dokuwiki

User Tools

Site Tools

Trace: exploit_1.py input_py nmap_py loesung_blatt4_aufgabe2_while_ungerade.py cfg_remove_banner.py 01_basic_device_settings loesung_prf2_sorted_list_exception_kommentiert.py configure_asa_basic_settings
dardan:ccna_security:labs:configure_asa_basic_settings
ciscoasa# show version 
ciscoasa# show file system 
ciscoasa# show flash, 
ciscoasa# show disk0, 
ciscoasa# dir flash:
ciscoasa# dir disk0
ciscoasa# show running-config 
ciscoasa(config)# configure factory-default ## to restore the ASA to its factory default
ciscoasa# write erase  ##  to remove the startup-config file from flash memory 	 
ciscoasa# show start  
ciscoasa# reload 
##Configuring ASA Settings and Interface Security Using the CLI
ASA-Init(config)# hostname CCNAS-ASA
CCNAS-ASA(config)# domain-name ccnasecurity.com
CCNAS-ASA(config)# passwd cisco
CCNAS-ASA(config)# enable password class
CCNAS-ASA(config)# clock set 19:09:00 april 19 2015
##Configure the inside and outside interfaces
CCNAS-ASA(config)# interface vlan 1 
CCNAS-ASA(config-if)# nameif inside 
CCNAS-ASA(config-if)# ip address 192.168.1.1 255.255.255.0 
CCNAS-ASA(config-if)# security-level 100
CCNAS-ASA(config-if)# interface vlan 2 
CCNAS-ASA(config-if)# nameif outside 
INFO: Security level for "outside" set to 0 by default. 
CCNAS-ASA(config-if)# ip address 209.165.200.226 255.255.255.248 
CCNAS-ASA(config-if)# no shutdown
CCNAS-ASA# show interface e0/0
CCNAS-ASA(config)# interface e0/1 
CCNAS-ASA(config-if)# switchport access vlan 1 
CCNAS-ASA(config-if)# no shutdown 
CCNAS-ASA(config-if)# interface e0/0 
CCNAS-ASA(config-if)# switchport access vlan 2 
CCNAS-ASA(config-if)# no shutdown
CCNAS-ASA(config)# show interface ip brief 
CCNAS-ASA(config)# show ip address 
CCNAS-ASA# show switch vlan 
CCNAS-ASA# show run interface vlan 1 
##Add the inspection of ICMP traffic to the policy map list 
CCNAS-ASA(config)# policy-map global_policy 
CCNAS-ASA(config-pmap)# class inspection_default 
CCNAS-ASA(config-pmap-c)# inspect icmp 
CCNAS-ASA(config-pmap-c)# show run policy-map 

Interface security-level notes: 
You may receive a message that the security level for the inside interface was set automatically to 100, 
and the outside interface was set to 0. The ASA uses interface security levels from 0 to 100 to enforce 
the security policy. Security level 100 (inside) is the most secure and level 0 (outside) is the least secure. 
By default, the ASA applies a policy where traffic from a higher security level interface to one with a lower 
level is permitted and traffic from a lower security level interface to one with a higher security level is denied. 
The ASA default security policy permits outbound traffic, which is inspected, by default. 
Returning traffic is allowed due to stateful packet inspection. 
This default “routed mode” firewall behavior of the ASA allows packets to be routed from the inside network 
to the outside network, but not vice-versa. In Part 4 of this lab, you will configure NAT to increase the firewall protection.
dardan/ccna_security/labs/configure_asa_basic_settings.txt · Last modified: 2019/02/05 09:35 by dardan
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki