Basic configuration of ASA [Firewall] in Phase 17 01/19 Update SLTechnology News&Howtos

Basic configuration of ASA [Firewall] in Phase 17

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Purpose: 1. DMZ publishes Web server, Client2 can access Server3

Use the command show conn detail to view the Conn table to view the routing tables of ASA and AR [R1]

Configure ACL to prevent Client3 from accessing Sever2

The steps of the experiment:

Configure ASA and routers:

R1: configure IP address: interface GigabitEthernet0/0/0

Ip address 192.168.1.1 255.255.255.0

Interface GigabitEthernet0/0/1

Ip address 10.1.1.254 255.255.255.0

Interface GigabitEthernet0/0/2

Ip address 10.2.2.254 255.255.255.0

Configure next hop: ip route-static 0.0.0.0 0.0.0.0 192.168.1.254

Configure ASA and port:

ASA: configure the interface:

Interface GigabitEthernet0

Nameif inside

Security-level 100\ inside default security level is 100

Ip address 192.168.1.254 255.255.255.0

Interface GigabitEthernet1

Nameif outside

Security-level 0\ outside default security level is 0

Ip address 192.168.8.254 255.255.255.0

Interface GigabitEthernet2 nameif DMZ security-level 50\\ DMZ default security level is between 0 and 100. ip address 192.168.3.254 255.255.255.0route inside 10.1.1.0 255.255.255.0 192.168.1.1 1\\ configure the next hop

Route inside 10.2.2.0 255.255.255.0 192.168.1.1 1\ configure next hop

Configure ACL:ASA (config) # show ru access-list

Access-list ICMP extended permit icmp any any\ successfully set ping package [ping is ICMP]

Access-list in-to-out extended deny ip 10.1.1.0 255.255.255.0 any

Access-list in-to-out extended permit ip any any

Access-list DMZ extended permit tcp host 192.168.8.1 host 192.168.3.100

Access-list C3-S2 extended deny tcp host 192.168.3.1 host 192.168.8.100

Access-list C3-S2 extended deny tcp host 192.168.3.1 host 192.168.8.100 calls ACL:access-group C3-S2 in interface outside

Access-group DMZ in interface outside

Experimental results:

Use the command show conn detail to view the Conn table

View the routing table of ASA

DMZ publishes Web server, and Client2 can access Server3

Configure ACL to prevent Client3 from accessing Server2

View the AR [R1] routing table

Experimental topology diagram:

Thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.