Cisco Certified Security Professional SNAF

Securing Networks with ASA Fundamentals

Lab Manual
Developed by

M. Irfan Ghauri M. Tanzeel Nasir

C-32/1 Block-5 Gulshan-e-Iqbal, Karachi Ph #021-6034003

ESP Press Copyrights 2011

1
ASA Lab Manual

LAB.

LABS DESCRIPTION

PAGE NO.
3

1

ASA Basic & Accessing ASA through Telnet/SSH/HTTP

2

NETWORK ADDRESS TRANSLATION • • • • • • • Nat Control Static NAT Dynamic NAT PAT STATIC PAT POLICY NAT NAT 0

8

3

Fitering ACTIVEX Objects and JAVA Applets

17

4

Transparent Firewall

18

5

Syslog server

20

6

Cut through proxy through LOCAL database & AAA server Downloadable Acl

21

7

24

8 9 10

Tcp intercept Max connection Object Grouping and Time-based Acl Routing a.Static Routing b.Dynamic Routing

29 30 32

2
ASA Lab Manual

11

Dynamic Host Configuration Protocol

34

12

Demilitarized Zone

37

13 14

Intervlan Routing with ASA Modular Policy Framework

39 41

15

Virtual Private Network Site to Site VPN Web VPN Remote Access VPN

42

3
ASA Lab Manual

Lab # 1 ASA Basic
Configuration
How to verify Version
ciscoasa(config)# sh version

How to Set Hostname
ciscoasa(config)# hostname ESP

How to Set Time & Date
ciscoasa# clock set 03:40:50 29 december 2010

How to Set Desired Banners
ciscoasa(config)# banner exec "you are off"

How to Configure a particular Interface
ciscoasa(config)# interface ethernet 0/0 • Assign IP ciscoasa(config-if)# ip address 20.0.0.10 Alive Interface ciscoasa(config-if)# no shutdown Set Speed ciscoasa(config-if)# speed auto Give Label ciscoasa(config-if)# nameif outside Mention Security Level ciscoasa(config-if)# security-level 0 ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto

4
ASA Lab Manual

ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100

How to check Particular Interface information
ciscoasa# sh interface ethernet 0/0 ciscoasa# sh interface ethernet 0/1

How to check the applied IP Addresses on the Device
ciscoasa# sh ip addresses

How to check interface Labels & Security Levels
ciscoasa# sh nameif

How to check Interfaces summary
ciscoasa(config)# sh interface ip brief

How to Save Configuration
ciscoasa(config)# copy running-config start

How to check state table
ciscoasa(config)# sh conn

How to check memory status
ciscoasa# sh memory

How to restrict access on Privilege mode
ciscoasa(config)# enable password cisco

How to check running configuration
ciscoasa(config)# sh run

How to check History of CLI
ciscoasa# sh history

5
ASA Lab Manual

Accessing ASA through Telnet/HTTP/SSH
Configuration
Assigning Speed & IP Address on Inside & Outside Interfaces.

ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside

How to Telnet Adaptive Security Appliance ciscoasa(config)# telnet 10.0.0.4 255.255.255.255 inside ciscoasa(config)# passwd cisco ciscoasa(config)# enable password cisco (Telnet only allow from inside) How to HTTP Adaptive Security Appliance ciscoasa(config)#http server enable ciscoasa(config)#http 10.0.0.1 255.255.255.255 inside How to SSH Adaptive Security Appliance ciscoasa(config)# crypto key generate rsa modulus 1024 ciscoasa(config)# ssh 10.0.0.1 255.255.255.255 inside ciscoasa(config)# ssh 20.0.0.4 255.255.255.255 outside Authentication With local database ciscoasa(config)#username tanzeel password cisco123 ciscoasa(config)# aaa authentication ssh console LOCAL

6
ASA Lab Manual

At Machine 10.0.0.1:

7
ASA Lab Manual

Verification Commands: ciscoasa(config)# show ssh ciscoasa(config)# show ssh session ciscoasa(config)# ssh disconnect session_id ciscoasa(config)# show crypto key mypubkey rsa

8
ASA Lab Manual

Lab # 2 NETWORK ADDRESS TRANSLATION
Network Address Translation allows to translate Private Addresses into Public Addresses
• • • • • • • Nat Control Static NAT Dynamic NAT PAT STATIC PAT POLICY NAT NAT 0

Configuration
Assigning Speed & IP Address on Inside & Outside Interfaces.

ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside ciscoasa (config)#nat-control ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside

9
ASA Lab Manual

STATIC NETWORK ADDRESS TRANSLATION

Configuration
Establish Static NAT & ACLs.

ciscoasa (config)# static (inside,outside) 20.0.0.51 10.0.0.1 ciscoasa (config)# static (inside,outside) 20.0.0.52 10.0.0.2
Verify Configuration by using following commands.

ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1

10
ASA Lab Manual

DYNAMIC NETWORK ADDRESS TRANSLATION

Configuration
Establish Dynamic NAT, POOL & ACLss on Inside Interfaces.

ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 20.0.0.51-20.0.0.60
Verify Configuration by using following commands.

ciscoasa (config)# show running-config global ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1

11
ASA Lab Manual

DYNAMIC PORT ADDRESS TRANSLATION

Configuration
Establish Dynamic PAT, POOL & ACLs

ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 20.0.0.51
OR

Establish Dynamic PAT by assigning Outside Interface IP Address to POOL

ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 interface ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside

12
ASA Lab Manual

Verify Configuration by using following commands.

ciscoasa (config)# show running-config global ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1

13
ASA Lab Manual

STATIC PAT

Configuration
Establish Port Redirection & ACLs

ciscoasa (config)# static (inside,outside) tcp 20.0.0.50 http 10.0.0.1 80
Verify results by browsing 20.0.0.50 from outside machine. (Outside Machine will successfully access local Web Server) Verify Configuration by using following commands.

ciscoasa (config)# show running-config nat ciscoasa (config)# show running-config xlate

14
ASA Lab Manual

POLICY NAT

Configuration
Apply ACLs & NAT POLICY

ciscoasa (config)# access-list 101 permit ip 10.0.0.0 255.0.0.0 host
20.0.0.1

ciscoasa (config)# access-list 102 permit ip 10.0.0.0 255.0.0.0 host
20.0.0.2

ciscoasa (config)# nat (inside) 1 access-list 101 ciscoasa (config)# global (outside) 1 20.0.0.51 ciscoasa (config)# nat (inside) 2 access-list 102 ciscoasa (config)# global (outside) 2 20.0.0.52

15
ASA Lab Manual

Verify Configuration by using following commands.

ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show running-config global

16
ASA Lab Manual

NAT CONTROL AND NAT 0

ALI requires a NAT rule

IP Address 10.0.0.1 E1 ATIF using NAT0 policy 10.0.0.2→10.0.0.2 EO

IP Address 20.0.0.1

IP Address 10.0.0.10

IP Address 20.0.0.10

IP Address 10.0.0.2

IP Address 20.0.0.2

Configuration
Enable Nat control. ciscoasa (config)# nat-control Apply NAT 0 Policy for ATIF. ciscoasa (config)# nat (inside) 0 10.0.0.2 255.255.255.255 Verify Configuration by using following commands. ciscoasa (config)# show xlate ciscoasa (config)# show running-config global

17
ASA Lab Manual

Lab # 3 FILTERING ACTIVEX OBJECTS AND JAVA APPLETS

Configuration
Apply Filters.

ciscoasa (config)# filter java 80 0 0 0 0 ciscoasa (config)# filter activex 80 0 0 0 0
Verify results by browsing outside machine from any inside machine. (Host will successfully access the HTML page )

