Scribd Logo
Upload

Welcome to Scribd!

  • Asa Cisco

    Uploaded by

    andrea allegra
    11 views28 pages

    Original Title

    ASA_CISCO

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views28 pages

    Asa Cisco

    Uploaded by

    andrea allegra

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    SISTEMI E RETI

    ASA Cisco

    A cura dell’Ing. Claudio Traini


    Adaptive Security Appliance
    Adaptive Security Appliance
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505
    ASA 5505

    CONFIGURAZIONE DI RETE DELLA INSIDE NETWORK

    ciscoasa(config)# interface vlan 1


    ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0
    ciscoasa(config-if)# no shutdown
    ciscoasa(config-if)# nameif inside
    ciscoasa(config-if)# security-level 100
    ASA 5505

    CONFIGURAZIONE DI RETE DELLA OUTSIDE NETWORK

    ciscoasa(config)# interface vlan 2


    ciscoasa(config-if)# ip address 10.10.10.2 255.255.255.252
    ciscoasa(config-if)# no shutdown
    ciscoasa(config-if)# nameif outside
    ciscoasa(config-if)#s ecurity-level 0
    ASA 5505

    APPLICHIAMO LE CONFIGURAZIONI ALLE INTERFACCE

    ciscoasa(config)# interface ethernet 0/0


    ciscoasa(config-if)# switchport access vlan 1

    ciscoasa(config)# interface ethernet 0/1


    ciscoasa(config-if)# switchport access vlan 2
    ASA 5505

    ABILITIAMO LA DEFAULT ROUTE SUL FIREWALL

    ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 10.10.10.1


    ASA 5505

    ABILITIAMO IL SERVIZIO NAT TRA RETE INTERNA


    E RETE ESTERNA

    ciscoasa(config)# object network LAN


    ciscoasa(config-network-object)# subnet 172.16.1.0 255.255.255.0
    ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
    ASA 5505

    CREIAMO LE ACCESS LIST PER


    PERMETTERE IL TRAFFICO

    ciscoasa(config)# access-list inside_internet extended permit tcp any any


    ciscoasa(config)# access-list inside_internet extended permit icmp any any
    ciscoasa(config)# access-group inside_internet in interface outside
    ASA 5505 - DMZ
    ASA 5505 - DMZ

    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.0.1 255.255.255.0

    interface Vlan2
    nameif outside
    security-level 0
    ip address 198.51.100.100 255.255.255.0

    interface Vlan3
    no forward interface Vlan1
    nameif dmz
    security-level 50
    ip address 192.168.1.1 255.255.255.0
    ASA 5505 - DMZ

    interface Ethernet0/0
    switchport access vlan 2

    interface Ethernet0/1
    switchport access vlan 1

    interface Ethernet0/2
    switchport access vlan 3
    ASA 5505 - DMZ

    object network dmz-subnet


    subnet 192.168.1.0 255.255.255.0

    object network inside-subnet


    subnet 192.168.0.0 255.255.255.0

    object network webserver


    host 192.168.1.10
    ASA 5505 - DMZ

    route outside 0.0.0.0 0.0.0.0 198.51.100.1


    ASA 5505 - DMZ

    object network inside-subnet


    nat (inside,outside) dynamic interface

    object network webserver


    nat (dmz,outside) static 198.51.100.101
    ASA 5505 - DMZ

    access-list OUTSIDE-DMZ extended permit icmp any any


    access-list OUTSIDE-DMZ extended permit tcp any object webserver eq www
    access-list OUTSIDE-DMZ extended permit tcp any host 192.168.1.10 eq www
    access-list OUTSIDE-DMZ extended permit tcp any host 198.51.100.101 eq www

    access-group OUTSIDE-DMZ in interface outside


    ASA 5505 - Riferimenti

    Cisco ASA 5500 Series Configuration


    Guide using the CLI
    Software Version 8.2

    Cisco ASA 5505 Getting Started Guide


    Software Version 8.2

    You might also like