Enviar pesquisa
Carregar
Cisco ASA Firewall Lab WorkBook
•
12 gostaram
•
5,399 visualizações
RHC Technologies
Seguir
Cisco ASA Firewall Lab WorkBook
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 31
Baixar agora
Baixar para ler offline
Recomendados
Spanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
CCNA CheatSheet
CCNA CheatSheet
Eng. Emad Al-Atoum
Ccna command
Ccna command
Siddhartha Rajbhatt
Mpls Services
Mpls Services
Kristof De Brouwer
JUNOS - Monitoring and Troubleshooting
JUNOS - Monitoring and Troubleshooting
Zenith Networks
HSRP ccna
HSRP ccna
MohamedJafar5
Ccnp workbook network bulls
Ccnp workbook network bulls
Swapnil Kapate
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
Recomendados
Spanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
CCNA CheatSheet
CCNA CheatSheet
Eng. Emad Al-Atoum
Ccna command
Ccna command
Siddhartha Rajbhatt
Mpls Services
Mpls Services
Kristof De Brouwer
JUNOS - Monitoring and Troubleshooting
JUNOS - Monitoring and Troubleshooting
Zenith Networks
HSRP ccna
HSRP ccna
MohamedJafar5
Ccnp workbook network bulls
Ccnp workbook network bulls
Swapnil Kapate
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
Ashutosh Kaushik
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
NetProtocol Xpert
Cisco ASA
Cisco ASA
Thomas Moegli
Router commands
Router commands
Akshay Bhardwaj
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
Prasanna Shanmugasundaram
Asa packet-flow-00
Asa packet-flow-00
vinaydewangan11
Cisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
Layer-2 VPN
Layer-2 VPN
rosmida
Introduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
CCNA training 101
CCNA training 101
Rohan Reddy
STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
Robb Boyd
JUNOS: OSPF and BGP
JUNOS: OSPF and BGP
Zenith Networks
A Software Defined WAN Architecture
A Software Defined WAN Architecture
Open Networking Summits
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
Cisco Canada
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
Chaing Ravuth
BGP Techniques for Network Operators
BGP Techniques for Network Operators
APNIC
How to Configure QinQ?
How to Configure QinQ?
Huanetwork
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
Ospf.ppt
Ospf.ppt
Edgardo Scrimaglia
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager Ds
Steven_Jackson
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
Mohamed Al-Natour
Mais conteúdo relacionado
Mais procurados
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
NetProtocol Xpert
Cisco ASA
Cisco ASA
Thomas Moegli
Router commands
Router commands
Akshay Bhardwaj
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
Prasanna Shanmugasundaram
Asa packet-flow-00
Asa packet-flow-00
vinaydewangan11
Cisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Muhd Mu'izuddin
Layer-2 VPN
Layer-2 VPN
rosmida
Introduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
Dhruv Sharma
CCNA training 101
CCNA training 101
Rohan Reddy
STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
Robb Boyd
JUNOS: OSPF and BGP
JUNOS: OSPF and BGP
Zenith Networks
A Software Defined WAN Architecture
A Software Defined WAN Architecture
Open Networking Summits
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
Cisco Canada
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
Chaing Ravuth
BGP Techniques for Network Operators
BGP Techniques for Network Operators
APNIC
How to Configure QinQ?
How to Configure QinQ?
Huanetwork
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
Ospf.ppt
Ospf.ppt
Edgardo Scrimaglia
Mais procurados
(20)
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
Cisco ASA
Cisco ASA
Router commands
Router commands
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
Asa packet-flow-00
Asa packet-flow-00
Cisco ASA Firewalls
Cisco ASA Firewalls
Lab 6.4.1 InterVLAN routing
Lab 6.4.1 InterVLAN routing
Layer-2 VPN
Layer-2 VPN
Introduction to nexux from zero to Hero
Introduction to nexux from zero to Hero
CCNA training 101
CCNA training 101
STP (spanning tree protocol)
STP (spanning tree protocol)
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
JUNOS: OSPF and BGP
JUNOS: OSPF and BGP
A Software Defined WAN Architecture
A Software Defined WAN Architecture
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
BGP Techniques for Network Operators
BGP Techniques for Network Operators
How to Configure QinQ?