18
ASA Lab Manual

Lab # 4 TRANSPARENT FIREWALL

IP Address 10.0.0.2

IP Address 10.0.0.1

IP Address 10.0.0.3

Configuration
Assigning Speed & no Shut Inside & Outside Interfaces.

ciscoasa (config)# firewall transparent ciscoasa (config)# interface ethernet 0/0
ciscoasa (config-if)# no shutdown ciscoasa (config-if)# speed auto ciscoasa (config-if)# nameif outside

ciscoasa (config)# interface ethernet 0/1
ciscoasa (config-if)# no shutdown ciscoasa (config-if)# speed auto ciscoasa (config-if)# nameif inside

19
ASA Lab Manual

ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside ciscoasa (config)# ip address 10.0.0.10 255.255.255.0
Verify results by IOS commands.

ciscoasa (config)# show firewall ciscoasa (config)# show mac-address-table

20
ASA Lab Manual

Lab # 5 SYSLOG SERVER

IP Address 10.0.0.1 E1 EO

IP Address 20.0.0.1

IP Address 10.0.0.10

IP Address 20.0.0.10

SYSLOG IP Address 10.0.0.2

IP Address 20.0.0.2

Configuration:
ciscoasa(config)# logging on ciscoasa(config)# logging host inside 10.0.0.2 ciscoasa(config)# logging trap 7

Verification Commands: ciscoasa(config)# show logging

21
ASA Lab Manual

Lab # 6 Cut through proxy through LOCAL database & AAA server

IP Address 10.0.0.2 E1 EO

IP Address 20.0.0.1

IP Address 10.0.0.10 IP Address 10.0.0.3

IP Address 20.0.0.10

IP Address 20.0.0.2 AAA SERVER IP Address 10.0.0.1

Configuration
Cut through Proxy through Local database ciscoasa(config)# username admin password admin ciscoasa(config)# aaa authentication include any inside 0 0 0 0 LOCAL Cut through Proxy with AAA server ciscoasa(config)# aaa-server esp protocol tacacs+ ciscoasa(config-aaa-server-group)# aaa-server esp host 10.0.0.1 cisco123 ciscoasa(config)# aaa authentication include any inside 0 0 0 0 esp

22
ASA Lab Manual

Configuration on ACS server

23
ASA Lab Manual

User accounts on AAA

Verification Commands: ciscoasa(config)# show uauth ciscoasa(config)# clear uauth

24
ASA Lab Manual

Lab # 7 Downloadable Acl

ALI

IP Address 10.0.0.2 E1 EO

IP Address 20.0.0.1

ATIF

IP Address 10.0.0.10 IP Address 10.0.0.3

IP Address 20.0.0.10

IP Address 20.0.0.2 AAA SERVER IP Address 10.0.0.1

Cisco Secure ACS allows to create downloadable ACLs. By this various ACLs can be formed for different users. Downloadable ACL will be activated only when the particular user sign in. Step 1:Configure AAA server using Radius Protocol. ciscoasa(config)# aaa-server esp protocol radius ciscoasa(config-aaa-server-group)# aaa-server esp host 10.0.0.4 cisco ciscoasa(config-aaa-server-host)# aaa authentication include any inside 0 0 0 0 esp

25
ASA Lab Manual

Configuration on ACS server

Step 2:Form Downloadable ACL through Shared profile Components (if Downloadable option is not available then click on Interface Configuration. )

26
ASA Lab Manual

27
ASA Lab Manual

Now option is added in Shared Profile Components

28
ASA Lab Manual

Step 3: Add User “Ali” and apply Downloadable ACL on users profile.

Step 3: Verify results. ( Atif can successfully browse & ftp outside network) BUT ( Ali can only successfully ftp outside network)

Verification Commands: ciscoasa(config)# show uauth ciscoasa(config)# clear uauth ciscoasa(config)# show conn

29
ASA Lab Manual

Lab # 8 TCP Intercept Maximum Connection

IP Address 10.0.0.1 E1 EO

IP Address 20.0.0.1

IP Address 10.0.0.10

IP Address 20.0.0.10

FTP & WEB SERVER IP Address 10.0.0.2

IP Address 20.0.0.2

Configuration:
ciscoasa(config)# static (inside,outside) 20.0.0.50 10.0.0.1 1 0 ciscoasa(config)# access-list 1 permit ip any any ciscoasa(config)# access-group 1 in interface outside

Verification Commands: ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# show show show show running-config static local-host xlate conn

30
ASA Lab Manual

Lab # 9 Object Grouping

IP Address 10.0.0.1 E1 EO

IP Address 20.0.0.1

IP Address 10.0.0.10

IP Address 20.0.0.10

FTP & WEB SERVER IP Address 10.0.0.2

IP Address 20.0.0.2

Configuration:
Create network object ciscoasa(config)# object-group network esp ciscoasa(config-network)# network-object host 20.0.0.1 ciscoasa(config-network)# network-object host 20.0.0.2 ciscoasa(config-network)# network-object host 20.0.0.3 ciscoasa(config-network)# exi Create service object ciscoasa(config)# object-group service httpftp tcp ciscoasa(config-service)# port-object eq 80 ciscoasa(config-service)# port-object eq 21 ciscoasa(config-service)# exi

31
ASA Lab Manual

Calling object in ACL ciscoasa(config)# access-list 101 extended permit tcp object-group esp host 10.0.0.1 object-group httpftp ciscoasa(config)# access-group 101 in interface outside

Time-based Acl
Configuration:
ciscoasa(config)#time-range test ciscoasa(config-time-range)#periodic daily 15:00 to 15:30 ciscoasa(config-time-range)#exit ciscoasa(config)# access-list 101 permit ip any any time-range test ciscoasa(config)#access-group 101 in interface outside Verifying commands ciscoasa(config)# show access-list ciscoasa(config)# show run object-group

32
ASA Lab Manual

Lab # 10 Routing
IP Address 15.0.0.1 E0 IP Address 15.0.0.2 Fa0/0

R2 IP Address 10.0.0.10 Ethernet 1 IP Address 20.0.0.10 Fa0/1

WEB Server
IP Address 20.0.0.1

FTP Server
IP Address 20.0.0.2

Host A IP Address 10.0.0.1

Host B IP Address 10.0.0.2

Configuration :
ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 15.0.0.1 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# nameif outside ciscoasa(config-if)# security-level 0 ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto

33
ASA Lab Manual

ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100

• • • • •

Static Routing Dynamic Routing RIP OSPF EIGRP

Static Routes Commands on Asa ciscoasa(config)#route outside 20.0.0.0 255.0.0.0 15.0.0.2 Rip Commands on Asa ciscoasa(config)#router rip ciscoasa(config-router)#network 15.0.0.0 ciscoasa(config-router)#network 10.0.0.0 Ospf Commands on Asa ciscoasa(config)#router ospf 64 ciscoasa(config-router)#network 15.0.0.0 255.0.0.0 area 0 ciscoasa(config-router)#network 10.0.0.0 255.0.0.0 area 0 Eigrp Commands on Asa ciscoasa(config)#router eigrp 10 ciscoasa(config-router)#network 15.0.0.0 ciscoasa(config-router)#network 10.0.0.0 ciscoasa(config-router)#exit Verifying Commands ciscoasa(config)#sh route ciscoasa(config)#sh rip database ciscoasa(config)#sh ospf interface ciscoasa(config)#sh ospf neighbor ciscoasa(config)# sh eigrp interfaces ciscoasa(config)# sh eigrp neighbors

34
ASA Lab Manual

Lab # 11 DYNAMIC HOST CONFIGURATION PROTOCOL
ASA Firewall has features that let it be Configured as a • DHCP SERVER • DHCP CLIENT •

DHCP SERVER

Configuration
Create POOL for Inside Hosts. ciscoasa(config)# dhcpd address 10.0.0.51-10.0.0.61 inside Enable DHCP on the ASA Firewall. ciscoasa(config)#dhcpd enable inside

35
ASA Lab Manual

Verify Configuration by using following commands. ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# show dhcpd binding show dhcpd state clear dhcpd bindings debug dhcpd events debug dhcpd packet

DHCP CLIENT

Configuration
Step 1: Enable DHCP Client. ciscoasa(config)#int e0/0 ciscoasa(config)# ip address dhcp

36
ASA Lab Manual

Step 2: Define new scope for IP addresses range.

