Scribd
Upload
80 views11 pages

ASA Interface Initialization Guide

Uploaded by

baya062024
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
80 views11 pages

ASA Interface Initialization Guide

Uploaded by

baya062024
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

c

ASA Basic Initialization


KHAWAR BUTT
CCIE # 12353 [R/S, SECURITY, SP, DC, VOICE, STORAGE & CCDE]
Overview
 Interface Configuration Parameters
 Configuration Commands
 Verification Commands c

 Lab Configuration
Interface Configuration Parameters
 To initialize an ASA Interface, you need the following parameters:
 Nameif:
o The name of the Interface is not case-sensitive.
o c the case.
Although, it is not case-sensitive, it does preserve
o It is a required parameter.
o All commands reference the Interface using the Name not the Physical ID.
 Security Level:
o It is a number between 0 – 100.
o It controls the default traffic flow thru the firewall.
o When you configured a blank interface with a Name, it sets the security level automatically to 0 except
if the name of the interface is Inside.
 IP Address:
o You configure it just like you would on a router.
o You do have the ability to skip the mask if the IP address is using the default class mask.
Configuration Commands
 Configure Interface Gig 0/0 with an IP Address of 192.1.20.10/24. The Name of the Interface should be “Outside”. It should
have a Security Level of 0.
Interface Gig 0/0
nameif Outside
IP address 192.1.20.10
no shut
c

Note: (Mask is not required as it is the default mask for the Class. Security Level is not required as it automatically sets the
Security Level to “0” for any name except “Inside” on a blank interface)

 Configure Interface Gig 0/1 with an IP Address of 10.11.11.10/24. The Name of the Interface should be “Inside”. It should
have a Security Level of 100.
Interface Gig 0/1
nameif Inside
IP address 10.11.11.10 255.255.255.0
no shut

Note: (Mask is required as it is a non-default mask for the Class. Security Level is not required as it automatically sets the
Security Level to “100” for the Interface name of “Inside” on a blank interface )
Verification Commands
 Show run interface - Displays the running config for an Interface

 Show Interface IP Brief - Equivalent to the Show IP interface Brief. Displays the
Interface IP Address and Status.
c
 Show Nameif - Displays the Interfaces, their Names and their Security levels.
Lab Configuration
10.2.2.0/24
R2 199.1.1.0/24
200.1.1.0/24

E0/0 (.2)

192.1.20.0/24 Outside
c
ASA FW G0/0 (.10)
R4 R3
192.168.4.0/24 DMZ-4 192.168.3.0/24 DMZ-3
E0/0 (.4) G0/3 (.10) G0/2 (.10) E0/0 (.3)

10.4.4.0/24 G0/1 (.10)


10.3.3.0/24

10.11.11.0/24 Inside

E0/0 (.1)

E0/1 (.1)
10.1.1.0/24
10.20.20.0/24
10.10.10.0/24 R1
Lab Configuration
 Configure the Interface based on the following table. The Routers have been configured with
the IP Address displayed on the Lab topology.

Interface IP Address Nameif Security Level


Gig 0/0 192.1.20.10/24 Outside
c0
Gig 0/1 10.11.11.10/24 Inside 100
Gig 0/2 192.168.3.10/24 DMZ-3 50
Gig 0/3 192.168.4.10/24 DMZ-4 50

 Verify the configuration by Pinging the directly connected Routers.


Lab Configuration
R1 R2

Interface Loopback 0 Interface Loopback 0


IP Address 10.1.1.1 255.255.255.0 IP Address 10.2.2.2 255.255.255.0
Interface Loopback 0 Interface Loopback 199
IP Address 10.10.10.1 255.255.255.0 IP Address 199.1.1.1 255.255.255.0
! Interface cLoopback 200
Interface E 0/0 IP Address 200.1.1.1 255.255.255.0
IP Address 10.11.11.1 255.255.255.0 no shut
no shut !
Interface E 0/1 Interface E 0/0
IP Address 10.20.20.1 255.255.255.0 IP Address 192.1.20.2 255.255.255.0
no shut no shut
R3 R4

Interface Loopback 0 Interface Loopback 0


IP Address 10.3.3.3 255.255.255.0 IP Address 10.4.4.4 255.255.255.0
! !
Interface E 0/0 Interface E 0/0
IP Address 192.168.3.3 255.255.255.0 IP Address 192.168.4.4 255.255.255.0
no shut no shut
Lab Configuration
ASA

Interface Gig 0/0


nameif Outside
IP address 192.1.20.10
no shut c
Interface Gig 0/1
nameif Inside
IP Address 10.11.11.10 255.255.255.0
no shut
Interface Gig 0/2
nameif DMZ-3
security-level 50
IP address 192.168.3.10
no shut
Interface Gig 0/3
nameif DMZ-4
security-level 50
IP address 192.168.4.10
no shut
Lab Configuration
 Ping R2 (192.1.20.2), R1 (10.11.11.1), R3 (192.168.3.3) & R4 (192.168.4.4) to verify
connectivity with directly connected devices.

c
Whiteboard

You might also like