maximum Connection IP Address 10.0.0.10 IP Address 20.0.1 IP Address 10.1 1 0 ciscoasa(config)# access-list 1 permit ip any any ciscoasa(config)# access-group 1 in interface outside Verification Commands: ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# show show show show running-config static local-host xlate conn .50 10.0.2 Configuration: ciscoasa(config)# static (inside.0.0.1 E1 EO IP Address 20.0.0.0.0.0.0.2 IP Address 20.0.outside) 20.0.0.0.10 FTP & WEB SERVER IP Address 10.

0.1 IP Address 10.0.0.10 IP Address 20.0.1 ciscoasa(config-network)# network-object host 20.0.0.0.2 Configuration: Create network object ciscoasa(config)# object-group network esp ciscoasa(config-network)# network-object host 20.0.3 ciscoasa(config-network)# exi Create service object ciscoasa(config)# object-group service httpftp tcp ciscoasa(config-service)# port-object eq 80 ciscoasa(config-service)# port-object eq 21 ciscoasa(config-service)# exi .0.0.0.1 E1 EO IP Address 20.0.30 ASA Lab Manual Lab # 9 Object Grouping IP Address 10.2 ciscoasa(config-network)# network-object host 20.0.0.0.0.0.10 FTP & WEB SERVER IP Address 10.2 IP Address 20.0.

31 ASA Lab Manual Calling object in ACL ciscoasa(config)# access-list 101 extended permit tcp object-group esp host 10.0.0.1 object-group httpftp ciscoasa(config)# access-group 101 in interface outside Time-based Acl Configuration: ciscoasa(config)#time-range test ciscoasa(config-time-range)#periodic daily 15:00 to 15:30 ciscoasa(config-time-range)#exit ciscoasa(config)# access-list 101 permit ip any any time-range test ciscoasa(config)#access-group 101 in interface outside Verifying commands ciscoasa(config)# show access-list ciscoasa(config)# show run object-group .

32 ASA Lab Manual Lab # 10 Routing IP Address 15.2 Configuration : ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 15.1 E0 IP Address 15.0.0.0.0.10 Ethernet 1 IP Address 20.1 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# nameif outside ciscoasa(config-if)# security-level 0 ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto .10 Fa0/1 WEB Server IP Address 20.0.0.1 Host B IP Address 10.0.0.0.0.0.0.0.0.0.1 FTP Server IP Address 20.2 Fa0/0 R2 IP Address 10.0.2 Host A IP Address 10.0.0.

0.0.0.0 ciscoasa(config-router)#network 10.0.33 ASA Lab Manual ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100 • • • • • Static Routing Dynamic Routing RIP OSPF EIGRP Static Routes Commands on Asa ciscoasa(config)#route outside 20.0.0.0.0 255.0.0 ciscoasa(config-router)#network 10.0 area 0 Eigrp Commands on Asa ciscoasa(config)#router eigrp 10 ciscoasa(config-router)#network 15.0.0.0 15.0.0.0 ciscoasa(config-router)#exit Verifying Commands ciscoasa(config)#sh route ciscoasa(config)#sh rip database ciscoasa(config)#sh ospf interface ciscoasa(config)#sh ospf neighbor ciscoasa(config)# sh eigrp interfaces ciscoasa(config)# sh eigrp neighbors .0.0.0 255.0 255.0.0.0.0 area 0 ciscoasa(config-router)#network 10.0.0 Ospf Commands on Asa ciscoasa(config)#router ospf 64 ciscoasa(config-router)#network 15.0.0.2 Rip Commands on Asa ciscoasa(config)#router rip ciscoasa(config-router)#network 15.0.0.

ciscoasa(config)# dhcpd address 10.0.0.61 inside Enable DHCP on the ASA Firewall.0.34 ASA Lab Manual Lab # 11 DYNAMIC HOST CONFIGURATION PROTOCOL ASA Firewall has features that let it be Configured as a • DHCP SERVER • DHCP CLIENT • DHCP SERVER Configuration Create POOL for Inside Hosts.0.51-10. ciscoasa(config)#dhcpd enable inside .

35 ASA Lab Manual Verify Configuration by using following commands. ciscoasa(config)#int e0/0 ciscoasa(config)# ip address dhcp . ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# show dhcpd binding show dhcpd state clear dhcpd bindings debug dhcpd events debug dhcpd packet DHCP CLIENT Configuration Step 1: Enable DHCP Client.

ciscoasa(config)#debug dhcpd events ciscoasa(config)#debug dhcpd packet .36 ASA Lab Manual Step 2: Define new scope for IP addresses range. Step 3: Verify Configuration by using following commands.

10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside .37 ASA Lab Manual Lab # 12 Demilitarized Zone Configuration Step 1:Assign IPs and Define Security Levels. ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.0.0.

0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif dmz Apply PAT for inside Users & Static Nat for server on DMZ Interface.2 Establish ACL to allow traffic from lower security level to servers.0.1 ciscoasa(config)# static (dmz.52 eq ftp ciscoasa(config)# access-group 1 in interface outside Verifying Commands ciscoasa(config)#sh run access-list ciscoasa(config)#sh run interface .52 30. ciscoasa(config)# nat (inside) 1 0 0 ciscoasa(config)# global (outside) 1 interface ciscoasa(config)# static (dmz.0.0.outside) 40.0.outside) 40.38 ASA Lab Manual ciscoasa(config)# interface ethernet 0/2 ciscoasa(config-if)# ip address 30.51 eq www ciscoasa(config)# access-list 101 permit tcp any host 40.0.0.0.0.51 30.0.0.0.0. ciscoasa(config)# access-list 101 permit tcp any host 40.

10 Configuration ciscoasa(config)#Interface Ethernet0/2 ciscoasa(config-if)#no shut ciscoasa(config-if)#no ip add ciscoasa(config-if)#exit .0.0.0.10 / 8 Security-level 30 E 0 / 2.0.0.0.0.0.10 FTP Server 40.1/8 40.10 Ethernet 0/0 IP Address 10.39 ASA Lab Manual Lab # 13 INTER-VLAN ROUTING WITH ASA IP Address 10.0.0.0.0.0.0.0.0.0.40 40.0.10 Ethernet 0/1 IP Address 20.1 E 0 / 2.0.1 Fa 0/3 2950 Fa 0/4 Vlan 30 Vlan 40 WEB Server 30.1/8 30.30 30.10 / 8 Security-level 40 Fa 0/24 IP Address 20.0.

0.0.0.1 eq ftp ciscoasa(config)#access-group 101 in interface outside Switch configuration Switch(config)#vlan 30 Switch(config-vlan)#name www Switch(config)#vlan 40 Switch(config-vlan)#name ftp Switch(config)#interface fa0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 30 Switch(config)#interface fa0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 40 Switch(config)#interface fa0/24 Switch(config-if)#switchport mode trunk Verifying Commands ciscoasa(config)#sh run access-list ciscoasa(config)#sh run interface .30 ciscoasa(config-if)#vlan 30 ciscoasa(config-if)#no shutdown ciscoasa(config-if)#nameif www ciscoasa(config-if)#security-level 30 ciscoasa(config-if)#ip address 30.10 255.0 After Configuration inside(100) users access ftp(40) and web(30) service now if u want to allow outside users to access ftp and web service make an access-list to allow them ciscoasa(config)# access-list 101 permit tcp any host 30.0 ciscoasa(config)#Interface Ethernet0/2.0.40 ciscoasa(config-if)#vlan 40 ciscoasa(config-if)#no shutdown ciscoasa(config-if)#nameif ftp ciscoasa(config-if)#security-level 40 ciscoasa(config-if)#ip address 40.0.0.0.0.40 ASA Lab Manual ciscoasa(config)#Interface Ethernet0/2.0.0.10 255.