How to Configure QinQ?
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Ospf.ppt
Ospf.ppt
Destaque
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager Ds
Steven_Jackson
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
Mohamed Al-Natour
Training for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APM
Bledar Meta
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
Amazon Web Services
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
Kashif Latif
Cisco SourceFire
Cisco SourceFire
Ahmed Serag
Gtm
Gtm
Muhammad Haseeb
F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!
Niasta Learning
Microsoft Azure Traffic Manager
Microsoft Azure Traffic Manager
Ido Katz
BIG IP F5 GTM Presentation
BIG IP F5 GTM Presentation
PCCW GLOBAL
Destaque
(10)
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager Ds
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
Training for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APM
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
Cisco SourceFire
Cisco SourceFire
Gtm
Gtm
F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!
Microsoft Azure Traffic Manager
Microsoft Azure Traffic Manager
BIG IP F5 GTM Presentation
BIG IP F5 GTM Presentation
Semelhante a Cisco ASA Firewall Lab WorkBook
DMVPN Lab WorkBook
DMVPN Lab WorkBook
RHC Technologies
How to build Big Brother
How to build Big Brother
Payment Village
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Mark Roberts
הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0
ELI KENDEL אלי קנדל
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
voip_en
voip_en
Pierpaolo Palazzoli
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
sonjeku1
AstriCon 2015: WebRTC: How it Works, and How it Breaks
AstriCon 2015: WebRTC: How it Works, and How it Breaks
Mojo Lingo
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Priyanka Aash
Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014
Toni de la Fuente
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
台灣資料科學年會
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
By The Numbers: CPaaS, UCaaS, CCaaS Landscapes and Market Sizing
By The Numbers: CPaaS, UCaaS, CCaaS Landscapes and Market Sizing
Alan Quayle
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo Applications
Cisco DevNet
SIP in action Itexpo West
SIP in action Itexpo West
Graham Francis
WebRTC Reborn - Full Stack
WebRTC Reborn - Full Stack
Dan Jenkins
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
Indonesia Network Operators Group
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
Affan Basalamah
WebRTC Reborn Hackference
WebRTC Reborn Hackference
Dan Jenkins
Harness the power of http headers to secure your web apps
Harness the power of http headers to secure your web apps
Daniel Gartmann
Semelhante a Cisco ASA Firewall Lab WorkBook
(20)
DMVPN Lab WorkBook
DMVPN Lab WorkBook
How to build Big Brother
How to build Big Brother
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
Enabling Voice Applications with WebRTC and ORTC in Microsoft Edge
הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
voip_en
voip_en
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
AstriCon 2015: WebRTC: How it Works, and How it Breaks
AstriCon 2015: WebRTC: How it Works, and How it Breaks
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Humans and Data Don’t Mix: Best Practices to Secure Your Cloud
Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
雲端影音與物聯網平台的軟體工程挑戰:以 Skywatch 為例-陳維超
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
By The Numbers: CPaaS, UCaaS, CCaaS Landscapes and Market Sizing
By The Numbers: CPaaS, UCaaS, CCaaS Landscapes and Market Sizing
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo Applications
SIP in action Itexpo West
SIP in action Itexpo West
WebRTC Reborn - Full Stack
WebRTC Reborn - Full Stack
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
IDNOG 4 Lightning Talks - Documenting your Network in 3 Simple Steps
WebRTC Reborn Hackference
WebRTC Reborn Hackference
Harness the power of http headers to secure your web apps
Harness the power of http headers to secure your web apps
Último
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
Selcen Ozturkcan
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Último
(20)
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Cisco ASA Firewall Lab WorkBook
1.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Cisco ASA Firewall LAB WORKBOOK Prepared By Sai Linn Thu
2.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Security Policy ( Allow / Deny )
3.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Security Policy ( Allow / Deny ) Employee E-‐mail Finance ( $ ) Internet Employee Deny Permit Deny Permit Execu9ve Deny Deny Permit Permit BYOD Deny Permit Deny Permit Guest Permit Deny Deny Permit Source Destination
4.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH {lowest 0} > Security Level < {highest 100} Internet outside ( 0 ) inside ( 100 ) dmz ( 50 )
5.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH {lowest 0} > Security Level < {highest 100} Internet outside ( 0 ) inside ( 100 ) dmz zone 1 ( 50 ) dmz zone 2 ( 60 ) dmz zone 3 ( 70 )
6.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Incoming traffic / Outgoing traffic Internet outside ( 0 ) inside ( 100 ) dmz ( 50 ) Incoming traffic ( Low – to – High ) Outgoing traffic ( High – to – Low ) (Block, Explicitly Allow) (Allow, but Inspected)
7.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Internet outside ( 0 ) inside ( 100 ) dmz ( 50 ) 150.1.1.0/24 10.1.1.0/24 192.168.1.0/24 Facebook : 173.252.74.68/32 Youtube : 172.217.25.174/32 192.168.5.5/24 10.10.10.10/24 ASA int g0 nameif inside security-level 100 ip add 10.1.1.100 255.255.255.0 int g1 nameif outside security-level 0 ip add 150.1.1.100 255.255.255.0 ! int g2 nameif dmz security-level 50 ip add 192.168.1.100 255.255.255.0 ! #show int ip brief LAB
8.
