You are on page 1of 4

Practice Lab On Firewall (ASA 8.

4+)

1 Shubham Kant Rai shubham.kant.rai@gmail.com

Lab Scenario : R1 and R2 are on the Inside of the ASA1 and ASA2. Following are the ip addresses pre-configured on the routers: R1 F0/0 – 10.10.10.1/24 (vlan10) R1 Loopback 0 – 10.1.1.1/24 Default Route to 10.10.10.10/24 R2 F0/0 – 10.10.10.2/24 (vlan10) R2 Loopback 0 – 10.2.2.2/24 Default Route to 10.10.10.10/24 R3 F0/0 – 200.1.30.3/24 (vlan30) R3 F0/1 – 200.1.35.3/24 (vlan35) Routing Protocol – Eigrp 123 R4 F0/0 – 200.1.40.4/24 (vlan40) R4 F0/1 – 200.1.45.4/24 (vlan45) Routing Protocol – Eigrp 123 R5 F0/0 – 200.1.35.5/24 (vlan35) R5 F0/1 – 200.1.45.5/24 (vlan45) R5 Loopback – 8.8.8.8/24 Routing Protocol – Eigrp 123

2 Shubham Kant Rai shubham.kant.rai@gmail.com

TASK 1 Configure ASA1 for Redundant Interface with G0/0 and G0/1 as member interfaces with the following parameters: Active ip address : 10.10.10.10/24 Standby ip address : 10.10.10.11/24 Nameif : Inside TASK 2 Configure ASA1 for Port-channel 1 with G0/2 and G0/3 as members with the following parameters: Active ip address : 200.1.40.10/24 (vlan40) Standy ip address : 200.1.40.11/24 (vlan 40) Nameif : Outside Mode : Active TASK 3 Configure ASA1 G0/4 interface with the following parameters: Active ip address : 200.1.30.10/24 (vlan 30) Standby ip address : 200.1.30.11/24 (vlan 30) Nameif : Backup TASK 4 Configure ASA1 G0/5 as the stateful failover interface with the following parameters: Nameif : AFOVER Active ip address : 111.111.111.110/24 (vlan 100) Standby ip address : 111.111.111.111/24 (vlan 100) Unit : Primary ASA2: Unit : Secondary. TASK 5 Configure ASA1 for the full connectivity using static and default routes. Check the connectivity by pinging 10.1.1.1 , 10.2.2.2 , 8.8.8.8.

3 Shubham Kant Rai shubham.kant.rai@gmail.com

TASK 6 Configure SLA monitoring on ASA1 with the following parameters : Primary / Tracked route : Outside Secondary route : Backup Number of packets : 3 Frequency : 1 second Test the connectivity to Internet Root DNS Server : 8.8.8.8/24 Run EIGRP 123 among R3, R4 and R5 to simulate the ISP network. Make sure that backup route is placed in the routing table within 2 seconds the primary route fails. TASK 7 Statically translate R1 F0/0 to 200.1.30.1 on backup and 200.1.40.1 on outside. R2 F0/0 should be mapped to the outside and the backup interface. TASK 8 Allow R1 and R2 to ping R3 and R4 and check for translations on ASA1. Also allow R3 and R4 to telnet in to R1. TASK 9 Make R1 the web server. Configure ASA such that if anyone comes outside on port 8080, it should be redirected to R1’s Loopback on port 80. Check the translation on ASA by initiating the connection on port 80 from R4.

4 Shubham Kant Rai shubham.kant.rai@gmail.com