ASA# show service-policy . ASA(config)# class-map http ASA(config-cmap)# match port tcp eq 80 Step 2:Define Classes to the Policy Map ASA(config)# policy-map esp ASA(config-pmap)# class-map http ASA(config-pmap-c)# priority-queue inside ASA(config)# service-policy esp interface inside Step 3:Verify Results by IOS commands.41 ASA Lab Manual Lab # 14 MODULAR POLICY FRAMEWORK Configuration Step 1:Define Class Name.

0.0.0.2 Fa0/0 WAN RmtRouter IP Address 20.1 Host B IP Address 10.0.0.1 FTP Server Host A IP Address 10.0.10 Ethernet 1 Rmt Users WEB Server IP Address 20.2 type ipsec-l2l ciscoasa(config)# tunnel-group 15.0.0.0.0.0.0.10 Fa0/1 IP Address 10.0.0.0.1 E0 IP Address 15.2 IP Address 20.0.0.0.2 Configuration Site-to-Site Vpn Configuration on Asa ciscoasa(config)#crypto isakmp enable outside ciscoasa(config-isakmp-policy)#crypto isakmp policy 10 ciscoasa(config)# authen pre-share ciscoasa(config)# hash md5 ciscoasa(config)# encrypt des ciscoasa(config)# group 2 ciscoasa(config)# tunnel-group 15.0.2 ipsec-attributes ciscoasa(config-tunnel-ipsec)# pre-shared-key cisco123 .0.42 ASA Lab Manual Lab # 15 SITE TO SITE VPN IP Address 15.

0 20.0.43 ASA Lab Manual ciscoasa(config)# access-list 101 permit ip 10.0.0.0.2 ciscoasa(config)# crypto map outside_map 1 set transform-set aset ciscoasa(config)#crypto map outside_map 1 match address 101 ciscoasa(config)# crypto map outside_map interface outside .0 ciscoasa(config)# crypto ipsec transform-set aset esp-des esp-md5-hmac ciscoasa(config)# crypto map outside_map 1 set peer 15.0.0 255.0.0.0.0 255.0.0.

44 ASA Lab Manual IPsec(Site-to-Site) VPN Wizard .

45 ASA Lab Manual .

46 ASA Lab Manual .

47 ASA Lab Manual .

0.48 ASA Lab Manual CLIENT LESS WEB VPN Unlike a standard IPSec VPN which requires specific client software. IP Address 20.5 With no Vpn client Local FTP Server IP Address 10.3 Host A IP Address 10.0.0.0.0.0.0.0.0.0.0.0.0.2 Configuration SSL VPN Wizard .1 With no Vpn client IP Address 10.1 Local web Server IP Address 10.10 Ethernet 1 IP Address 20.10 E0 WAN IP Address 20. Web VPN is a clientless Remote-Access VPN that uses a web browser to access a Corporate Network.0.

49 ASA Lab Manual .

50 ASA Lab Manual .

51 ASA Lab Manual .

52 ASA Lab Manual .

53 ASA Lab Manual .

54 ASA Lab Manual Verify results by accessing Corporate Network. . Type username and password .

55 ASA Lab Manual Step 3(A): Verify results by IOS commands. ciscoasa# show running-config webvpn .

5 With Vpn client Local FTP Server IP Address 10. IP Address 20.56 ASA Lab Manual REMOTE-ACCESS VPN Access VPN provides secure communication with remote users who are working from home and connect through modem or mobile but they should have client Hardware & client Software running on there computers.0.0.0.1 With Vpn client IP Address 10.0.0.0.0.0.0.3 Host A IP Address 10.0.10 E0 WAN IP Address 20.0.1 Local web Server IP Address 10.10 Ethernet 1 IP Address 20.0.0.2 Configuration IPsec(Remote-access) VPN Wizard .0.

57 ASA Lab Manual .

58 ASA Lab Manual .

59 ASA Lab Manual .

60 ASA Lab Manual .

61 ASA Lab Manual .

Sign up to vote on this title
UsefulNot useful