Scribd
Upload
10 views18 pages

LAB - Basic ASA Firewall Configuration

This document outlines a lab focused on the basic configuration of a Cisco ASA Firewall using Cisco Packet Tracer. It provides theoretical background on the ASA's security features and step-by-step procedures for setting up interfaces, security levels, NAT, and DHCP. The lab aims to equip students with practical skills in configuring firewall policies and ensuring connectivity between network devices.

Uploaded by

bishalyadav2176
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views18 pages

LAB - Basic ASA Firewall Configuration

This document outlines a lab focused on the basic configuration of a Cisco ASA Firewall using Cisco Packet Tracer. It provides theoretical background on the ASA's security features and step-by-step procedures for setting up interfaces, security levels, NAT, and DHCP. The lab aims to equip students with practical skills in configuring firewall policies and ensuring connectivity between network devices.

Uploaded by

bishalyadav2176
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

NETWORK

SECURITY
Nitesh Sharma Ghimire
LAB

Basic ASA Firewall Configuration


Theory
The Cisco Adaptive Security Appliance (ASA) is a dedicated
hardware-based firewall solution that provides advanced security services,
including stateful packet inspection, access control, network address
translation (NAT), virtual private network (VPN) support, and intrusion
prevention. In network simulations using Cisco Packet Tracer, the ASA
firewall acts as a gateway device that monitors, filters, and controls traffic
between different network zones such as Inside (trusted), Outside
(untrusted), and DMZ (demilitarized zone).
Theory
Unlike basic routers or switches, the ASA is designed specifically for
security enforcement. It operates on the principle of security levels,
where each interface is assigned a value between 0 (least trusted) and 100
(most trusted). By default, traffic is allowed from a higher security level to a
lower one, but not vice versa, unless explicitly permitted by an Access
Control List (ACL).
Objectives
By the end of this lab, students should be able to:
● Introduce students to basic configuration of a Cisco ASA firewall using
Cisco Packet Tracer.

● Students will learn interface setup, security levels, basic firewall policy,
NAT configuration, and initial connectivity.
Prerequisites:
Before performing this lab, students should have:
● Basic knowledge of IP addressing and subnetting.

● Familiarity with Cisco IOS commands.

● Understanding of switch port modes ,NAT & ACL

● Experience with packet tracer or physical lab setup using Cisco


switches and PCs.

● Understand what a firewall does in a network.


Required Devices:
Devices (in Cisco Packet Tracer):
● 1 × Cisco ASA Firewall (5506-X or similar)
● 1 × Cisco Router 2621XM – acts as the ISP
● 3 × PCs & one laptop for terminal access
Software:
● Cisco Packet Tracer (latest version)
Other:
● Lab topology diagram with IP addresses
Procedures:
Create a network structure as shown on the image below:
Step 1: Procedures:
Go to Laptop and access the ASA Firewall from terminal
Remove the existing config & configure inside vlan
Step 2:
Hit the commands shown below on the switch
ciscoasa>enable
ciscoasa#conf t
ciscoasa#show running-config
There are already assigned IP add
On the switch. So remove that with
Commands below:
ciscoasa#conf t
ciscoasa(config)#interface vlan1
ciscoasa(config-if)#no ip address
ciscoasa(config-if)#exit
ciscoasa(config)#no dhcpd address [Link]-[Link] inside
Procedures:
Step 3:
Now exit and hit the show running-config command:
ciscoasa(config)#exit
ciscoasa#show running-config
You will see no vlan and dhcpd assigned now.

Step 4:
Now go to ASA device via Console connected terminal again
ciscoasa#conf t
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#ip address [Link] [Link]
ciscoasa(config-if)#nameif inside
ciscoasa(config-if)#security-level 100
Procedures:
Step 4:
ciscoasa(config)#interface e0/1
ciscoasa(config-if)#switchport access vlan 1
ciscoasa(config-if)#exit
Step 5:
Now configure the VLAN 2 for outside network from command below:
ciscoasa(config)#interface vlan 2
ciscoasa(config-if)#ip address [Link] [Link]
ciscoasa(config-if)#no shut
ciscoasa(config-if)#nameif outside
ciscoasa(config-if)#security-level 0
ciscoasa(config-if)#int e0/0
ciscoasa(config-if)# switchport access vlan 2
Procedures:
Step 6:
Now go the the router, and set the hostname & IP on the interface
Router>enable
Router#configure terminal
Router(config)#hostname worldlink
worldlink(config)#interface fa0/1
worldlink(config-if)#ip address [Link] [Link]
worldlink(config-if)#no shut
worldlink(config-if)#exit
worldlink(config)#interface fa0/0
worldlink(config-if)#ip address [Link] [Link]
worldlink(config-if)#no shut
Procedures:
Step 7:
Now assign IP on the server as:
[Link]
gateway : [Link]
DNS: same as server’s IP i.e [Link]
Now ping the isp router from server which should reply the packets.

Step 8:
Now configure the DHCP server from ASA Firewall for assigning IP to the PCs
automatically.
Go to ASA device CLI or access theASA device via console connected via
laptop & hit the command below:
ciscoasa(config)#dhcpd address [Link]-[Link] inside
Procedures:

Step 8:
ciscoasa(config)#dhcpd dns [Link]
Now go to individual PCs and assign DHCP IPs you will see the below
example.
Now ping the server
[Link] From
PCs you will not get
Any reply
Procedures:
Step 9:
Now create a route plan form the ASA device for PCs to be reachable to the
server using any routing protocol
Go to ASA device and type the below command for default route & gateway
ciscoasa(config)#route outside [Link] [Link] [Link]
Step 10:
Now go to the router and set the routing protocol
worldlink>enable
worldlink#conf t
worldlink(config)#router ospf 20
worldlink(config-router)#net [Link] [Link] a 0
worldlink(config-router)#net [Link] [Link] a 0
Now ping server from PC you will see the timeout command
Procedures:

Step 11:
Now go to the ASA device, create object and assign NAT & ACL
ciscoasa(config)#object network ismt
ciscoasa(config-network-object)#subnet [Link] [Link]
ciscoasa(config-network-object)#nat (outside,inside) dynamic interface
ciscoasa(config-network-object)#exit
ciscoasa#conf t
ciscoasa(config)#access-list ismt1 extended permit tcp any any
ciscoasa(config)#access-list ismt1 extended permit icmp any any
Now ping the server PCS, you will still not get the reply
Procedures:
Step 10:
Now go to the ASA device, and hit the command shown below:
ciscoasa(config)#access-group its1 in interface outside
Now all the PCs should be able to ping the server
To save all the configured command, hit the command below for ASA device
ciscoasa#copy running-config startup-config
For router , hit the command below:
[Link]#write
Conclusion:
In this lab, students gained hands-on experience with configuring
ASA firewall device and access the internet with ACL,NAT and DHCP
configuration.

You might also like