Shulou(Shulou.com)06/01 Report--

Experimental report on basic configuration of Network Operation and maintenance ASA

Name: Wang Ying Class: NTD1711 date: January 30th, 2018

Lab tasks:

Experimental extension map:

Experimental requirements: DMZ publishes Web server, Client3 can access Server2

Use the command show conn detail to view the Conn table

View the routing tables of ASA and AR respectively

Configure ACL to prevent Client2 from accessing Server3

Think

Road

And

Real

Check

Step

Sudden

First, configure the device IP and port IP.

Routing IP:

Interface GigabitEthernet0/0/0

Ip address 192.168.10.1 255.255.255.0

#

Interface GigabitEthernet0/0/1

Ip address 10.10.1.254 255.255.255.0

#

Interface GigabitEthernet0/0/2

Ip address 20.20.1.254 255.255.255.0

#

Firewall IP:

Interface GigabitEthernet0

Shutdown

Nameif inside

Security-level 100

Ip address 192.168.10.254 255.255.255.0

!

Interface GigabitEthernet1

Shutdown

Nameif DMZ

Security-level 50

Ip address 192.168.30.254 255.255.255.0

!

Interface GigabitEthernet2

Shutdown

Nameif outside

Security-level 0

Ip address 192.168.50.254 255.255.255.0

!

Routing functions are required for communication between routes and switches, and I use static routes

Router: ip route-static 10.10.1.0 255.255.255.0 192.168.10.254

Ip route-static 20.20.1.0 255.255.255.0 192.168.10.254

Firewall: route inside 0.0.0.0 0.0.0.0 192.168.10.1 1

Verify the status of private network connectivity:

The intranet can be connected with PING.

Configure DNZ zone and external zone verification

Show link complete

Third, verify the function of the firewall

First, the private network accesses the public network server:

Access successful

Access the public network to the private network:

Display failed.

Successful application of the function of firewall

Verify the role of the DMZ area

First link the server with the intranet and then access the server with the extranet

Successful acquisition of private network

Failed to acquire public network

No related protocols are configured.

3. Configure DMZ area protocol

Grab all tcp host access entries with port number 80 of 192.168.30.66.

Then apply it to the outside port

The result verifies:

The visit was successful.

IV. Prohibit Client2 from accessing Server3

The ip address of client2 is 192.168.30.1

The IP address of server3 is 192.168.50.66

To disable access to server3's HTTP service, I have the following data to grab and apply:

1. Http service port number

2. Ip of client2 and IP of server3

The following configurations are made:

I grabbed the source of the tcp link 192.168.30.1 to access all the data with port number 80 of 192.168.50.66

Then it is applied to the DMZ port. This configuration is mainly for internal ports, so packets are not sent to the external network.

To verify:

The experiment was successful.

The result verifies:

Verify that the configuration is successful.

Traffic crawling is a very powerful tool that grabs protocols and ip; for all kinds of traffic and constrains them to make them work the way we want them to.

This is a feature worth learning.

Problems and analysis:

1. The simulator is unstable.

2. The experiment is very simple, but a clear train of thought is needed.

3. The application of firewall acl is simple. There are many ways to achieve a goal, such as forbidding access to server3's HTTP service as mentioned above: I can grab the IP of the server, the IP of the client, the port number, the protocol TCP, the inbound port and the outbound port.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.