The focus of this lab is on the configuration of the

This preview shows page 4 - 7 out of 31 pages.

The focus of this lab is on the configuration of the ASA as a basic firewall. Other devices will receive minimal configuration to support the ASA portion of the lab. This lab uses the ASA CLI, which is similar to the IOS CLI, to configure basic device and security settings. In part 1 of the lab you configure the topology and non-ASA devices. In Parts 2 through 4 you configure basic ASA settings and the firewall between the inside and outside networks. In part 5 you configure the ASA for additional services such as DHCP, AAA, and SSH. In Part 6 you configure a DMZ on the ASA and provide access to a server in the DMZ. Your company has one location connected to an ISP. Router R1 represents a CPE device managed by the ISP. Router R2 represents an intermediate Internet router. Router R3 represents an ISP that connects an administrator from a network management company, who has been hired to manage your network remotely. The ASA is an edge CPE security device that connects the internal corporate network and DMZ to the ISP while providing NAT and DHCP services to inside hosts. The ASA will be configured for management by an administrator on the internal network as well as by the remote administrator. Layer 3 VLAN interfaces provide access to the three areas created in the lab: Inside, Outside and DMZ. The ISP has assigned the public IP address space of 209.165.200.224/29, which will be used for address translation on the ASA. Note: The routers used with this lab are Cisco 1841 with Cisco IOS Release 12.4(20)T (Advanced IP image). The switches are Cisco WS-C2960-24TT-L with Cisco IOS Release 12.2(46)SE (C2960- LANBASEK9-M image). Other routers, switches, and Cisco IOS versions can be used. However, results and output may vary. The ASA used with this lab is a Cisco model 5505 with an 8-port integrated switch, running OS version 8.4(2) and ASDM version 6.4(5) and comes with a Base license that allows a maximum of three VLANs.
Note: Make sure that the routers and switches have been erased and have no startup configurations. Required Resources 3 routers (Cisco 1841 with Cisco IOS Release 12.4(20)T1 or comparable) 3 switches (Cisco 2960 or comparable)
1 ASA 5505 (OS version 8.4(2) and ASDM version 6.4(5) and Base license or comparable) PC-A: Windows XP, Vista, or Windows 7 with CCP, PuTTy SSH client PC-B: Windows XP, Vista, or Windows 7 with PuTTy SSH client (ASDM optional) PC-C: Windows XP, Vista, or Windows 7 with CCP, PuTTy SSH client Serial and Ethernet cables as shown in the topology Rollover cables to configure the routers and ASA via the console

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture