In this article will demonstrate on how to configure NAT and Access-Lists on cisco ASA 5520 firewall and how to verify and troubleshoot configuration step by step. This article is useful if you understand the theoretical part.
interface
Ethernet0
nameif DMZ
security-level 50
ip address 192.168.1.253 255.255.255.0
!
interface
Ethernet1
nameif INSIDE
security-level 100
ip address 192.168.0.253 255.255.255.0
!
interface
Ethernet2
nameif OUTSIDE
security-level 0
ip address 200.1.1.253 255.255.255.0
!
Goal 1: Allow hosts on the inside and DMZ outbound connectivity
to the Internet.
object network
inside-subnet
subnet 192.168.0.0 255.255.255.0
nat (INSIDE,OUTSIDE) dynamic interface
object network
dmz-subnet
subnet 192.168.1.0 255.255.255.0
nat (DMZ,OUTSIDE) dynamic interface
!
policy-map
global_policy
class inspection_default
inspect icmp
Goal 2:
Allow hosts on the Internet to access a webserver on the DMZ with an IP address
of 192.168.1.5.
object network
WEB-PUB
host 200.1.1.252
object network
WEB-LOCAL
host 192.168.1.5
nat (DMZ,OUTSIDE) static WEB-PUB service tcp
www www
!
access-list
outside-acl extended permit tcp any object WEB-LOCAL eq www
access-group
outside-acl in interface OUTSIDE
!
Goal3: it is assumed that there is a DNS server on
the inside network at IP address 192.168.0.53 that the hosts on the dmz need
to access for DNS resolution
object network
dns-server
host 192.168.0.5
!
access-list
dmz-to-dns extended permit tcp object dmz-subnet object dns-server eq domain
access-list
dmz-to-dns extended permit udp object dmz-subnet object dns-server eq domain
access-list
dmz-to-dns extended deny ip any object inside-subnet
access-list
dmz-to-dns extended permit ip any any
!
access-group dmz-to-dns
in interface DMZ
To get automatic updates on your facebook, join a facebook group
https://www.facebook.com/groups/netsyshorizon/
To get automatic updates on your youtube guide, subscribe to the channel
http://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5
https://www.facebook.com/groups/netsyshorizon/
To get automatic updates on your youtube guide, subscribe to the channel
http://www.youtube.com/channel/UCl25WPPKY4jnkGf32DnXU5
Related Links:
How to copy files from local machine to eve host windows or linux
EVE-NG Maximum nodes reached (128) Fix error / Add new hard drive to eve-ng
EVE Chnage ip address of eve-ng / configure eve ip address dns gateway
How to configure cisco router as DNS server
EVE How to add cisco asa to eve-ng - Cisco Qemu ASA to EVE
Adding Cisco Routers and Switches to EVE by adding IOU/IOL images to EVE
configure ip ping ip trace telnet port using VPC EVE and VPC GNS3
CUCM UNITY IM and Presence Memory Usage / Utilization command
configure cisco router as ntp server and as ntp client
configure cisco router as dhcp server / cisco ios dhcp configuration
https://youtu.be/a-ajvu86ZGE
Cisco ios dhcp reservation and Cisco dhcp lease release
https://youtu.be/hTduy8_YDTY
Cisco dhcp lease time hours / Cisco dhcp lease time infinitehttps://youtu.be/tpYIe6KSlcI
CUCM IP Phone Registration and Configuration and make a call between two ip phones
https://youtu.be/bXvtDY2O7JM
Make a bootable CUCM image from a non bootable iso file / Cisco bootable isohttps://youtu.be/pfH1HzVYowE
NBMA Network Broadcast Network Point-to-Point Networkhttps://youtu.be/yHIkJ-jOJHM
Difference Between Network and Internetwork / Network Types LAN MAN WANhttps://youtu.be/pGIkjYf9wC8
EIGRP Metric Calculation and Configuring different Delay and Bandwidth valueshttps://youtu.be/zgqaVkQe5Sw
Telnet Vs SSH - Difference betweenTelnet and SSH Configurationhttps://youtu.be/15pfENww-dk
Configure DHCP on Cisco router - Cisco router as a DHCP Serverhttps://youtu.be/YTCgVn9X4ac
SSH from cisco router and switch to anotherhttps://youtu.be/_I-0Vgc8E9s
https://youtu.be/a-ajvu86ZGE
Cisco ios dhcp reservation and Cisco dhcp lease release
https://youtu.be/hTduy8_YDTY
Cisco dhcp lease time hours / Cisco dhcp lease time infinitehttps://youtu.be/tpYIe6KSlcI
CUCM IP Phone Registration and Configuration and make a call between two ip phones
https://youtu.be/bXvtDY2O7JM
Make a bootable CUCM image from a non bootable iso file / Cisco bootable isohttps://youtu.be/pfH1HzVYowE
NBMA Network Broadcast Network Point-to-Point Networkhttps://youtu.be/yHIkJ-jOJHM
Difference Between Network and Internetwork / Network Types LAN MAN WANhttps://youtu.be/pGIkjYf9wC8
EIGRP Metric Calculation and Configuring different Delay and Bandwidth valueshttps://youtu.be/zgqaVkQe5Sw
Telnet Vs SSH - Difference betweenTelnet and SSH Configurationhttps://youtu.be/15pfENww-dk
Configure DHCP on Cisco router - Cisco router as a DHCP Serverhttps://youtu.be/YTCgVn9X4ac
SSH from cisco router and switch to anotherhttps://youtu.be/_I-0Vgc8E9s
Assign ip address to cisco switch / Assign ip address to vlanhttps://youtu.be/Q9SUVmyJr80
OSPF Cost Calculation and Configuring Bandwidth/ip ospf cost/reference bandwidthhttps://youtu.be/zgqaVkQe5Sw
EIGRP Composite Metric Calculation and Configuring different delay values and Bandwidth values
https://youtu.be/GsnV4Bc3On8
Configure / Assign IP address to Cisco Layer 3 Switchhttps://youtu.be/s9DMZCq27Ys
Configuring cisco extended acl / extended named access control list tutorial using packet tracerhttps://youtu.be/Tj6H8pg06f0
OSPF Cost Calculation and Configuring Bandwidth/ip ospf cost/reference bandwidthhttps://youtu.be/zgqaVkQe5Sw
EIGRP Composite Metric Calculation and Configuring different delay values and Bandwidth values
https://youtu.be/GsnV4Bc3On8
Configure / Assign IP address to Cisco Layer 3 Switchhttps://youtu.be/s9DMZCq27Ys
Configuring cisco extended acl / extended named access control list tutorial using packet tracerhttps://youtu.be/Tj6H8pg06f0
I appreciate this post and having good information.
ReplyDeleteNNAT Practice tests)