Step 3: Verify Configuration by using following commands. ciscoasa(config)#debug dhcpd events ciscoasa(config)#debug dhcpd packet

37
ASA Lab Manual

Lab # 12 Demilitarized Zone

Configuration
Step 1:Assign IPs and Define Security Levels. ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside

38
ASA Lab Manual

ciscoasa(config)# interface ethernet 0/2 ciscoasa(config-if)# ip address 30.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif dmz Apply PAT for inside Users & Static Nat for server on DMZ Interface. ciscoasa(config)# nat (inside) 1 0 0 ciscoasa(config)# global (outside) 1 interface ciscoasa(config)# static (dmz,outside) 40.0.0.51 30.0.0.1 ciscoasa(config)# static (dmz,outside) 40.0.0.52 30.0.0.2 Establish ACL to allow traffic from lower security level to servers. ciscoasa(config)# access-list 101 permit tcp any host 40.0.0.51 eq www ciscoasa(config)# access-list 101 permit tcp any host 40.0.0.52 eq ftp ciscoasa(config)# access-group 1 in interface outside

Verifying Commands ciscoasa(config)#sh run access-list ciscoasa(config)#sh run interface

39
ASA Lab Manual

Lab # 13 INTER-VLAN ROUTING WITH ASA
IP Address 10.0.0.10 Ethernet 0/1 IP Address 20.0.0.10 Ethernet 0/0

IP Address 10.0.0.1

E 0 / 2.30 30.0.0.10 / 8 Security-level 30

E 0 / 2.40 40.0.0.10 / 8 Security-level 40 Fa 0/24

IP Address 20.0.0.1

Fa 0/3

2950

Fa 0/4

Vlan 30

Vlan 40

WEB Server 30.0.0.1/8 30.0.0.10

FTP Server 40.0.0.1/8 40.0.0.10

Configuration
ciscoasa(config)#Interface Ethernet0/2 ciscoasa(config-if)#no shut ciscoasa(config-if)#no ip add ciscoasa(config-if)#exit

40
ASA Lab Manual

ciscoasa(config)#Interface Ethernet0/2.30 ciscoasa(config-if)#vlan 30 ciscoasa(config-if)#no shutdown ciscoasa(config-if)#nameif www ciscoasa(config-if)#security-level 30 ciscoasa(config-if)#ip address 30.0.0.10 255.0.0.0 ciscoasa(config)#Interface Ethernet0/2.40 ciscoasa(config-if)#vlan 40 ciscoasa(config-if)#no shutdown ciscoasa(config-if)#nameif ftp ciscoasa(config-if)#security-level 40 ciscoasa(config-if)#ip address 40.0.0.10 255.0.0.0 After Configuration inside(100) users access ftp(40) and web(30) service now if u want to allow outside users to access ftp and web service make an access-list to allow them ciscoasa(config)# access-list 101 permit tcp any host 30.0.0.1 eq ftp ciscoasa(config)#access-group 101 in interface outside

Switch configuration
Switch(config)#vlan 30 Switch(config-vlan)#name www Switch(config)#vlan 40 Switch(config-vlan)#name ftp Switch(config)#interface fa0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 30 Switch(config)#interface fa0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 40 Switch(config)#interface fa0/24 Switch(config-if)#switchport mode trunk Verifying Commands ciscoasa(config)#sh run access-list ciscoasa(config)#sh run interface

