Scribd
Upload
90 views

Section 1: Implement Secure Networks Using Cisco ASA Firewalls

1. The document provides instructions for configuring Cisco ASA firewalls in both single and multi-context modes. It includes tasks for basic firewall initialization, interface configuration, routing configuration, and converting to multi-context mode. 2. In multi-context mode, it describes initializing two contexts C1 and C2 with different interface configurations and IP addresses. Static routes are to be configured instead of a default route between the contexts. 3. Connectivity tests are outlined to verify the configuration, including pings between devices and accessing a web server through the firewall contexts.

Uploaded by

Qazi Tahir Hussain
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
90 views

Section 1: Implement Secure Networks Using Cisco ASA Firewalls

1. The document provides instructions for configuring Cisco ASA firewalls in both single and multi-context modes. It includes tasks for basic firewall initialization, interface configuration, routing configuration, and converting to multi-context mode. 2. In multi-context mode, it describes initializing two contexts C1 and C2 with different interface configurations and IP addresses. Static routes are to be configured instead of a default route between the contexts. 3. Connectivity tests are outlined to verify the configuration, including pings between devices and accessing a web server through the firewall contexts.

Uploaded by

Qazi Tahir Hussain
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

1

CCIE Security Workbook

Section 01: Cisco ASA Firewalls

Section 1: Implement secure networks using Cisco ASA Firewalls


Lab1: Perform basic firewall Initialization Configure firewall in single contexts:

Task 1: Configure firewall with following parameters Hostname ASA1 1. Enable Password Cisco123 2. Domain-name cisco.com 3. Telnet password 123Cisco 4. You may allow any ICMP traffic anywhere in ASA 5. Make sure no device can ping ASA outside interface except R3 IP address 201.1.1.3 6. Configure interface with following parameters Interface Ethernet0/0 Ethernet0/1 Ethernet0/2.40 Ethernet0/2.50 Name Outside Inside DMZ40 DMZ50 Type Physical Physical Logical Logical Security Level 0 100 40 50 IP Address 201.1.1.10/24 10.1.1.10/24 10.40.40.10/24 10.50.50.10/24 VLAN 40 50

Use exact names and numbers as shown in the table

CCIE Security Workbook

Section 01: Cisco ASA Firewalls

Task 2: Configure Routing on ASA Interface Network ID Outside 20.1.1.0/24 Inside 10.1.1.0/24 DMZ40 10.40.40.0/24 DMZ50 10.50.50.0/24

Routing Protocol OSPF RIPv2 RIPV2 OSPF

Area 0 0

1. Run routing protocols on ASA 2. Configure bi-directional redistribution 3. Make sure R2, R3 and R4 can ping R1 Loopback from their Loopbacks Configure Firewall in Multi-context:

Task 1:Multi-Contexts 1. Convert firewall to multi-mode 2. Use contexts name as C1 and C2, context names are case-sensitive 3. Interface configuration of C1 and C2 is shown in the diagram Admin Context initialization details: Interface Name Type Ethernet0/4 Man Physical

Security Level 100

IP address 1.1.1.1/24

VLAN -

CCIE Security Workbook

Section 01: Cisco ASA Firewalls

Context C1 initialization details: Interface Name Ethernet0/1 Inside Ethernet0/2 DMZ Ethernet0/0.30 Outside Context C2 initialization details: Interface Name Ethernet0/0.40 Inside Ethernet0/0.30 Outside

Type Physical Physical Logical

Security level 100 50 0

IP address 192.168.1.10/24 172.16.2.10/24 201.1.1.10/24

VLAN 30

Type Logical Logical

Security level 100 0

IP address VLAN 192.168.4.10/24 40 201.1.1.20/24 30

Ethernet0/0.30 is shared between contexts Configure Switch to achieve this configuration Use all other parameters as appropriate Task 2: Configure Routing on ASA 1. Dont use default route, use static routes as appropriate in C1 and C2 2. Verify your configuration by running following ping commands from R3 Ping 192.168.2.2 source Loopback 3 Ping 192.168.4.4 source Loopback 3 Ping 10.44.44.4 source Loopback 3 Ping 192.168.1.1 should not pass through (Dont use ACL) 3. Inside interface should only be used to carry management traffic 4. Test PC is placed behind R4, configure Test PC with appropriate default gateway and then access R2 for https management, R4 is pre-configured for https management access use all other parameters as appropriate to accomplish this task. Test your configuration using IE form Test PC.

You might also like