©2016 RHC Technologies Verify
ping test on ASA ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA ASA#ping 173.252.74.68 ASA#ping 10.10.10.10 ASA#ping 192.168.5.5 SUCCESS [or] FAIL ?
9.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Internet outside ( 0 ) inside ( 100 ) dmz ( 50 ) 150.1.1.0/24 10.1.1.0/24 192.168.1.0/24 Facebook : 173.252.74.68/32 Youtube : 172.217.25.174/32 192.168.5.5/24 10.10.10.10/24 ASA route outside 0 0 150.1.1.1 route inside 10.10.10.0 255.255.255.0 10.1.1.1 route dmz 192.168.5.0 255.255.255.0 192.168.1.1 #show route
10.
©2016 RHC Technologies Verify
ping test on ASA ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA ASA#ping 173.252.74.68 ASA#ping 10.10.10.10 ASA#ping 192.168.5.5 SUCCESS [or] FAIL ?
11.
©2016 RHC Technologies Configure
default routes from LAN , DMZ and INTERNET ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES LAN#ip route 0.0.0.0 0.0.0.0 10.1.1.100 DMZ#ip route 0.0.0.0 0.0.0.0 192.168.1.100 INTERNET#ip route 0.0.0.0 0.0.0.0 150.1.1.100
12.
©2016 RHC Technologies Verify
ping test from LAN to INTERNET ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES LAN LAN#ping 173.252.74.68 LAN#ping 173.252.74.68 source lo0 SUCCESS [or] FAIL ? Outbound traffic : Low > High is OK ( inspected ) Inbound traffic : High > Low is DROP ( require ACL )
13.
©2016 RHC Technologies Configure
vty password & enable password on LAN , DMZ and INTERNET ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES LAN line vty 0 4 password testlan ! enable password testlan ! DMZ line vty 0 4 password testdmz ! enable password testdmz ! INTERNET line vty 0 4 password testout ! enable password testout !
14.
©2016 RHC Technologies Verify
telnet test from LAN < > INTERNET // LAN < > DMZ // DMZ < > INTERNET #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES LAN LAN#telnet 173.252.74.68 LAN#telnet 173.252.74.68 /source-interface lo0 Please also test LAN < > DMZ // DMZ < > INTERNET. SUCCESS [or] FAIL ? INTERNET INTERNET#telnet 10.10.10.10 INTERNET#telnet 10.10.10.10 /source-interface lo0
15.
©2016 RHC Technologies Configure
ACL to allow telnet traffic from INTERNET to LAN! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA access-list INTERNET_LAN permit tcp any any eq telnet ! access-group INTERNET_LAN in interface outside ! INTERNET INTERNET#telnet 10.10.10.10 INTERNET#telnet 10.10.10.10 /source-interface lo0 INTERNET#telnet 10.10.10.10 /source-interface lo1 Verify telnet test from INTERNET to LAN SUCCESS [or] FAIL ?
16.
©2016 RHC Technologies Configure
ACL to allow telnet traffic from DMZ to LAN! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA access-list DMZ_LAN permit tcp any any eq telnet ! access-group DMZ_LAN in interface dmz ! DMZ DMZ#telnet 10.10.10.10 DMZ#telnet 10.10.10.10 /source-interface lo0 Verify telnet test from DMZ to LAN SUCCESS [or] FAIL ?
17.
©2016 RHC Technologies Verify
telnet test from INTERNET to DMZ ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES INTERNET INTERNET#telnet 192.168.5.5 INTERNET#telnet 192.168.5.5 /source-interface lo0 INTERNET#telnet 192.168.5.5 /source-interface lo1 Why SUCCESS ? Because of the below config we configured in the previous step. ASA access-list INTERNET_LAN permit tcp any any eq telnet ! access-group INTERNET_LAN in interface outside !
18.
©2016 RHC Technologies Delete
the below config #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA NO access-list INTERNET_LAN permit tcp any any eq telnet ! NO access-group INTERNET_LAN in interface outside ! After deleting the config, We cannot be able to TELNET from INTERNET to LAN, and also from INTERNET to DMZ. But we still can be able to telnet from DMZ to LAN.
19.
©2016 RHC Technologies Configure
the policy as below : 1) ONLY Allow TELNET from 173.252.74.68 to LAN. 2) ONLY Allow TELNET from 172.217.25.174 to DMZ. #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA access-list INTERNET_LAN permit tcp host 173.252.74.68 10.10.10.0 255.255.255.0 eq telnet ! access-list INTERNET_LAN permit tcp host 172.217.25.174 192.168.5.0 255.255.255.0 eq telnet ! access-group INTERNET_LAN in interface outside !
20.
©2016 RHC Technologies
#LIKE #FOLLOW #WATCH R H C TECHNOLOGIES Verify telnet test from INTERNET to LAN ! INTERNET INTERNET#telnet 10.10.10.10 > {success/fail} INTERNET#telnet 10.10.10.10 /source-interface lo0 > {success/fail} INTERNET#telnet 10.10.10.10 /source-interface lo1 > {success/fail} Verify telnet test from INTERNET to DMZ ! INTERNET INTERNET#telnet 192.168.5.5 > {success/fail} INTERNET#telnet 192.168.5.5 /source-interface lo0 > {success/fail} INTERNET#telnet 192.168.5.5 /source-interface lo1 > {success/fail}
21.
©2016 RHC Technologies Configure
the policy as below : 1) Allow ping ( ICMP ) from LAN to DMZ. 2) Allow ping ( ICMP ) from LAN to INTERNET. #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA access-list INTERNET_LAN permit icmp any any echo-reply ! access-list DMZ_LAN permit icmp any any echo-reply ! access-group INTERNET_LAN in interface outside ! access-group DMZ_LAN in interface dmz
22.
©2016 RHC Technologies Verify
ping test from LAN to INTERNET & DMZ ! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES LAN LAN#ping 173.252.74.68 source lo0 LAN#ping 192.168.5.5 source lo0 SUCCESS [or] FAIL ? Outbound traffic : Low > High is OK ( inspected ) Inbound traffic : High > Low is OK ( required ACL is configured )
23.
©2016 RHC Technologies Configure
the policy as below : 1) Allow ping ( ICMP ) from INTERNET to LAN. 2) Allow ping ( ICMP ) from DMZ to LAN. #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA access-list INTERNET_LAN permit icmp any any echo access-list INTERNET_LAN permit icmp any any echo-reply ! access-group INTERNET_LAN in interface outside ! access-list DMZ_LAN permit icmp any any echo access-list DMZ_LAN permit icmp any any echo-reply ! access-group DMZ_LAN in interface dmz
24.
©2016 RHC Technologies Verify
ping test from INTERNET to LAN & DMZ to LAN! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ping test INTERNET#ping 10.10.10.10 source lo0 INTERNET#ping 10.10.10.10 source lo1 INTERNET#ping 192.168.5.5 source lo0 INTERNET#ping 192.168.5.5 source lo1 DMZ#ping 10.10.10.10 source lo0 DMZ#ping 10.10.10.10 source lo1 SUCCESS {or} FAIL ?
25.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Internet outside ( 0 ) inside ( 100 ) dmz ( 50 ) 150.1.1.0/24 10.1.1.0/24 192.168.1.0/24 Facebook : 173.252.74.68/32 Youtube : 172.217.25.174/32 Google DNS : 8.8.8.8/32 , 8.8.4.4/32 192.168.5.5/24 10.10.10.10/24 ASA int g0 nameif inside security-level 100 ip add 10.1.1.100 255.255.255.0 int g1 nameif outside security-level 0 ip add 150.1.1.100 255.255.255.0 ! int g2 nameif dmz security-level 50 ip add 192.168.1.100 255.255.255.0 ! #show int ip brief LAB
26.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Internet outside ( 0 ) inside ( 100 ) dmz ( 50 ) 150.1.1.0/24 10.1.1.0/24 192.168.1.0/24 Facebook : 173.252.74.68/32 Youtube : 172.217.25.174/32 Google DNS : 8.8.8.8/32 , 8.8.4.4/32 192.168.5.5/24 10.10.10.10/24 ASA route outside 0 0 150.1.1.1 route inside 10.10.10.0 255.255.255.0 10.1.1.1 route inside 11.11.11.0 255.255.255.0 10.1.1.1 route inside 12.12.12.0 255.255.255.0 10.1.1.1 route dmz 192.168.5.0 255.255.255.0 192.168.1.1 #show route
27.
©2016 RHC Technologies Configure
the policy using object-group as below : #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ASA object-group network GoogleDNS network-object host 8.8.8.8 network-object host 8.8.4.4 ! object-group network LAN network-object 10.10.10.0 255.255.255.0 network-object 11.11.11.0 255.255.255.0 network-object 12.12.12.0 255.255.255.0 ! object-group service PING service-object icmp echo service-object icmp echo-reply ! access-list INTERNET_LAN permit object-group PING object-group GoogleDNS object-group LAN ! access-group INTERNET_LAN in interface outside
28.
©2016 RHC Technologies Verify
ping test from INTERNET to LAN! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ping test INTERNET#ping 10.10.10.10 source lo0 INTERNET#ping 10.10.10.10 source lo1 INTERNET#ping 10.10.10.10 source lo2 INTERNET#ping 10.10.10.10 source lo3 INTERNET#ping 11.11.11.11 source lo0 INTERNET#ping 11.11.11.11 source lo1 INTERNET#ping 11.11.11.11 source lo2 INTERNET#ping 11.11.11.11 source lo3 INTERNET#ping 12.12.12.12 source lo0 INTERNET#ping 12.12.12.12 source lo1 INTERNET#ping 12.12.12.12 source lo2 INTERNET#ping 12.12.12.12 source lo3
29.
©2016 RHC Technologies R
H C TECHNOLOGIES #LIKE #FOLLOW #WATCH Internet outside ( 0 ) inside ( 100 ) dmz ( 50 ) 150.1.1.0/24 10.1.1.0/24 192.168.1.0/24 Facebook : 173.252.74.68/32 Youtube : 172.217.25.174/32 Google DNS : 8.8.8.8/32 , 8.8.4.4/32 192.168.5.5/24 150.1.1.5/32 10.10.10.10/24 ASA Object network DMZ-Private host 192.168.5.5 ! Object network DMZ-Public host 150.1.1.5 ! nat(dmz,outside) source static DMZ-Private DMZ-Public ! Access-list INTERNET_LAN permit tcp any any eq telnet LAB DMZ line vty 0 4 password testdmz ! enable password testdmz !
30.
©2016 RHC Technologies Verify
telnet from INTERNET to DMZ Public IP! #LIKE #FOLLOW #WATCH R H C TECHNOLOGIES ping test INTERNET#telnet 150.1.1.5 /source-interface lo0 INTERNET#telnet 150.1.1.5 /source-interface lo1 INTERNET#telnet 150.1.1.5 /source-interface lo2 INTERNET#telnet 150.1.1.5 /source-interface lo3
31.
© www.rhctechnologies.com R H
C TECHNOLOGIES RHC Technologies #LIKE #FOLLOW #WATCH
Baixar agora