41
ASA Lab Manual

Lab # 14 MODULAR POLICY FRAMEWORK

Configuration
Step 1:Define Class Name. ASA(config)# class-map http ASA(config-cmap)# match port tcp eq 80 Step 2:Define Classes to the Policy Map ASA(config)# policy-map esp ASA(config-pmap)# class-map http ASA(config-pmap-c)# priority-queue inside ASA(config)# service-policy esp interface inside Step 3:Verify Results by IOS commands. ASA# show service-policy

42
ASA Lab Manual

Lab # 15 SITE TO SITE VPN

IP Address 15.0.0.1 E0

IP Address 15.0.0.2 Fa0/0

WAN
RmtRouter
IP Address 20.0.0.10 Fa0/1

IP Address 10.0.0.10 Ethernet 1

Rmt Users

WEB Server
IP Address 20.0.0.1

FTP Server
Host A IP Address 10.0.0.1 Host B IP Address 10.0.0.2 IP Address 20.0.0.2

Configuration
Site-to-Site Vpn Configuration on Asa ciscoasa(config)#crypto isakmp enable outside ciscoasa(config-isakmp-policy)#crypto isakmp policy 10 ciscoasa(config)# authen pre-share ciscoasa(config)# hash md5 ciscoasa(config)# encrypt des ciscoasa(config)# group 2 ciscoasa(config)# tunnel-group 15.0.0.2 type ipsec-l2l ciscoasa(config)# tunnel-group 15.0.0.2 ipsec-attributes ciscoasa(config-tunnel-ipsec)# pre-shared-key cisco123

43
ASA Lab Manual

ciscoasa(config)# access-list 101 permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0 ciscoasa(config)# crypto ipsec transform-set aset esp-des esp-md5-hmac ciscoasa(config)# crypto map outside_map 1 set peer 15.0.0.2 ciscoasa(config)# crypto map outside_map 1 set transform-set aset ciscoasa(config)#crypto map outside_map 1 match address 101 ciscoasa(config)# crypto map outside_map interface outside

44
ASA Lab Manual

IPsec(Site-to-Site) VPN Wizard

45
ASA Lab Manual

46
ASA Lab Manual

47
ASA Lab Manual

48
ASA Lab Manual

CLIENT LESS WEB VPN
Unlike a standard IPSec VPN which requires specific client software, Web VPN is a clientless Remote-Access VPN that uses a web browser to access a Corporate Network.

IP Address 20.0.0.10 E0

WAN
IP Address 20.0.0.1 With no Vpn client IP Address 10.0.0.10 Ethernet 1

IP Address 20.0.0.5 With no Vpn client

Local FTP Server IP Address 10.0.0.3 Host A IP Address 10.0.0.1 Local web Server IP Address 10.0.0.2

Configuration
SSL VPN Wizard

49
ASA Lab Manual

50
ASA Lab Manual

51
ASA Lab Manual

52
ASA Lab Manual

53
ASA Lab Manual

54
ASA Lab Manual

Verify results by accessing Corporate Network. Type username and password .

55
ASA Lab Manual

Step 3(A): Verify results by IOS commands. ciscoasa# show running-config webvpn

56
ASA Lab Manual

REMOTE-ACCESS VPN
Access VPN provides secure communication with remote users who are working from home and connect through modem or mobile but they should have client Hardware & client Software running on there computers.

IP Address 20.0.0.10 E0

WAN
IP Address 20.0.0.1 With Vpn client IP Address 10.0.0.10 Ethernet 1

IP Address 20.0.0.5 With Vpn client

Local FTP Server IP Address 10.0.0.3 Host A IP Address 10.0.0.1 Local web Server IP Address 10.0.0.2

Configuration
IPsec(Remote-access) VPN Wizard

57
ASA Lab Manual

58
ASA Lab Manual

59
ASA Lab Manual

60
ASA Lab Manual

61
ASA Lab Manual

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.