VARDHAN KHARA (19BCE0833)

INFORMATION SECURITY MANAGEMENT

(CSE3502)

NAME VARDHAN KHARA

REGISTRATION 19BCE0833
NUMBER
SEMESTER WINSEM 21-22
COURSE CSE3502

FACULTY Dr. Lavanya K

SLOT L19 + L20
ASSIGNMENT 1
NUMBER
 VARDHAN KHARA (19BCE0833)

Date of experiment: 6th January 2022

Aim: To configure Cisco ASA Firewall.

Introduction to Firewall:
A firewall is a network security device, either hardware or software-based,
which monitors all incoming and outgoing traffic and based on a defined set of
security rules it accepts, rejects or drops that specific traffic.

Accept : allow the traffic

Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside

untrusted network, such as the Internet.
Firewall match the network traffic against the rule set defined in its table. Once
the rule is matched, associate action is applied to the network traffic. For
example, Rules are defined as any employee from HR department cannot access
the data from code server and at the same time another rule is defined like
system administrator can access the data from both HR and technical
department. Rules can be defined on the firewall based on the necessity and
security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or
incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the
outgoing traffic, originated from the server itself, allowed to pass. Still, setting a
rule on outgoing traffic is always better in order to achieve more security and
prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall
is one of these three major Transport Layer protocols- TCP, UDP or ICMP. All
these types have a source address and destination address. Also, TCP and UDP
have port numbers. ICMP uses type code instead of port number which
identifies purpose of that packet.
 VARDHAN KHARA (19BCE0833)

Components of workflow:
Inside the Cisco Packet Tracer, the components required are:
Component Quanitity
PC 3
Router (2621 XM) 1
Switch (2960-24TT) 1
Server 1
Firewall (5505) 1
Console wire 1
Copper straight through wire 4
Copper cross over wire 1

Component Connection IP Address and Details

Firewall to Switch E0/1 (Firewall), 10.1.1.1
Firewall to Router E0/0 50.1.1.2 (Firewall), F0/0 50.1.1.1
(Router)
Router to Server F0/1 8.8.8.1 (Router), 8.8.8.8 (Server)

Procedure:
1. Setting up the devices.
We take 3 PCs, 1 router, 1 switch, 1 server and 1 Firewall for our experiment.
 VARDHAN KHARA (19BCE0833)

2. Device connection and configuration

We configure the devices by connection and write notes for the details

3. Removing dhcp address range for PC2

We type in terminal commands to remove the dhcp address and then check
also.
Command:
ciscoasa(config)#no dhcpd address 192.168.1.5-192.168.1.36 inside
 VARDHAN KHARA (19BCE0833)

4. Changing the IP Address and security level of vlan 1 and vlan 2

For vlan 1:

Command for IP Address: ciscoasa(config-if)#ip add 10.1.1.1 255.0.0.0

Command for security: ciscoasa(config-if)#security-level 100

For vlan 2:
Command for IP Address: ciscoasa(config-if)#ip add 50.1.1.2 255.0.0.0
Command for security: ciscoasa(config-if)#security-level 0

5. Setting up IP Address of the router

We go to CLI of router and change the IP for F0/0 and F0/1.
Command:
Router(config)#int f0/0
Router(config-if)#ip add 50.1.1.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#no shutdown
 VARDHAN KHARA (19BCE0833)

6. Setting up IP Address of the Google Server.

We go to the desktop→IP Configuration and make changes in IP Address over
there.

7. Configure DHCP server and DNS IP on ASA

We turn the PC0 and PC1 IP Config into DHCP mode and then go to PC2
terminal to configure the DHCP Server and DNS IP on ASA

Command: ciscoasa(config)#dhcpd dns 8.8.8.8 interface inside

 VARDHAN KHARA (19BCE0833)

8. Configure Default route on ASA

We go to the terminal of PC2 and use the route command

Command: ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 50.1.1.1

9. Configure OSPF on ISP Router

We go to the CLI of the ISP Router and configure the OSPF on ISP Router
Command:
Router(config-router)#net 50.0.0.0 0.255.255.255 area 0
 VARDHAN KHARA (19BCE0833)

Router(config-router)#net 8.0.0.0 0.255.255.255 area 0

10. Create object Network and Enable NAT on ASA

We go to the terminal of PC2 again and create object network LAN and provide
subnet. After that, enable the NAT inside and outside on ASA.
Command for object network creation:
ciscoasa(config)#object network LAN
ciscoasa(config-network-object)#subnet 10.0.0.0 255.0.0.0
Command for NAT:
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface
 VARDHAN KHARA (19BCE0833)

11. Checking for ping on PC0 and PC1

We do not get any reply as we have not configured the ACL yet.
Command: ping -t 8.8.8.8

12. Configuring the ACL on ASA

We create access list where once, it is permitted for tcp, from any source to
any destination. The second access list is permitted for icmp, from any source
to any destination.
Command:
ciscoasa(config)#access-list oti extended permit tcp any any
ciscoasa(config)#access-list oti extended permit icmp any any
ciscoasa(config)#access-group oti in interface out
 VARDHAN KHARA (19BCE0833)

In the photos below, we see that the PC0 and PC1 have started getting reply
after hitting enter.
PC0:

PC1:
 VARDHAN KHARA (19BCE0833)

13. Verifying the experiment.

We send a packet from PC0 to Server and see if it is successfully received or
not, indicating whether our firewall is successfully configured or not. In the
photo below, we see that the packet is passed successfully and this concludes
our experiment.
 VARDHAN KHARA (19BCE0833)

Conclusion: We have hence successfully configured the firewall and we are able
to access the DNS server passing through the firewall. The experiment was
completed on 6th January 2022, and it can be seen in the above photo.