ciscoasa# show version ciscoasa# show file system ciscoasa# show flash, ciscoasa# show disk0, ciscoasa# dir flash: ciscoasa# dir disk0 ciscoasa# show running-config ciscoasa(config)# configure factory-default ## to restore the ASA to its factory default ciscoasa# write erase ## to remove the startup-config file from flash memory ciscoasa# show start ciscoasa# reload ##Configuring ASA Settings and Interface Security Using the CLI ASA-Init(config)# hostname CCNAS-ASA CCNAS-ASA(config)# domain-name ccnasecurity.com CCNAS-ASA(config)# passwd cisco CCNAS-ASA(config)# enable password class CCNAS-ASA(config)# clock set 19:09:00 april 19 2015 ##Configure the inside and outside interfaces CCNAS-ASA(config)# interface vlan 1 CCNAS-ASA(config-if)# nameif inside CCNAS-ASA(config-if)# ip address 192.168.1.1 255.255.255.0 CCNAS-ASA(config-if)# security-level 100 CCNAS-ASA(config-if)# interface vlan 2 CCNAS-ASA(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. CCNAS-ASA(config-if)# ip address 209.165.200.226 255.255.255.248 CCNAS-ASA(config-if)# no shutdown CCNAS-ASA# show interface e0/0 CCNAS-ASA(config)# interface e0/1 CCNAS-ASA(config-if)# switchport access vlan 1 CCNAS-ASA(config-if)# no shutdown CCNAS-ASA(config-if)# interface e0/0 CCNAS-ASA(config-if)# switchport access vlan 2 CCNAS-ASA(config-if)# no shutdown CCNAS-ASA(config)# show interface ip brief CCNAS-ASA(config)# show ip address CCNAS-ASA# show switch vlan CCNAS-ASA# show run interface vlan 1 ##Add the inspection of ICMP traffic to the policy map list CCNAS-ASA(config)# policy-map global_policy CCNAS-ASA(config-pmap)# class inspection_default CCNAS-ASA(config-pmap-c)# inspect icmp CCNAS-ASA(config-pmap-c)# show run policy-map Interface security-level notes: You may receive a message that the security level for the inside interface was set automatically to 100, and the outside interface was set to 0. The ASA uses interface security levels from 0 to 100 to enforce the security policy. Security level 100 (inside) is the most secure and level 0 (outside) is the least secure. By default, the ASA applies a policy where traffic from a higher security level interface to one with a lower level is permitted and traffic from a lower security level interface to one with a higher security level is denied. The ASA default security policy permits outbound traffic, which is inspected, by default. Returning traffic is allowed due to stateful packet inspection. This default “routed mode” firewall behavior of the ASA allows packets to be routed from the inside network to the outside network, but not vice-versa. In Part 4 of this lab, you will configure NAT to increase the firewall protection.