The focus of this lab is on the configuration of the ASA as a basic firewall. Other devices will receive minimal
configuration to support the ASA portion of the lab. This lab uses the ASA CLI, which is similar to the IOS
to configure basic device and security settings.
In part 1 of the lab you configure the topology and non-ASA devices. In Parts 2 through 4 you configure
ASA settings and the firewall between the inside and outside networks. In part 5 you configure the
additional services such as DHCP, AAA, and SSH. In Part 6 you configure a DMZ on the ASA and
access to a server in the DMZ.
Your company has one location connected to an ISP. Router R1 represents a CPE device managed by the
ISP. Router R2 represents an intermediate Internet router. Router R3 represents an ISP that connects an
administrator from a network management company, who has been hired to manage your network remotely.
The ASA is an edge CPE security device that connects the internal corporate network and DMZ to the ISP
while providing NAT and DHCP services to inside hosts. The ASA will be configured for management by an
administrator on the internal network as well as by the remote administrator. Layer 3 VLAN interfaces provide
access to the three areas created in the lab: Inside, Outside and DMZ. The ISP has assigned the public IP
address space of 22.214.171.124/29, which will be used for address translation on the ASA.
The routers used with this lab are Cisco 1841 with Cisco IOS Release 12.4(20)T (Advanced IP
The switches are Cisco WS-C2960-24TT-L with Cisco IOS Release 12.2(46)SE (C2960-
image). Other routers, switches, and Cisco IOS versions can be used. However, results and
output may vary.
The ASA used with this lab is a Cisco model 5505 with an 8-port integrated switch, running OS version
and ASDM version 6.4(5) and comes with a Base license that allows a maximum of three VLANs.