Step of configuration Firewall.
1. Make Topology:
2.assign ip accordingly on ASA & ISP Firewall
3.Set Inside and Outside On ASA firewall
4 Configure DHCP Server and DNS IP On ASA
5 configure Default Route On ASA
6 Configure OSPF On ISP Router
7 Create Object Network & Enable NAT On ASA
8 Create ACL On ASA
9 Verify
Enable Mode:
ciscoasa>en
Password:
ciscoasa#config t
------Remove the by-default dhcp rage using below commend--------------
ciscoasa(config)#no dhcpd address 192.168.1.5-192.168.1.36 inside
-----------------------------------------------------------------------
Set a ip address for Inside Firewall :
ciscoasa(config)#int vlan 1
ciscoasa(config-if)#ip add 10.1.36.1 255.255.255.0
ciscoasa(config-if)#nameif inside
ciscoasa(config-if)#security-level 100 [ Security Level (100-inside),(0-Outside), (1-99 DMZ using for server)]
ciscoasa(config-if)#exit
ciscoasa(config)#int e0/1
ciscoasa(config-if)#switchport access vlan 1
Set a ip address for Outside Firewall :
ciscoasa(config)#int vlan 2
ciscoasa(config-if)#ip add 50.1.1.2 255.255.255.0
ciscoasa(config-if)#nameif outside
ciscoasa(config-if)#security-level 0
ciscoasa(config)#int e0/0
ciscoasa(config-if)#switchport access vlan 1
-------------------------------Configure DHCP Server And DNS IP On ASA------------------------------------------
DHCP configuration On firewall:
ciscoasa(config)#dhcpd add 10.1.36.2-10.1.36.20 inside
DNS Configuration On firewall:
ciscoasa(config)#dhcpd dns 8.8.8.8 interface inside
--------------------------Configuration Default Route On ASA---------------------------------------------------
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 50.1.1.1
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 50.1.1.2
-----------------------------------ISP Router Configuration------------------------------------------------------
Router>enable
Router#config t
Router(config)#int f0/1
Router(config-if)#ip add 50.1.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ip add 8.8.8.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
--------------------------Confugure OSPF On ISP Router----------------------------------------------------------
Router(config)#router ospf 1
Router(config-router)#network 50.0.0.0 255.255.255.0 area 0
Router(config-router)#network 8.0.0.0 255.255.255.0 area 0
--------------------------Create Object Network & Enable NAT On ASA----------------------------------------------
Create Object Network :
ciscoasa(config)#object network lan
ciscoasa(config-network-object)#subnet 10.0.0.0 255.25.255.0
Enable NAT :
ciscoasa(config-network-object)#nat (inside, outside) dynamic interface
---------------------------------------Create ACL On ASA------------------------------------------------------
ciscoasa(config)#access-list oti extended permit tcp any any (note:oti is a name of acceess list not a command)
ciscoasa(config)#access-list oti extended permit icmp any any
ciscoasa(config)#access-group oti inside interface outside
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Inportent Command:
ciscoasa#show nat (for using how to work nat policies)
ciscoasa#show xlate
Comments
Post a Comment