Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Application of asa Firewall

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Experiment name: application of Firewall

Experimental step-by-step:

3. Purpose: 1. Client2 can visit server3.

two。 Use the command show conn detail to view the status of conn tables

3. View the routing tables of ASA and AR respectively

4. Configure ACL to prevent client5 from accessing server1

4. Configuration ideas:

# first create three zones, namely, private network, public network and DMAZ zone, then configure the servers in each zone, and finally set acl permissions

5. Operation steps:

# configure the terminal ip address of each region first

# configure outside region:

Configure ip addresses for client2, server4, and server1

Ip address 192.168.8.2 255.255.255.0

Configuration of gateway 192.168.8.254 / / server4 ftp

Ip address 192.168.8.1 255.255.255.0

Configuration of gateway 192.168.254 255.255.255.0 / / client2

Ip address 192.168.8.100 255.255.255.0

Configuration of gateway 192.168.8.254 / / server1 web

# configure DMAZ area

# configure the ip address of server3 and client5

Ip address 192.168.30.1 255.255.255.0

Configuration of gateway 192.168.30.254 / / client5

Ip address 192.168.30.100 255.255.255.0

Ip address of gateway 192.168.30.254 / / server 3

# configure inside area

# configure the ip address of server2 client1

Ip address 10.1.1.1 255.255.255.0

Gateway 10.1.1.254 / / server2 de ip address

Ip address 10.2.2.1 255.255.255.0

Ip address of gateway 10.2.2.254 / / client 1

# configure ip addresses for each port of the firewall

# interface g 0

Nameif inside

Ip address 192.168.1.254 255.255.255.0

No shutdow

Interface g 1

Nameif outside

Ip address 192.168.8.254 255.255.255.0

No shutdown

Interface DMAZ area

Interface g 2

Nameif DMAZ

Security-level 50

Ip address 192.168.30.254 255.255.255.0

No shutdown

# configure acl on the firewall asa so that client 2 can access server 2-web server

Access list 1 permit tcp any host 192.168.30.100 eq 80

Access-group 1 in interface outside / / default firewall has a security level of 100 in the internal network and 0 in the public network.

As shown in the following figure: prove that client2 has access to the web server

# next, configure the ip address and routing on the AR1, and configure the route to the intranet on the firewall

Inteface g0/0/0

Ip address 10.1.1.1.254 255.255.255.0

Undo shutdown

Interface g0/0/1

Ip address 10.2.2.254 255.255.255.0

Undo shutdown

Interface g0/0/2

Ip address 192.168.1.1 255.255.255.0

Undo shutdown

Ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 / Route to the external network

# configure the route to the private network on the firewall asa

Route inside 10.1.1.0 255.255.255.0 192.168.1.1

Route inside 10.2.2.0 255.255.255.0 192.168.1.1

# Test, as shown in the figure: you can access the public network ftp server

# next you can check the show conn detail

# check the route on the router, and view the route on the asa firewall, as shown below

# finally configure acl so that clietn cannot access web-- server1

Access-list 2 deny tcp any host 192.168.8.100 eq 80

Access-group 2 in interface DMAZ / / call on the dmaz port

As shown in the following figure, the test is successful

Summary: the working process of the firewall:

By default, the security level of the internal network is high, while that of the external network is low, so the internal network can access the external network, while the external network cannot access the internal network.

Take a simple example:

If the public network has a web server, it is accessible to the private network by default. The firewall intercepts all traffic by default and stores it in the conn status table. When it comes back, it can only come back because it matches port 80.

If it is Ping traffic, it is not enabled by default. It has outgoing packets, but no return packages. If you can come back, you can only write acl to release it.

_ ___________________

End

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration fire protection address routing firewall zone server service security port level lab next traffic status test application success three examples vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Technology Docker Apple OPPO Reno macOS vpn Shulou Information Redmi Xiaomi MySQL Shulou Tech Info NVidia MariaDB Linux Microsoft Huawei Shulou Technology Docker Apple OPPO Reno macOS vpn Shulou Information Redmi Xiaomi MySQL Shulou Tech Info NVidia MariaDB Linux Microsoft Huawei

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report