Scribd Logo
Upload

Welcome to Scribd!

  • Questions Q: Q:: 9.2.4 Configure Interfaces and Security Levels

    Uploaded by

    rajesh tenet
    41 views2 pages
    Dummy 1

    Original Title

    ASA_LAB_Cisco 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Dummy 1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    41 views2 pages

    Questions Q: Q:: 9.2.4 Configure Interfaces and Security Levels

    Uploaded by

    rajesh tenet
    Dummy 1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Null Dummy

    The Cisco PIX and ASA firewall devices are hardware devices built specifically for firewalling, unlike
    the firewall software running on routers which we have encountered in previous labs. The device
    (or
    being simulated) in this lab is a PIX 525, a medium to large enterprise device, with up to eight
    10/100
    Fast Ethernet interfaces, or three Gigabit interfaces.
    Display the list of commands available in Privilege mode using ?
    View the PIX configuration file with the command show running-config
    Questions
    Q: Which version of the ASA firewall Operating System is running?
    Q: Compared to a router, which extra attributes can be defined for each interface of the ASA?
    9.2.4 Configure Interfaces and Security Levels
    ASA security devices use an algorithm called the Adaptive Security Algorithm (ASA), which allows
    traffic to flow between the interfaces depending on the security level set on the interfaces
    (related
    to the trust levels for each attached network). The security trust level value can be set from 0 (the
    lowest) to 100) the highest). By default the inside interface (trusted network) is set to 100, and the
    outside interface (untrusted Internet) is set to 0. Other networks, such as DMZs are set to values
    of
    1-99.
    By default, the ASA allows traffic to flow from a higher security level to a lower one, and between
    levels with the same value, but blocks traffic flowing from a lower level to a higher one, as shown
    in
    the figure below.

    Configure the Interfaces


    Certain attributes must be set on the interfaces, and then the default security behaviour can be
    observed.
    Set up the outside interface, which is connected to the internet, using the following commands.
    ciscoasa(config)# interface gigabitEthernet 0
    ciscoasa(config-if)# nameif outside
    INFO: Security level for "outside" set to 0 by default.
    ciscoasa(config-if)# ip address 10.1.Y.254 255.255.255.0
    Additionally configure the MAC Address on the interfaces with the following command, using the
    format <ca0 module code grpno 0 intno> such as the following for module csn11118 group 99:
    ciscoasa(config-if)# mac-address 0001.1118.9900
    ciscoasa(config-if)# no shutdown
    Set up the inside interface, which is connected to the trusted internal network:
    ciscoasa(config)# interface gigabitEthernet 1
    ciscoasa(config-if)# nameif inside
    INFO: Security level for "inside" set to 100 by default.
    ciscoasa(config-if)# ip address 192.168.X.254 255.255.255.0
    ciscoasa(config-if)# mac-address 000p.pppp.qq0r
    ciscoasa(config-if)# no shutdown
    Set up the DMZ interface, which is connected to the DMZ network:
    ciscoasa(config)# interface Ethernet2
    ciscoasa(config-if)# nameif dmz
    ciscoasa(config-if)# security-level 50
    ciscoasa(config-if)# ip address 192.168.Z.254 255.255.255.0
    ciscoasa(config-if)# mac-address 000p.pppp.qq0r
    ciscoasa(config-if)# no shutdown
    Annotate your diagram/notes with the security trust levels for each interaface/connected network.

    You might also like