Thursday, June 23, 2016

Cisco Asa 5510 Configuration Tutorial - Study How To Configure The Cisco Asa 5510 Firewall

Continuing our sequence of articles about Cisco ASA 5500 firewalls, I'm providing you right here a basic configuration tutorial for the Cisco ASA 5510 security appliance. This gadget is the second mannequin within the ASA collection (ASA 5505, 5510, 5520 and many others) and is fairly well-liked since is intended for small to medium enterprises. Just like the smallest ASA 5505 mannequin, the 5510 comes with two license choices: The Base license and the Safety Plus license. The second (security plus) supplies some performance and hardware enhancements over the base license, corresponding to a hundred thirty,000 Most firewall connections (as an alternative of 50,000), a hundred Most VLANs (as a substitute of 50), Failover Redundancy, and many others. Additionally, the safety plus license permits two of the five firewall community ports to work as 10/a hundred/a thousand as a substitute of only 10/a hundred.

Subsequent we will see a easy Internet Entry situation which can assist us perceive the basic steps needed to setup an ASA 5510. Assume that we are assigned a static public IP tackle 100.100.100.1 from our ISP. Additionally, the internal LAN community belongs to subnet 192.168.10.zero/24. Interface Ethernet0/zero will likely be connected on the surface (in direction of the ISP), and Ethernet0/1 will be linked to the Inside LAN switch.

The firewall shall be configured to provide IP addresses dynamically (utilizing DHCP) to the inner hosts. All outbound communication (from inside to exterior) will probably be translated utilizing Port Address Translation (PAT) on the skin public interface. Let's examine a snippet of the required configuration steps for this basic state of affairs:

Step1: Configure a privileged level password (allow password)

By default there is no password for accessing the ASA firewall, so step one earlier than doing anything else is to configure a privileged stage password, which might be wanted to allow subsequent access to the equipment. Configure this under Configuration Mode:

ASA5510(config)# allow password mysecretpassword

Step2: Configure the general public exterior interface

ASA5510(config)# interface Ethernet0/zero

ASA5510(config-if)# nameif outside

ASA5510(config-if)# security-stage zero

ASA5510(config-if)# ip tackle one hundred.one hundred.a hundred.1 255.255.255.252

ASA5510(config-if)# no shut

Step3: Configure the trusted inner interface

ASA5510(config)# interface Ethernet0/1

ASA5510(config-if)# nameif inside

ASA5510(config-if)# safety-level 100

ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0

ASA5510(config-if)# no shut

Step four: Configure PAT on the outside interface

ASA5510(config)# world (outside) 1 interface

ASA5510(config)# nat (inside) 1 0.0.0.zero zero.0.zero.0

Step 5: Configure Default Route in direction of the ISP (assume default gateway is a hundred.a hundred.a hundred.2)

ASA5510(config)# route outside zero.zero.0.zero zero.0.0.zero a hundred.a hundred.one hundred.2 1

Step 6: Configure the firewall to assign inner IP and DNS deal with to hosts utilizing DHCP

ASA5510(config)# dhcpd dns 200.200.200.10

ASA5510(config)# dhcpd handle 192.168.10.10-192.168.10.200 inside

ASA5510(config)# dhcpd allow inside

The above basic configuration is just the beginning for making the appliance operational. There are many more configuration options that you need to implement to increase the safety of your community, such as Static and Dynamic NAT, Entry Control Lists to manage traffic circulate, DMZ zones, IPSEC VPN etc.

No comments:

Post a Comment