
The purpose of this lab is to provide a better understanding of Cisco’s ASA 5505 Adaptive Security Appliance; The Cisco ASA is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. In this lab we will Packet Tracer 6.1. to learn how to configure the ASA as a basic Firewall. This knowledge is essential to passing the CCNA Security exam and will be used in daily in your position as a Cisco network engineer.
The Cisco ASA 5505 is a next-generation, full-featured security appliance for small business, branch office, and enterprise teleworker environments. The Cisco ASA 5505 delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, “plug-and-play” appliance. Using the integrated Cisco ASDM, the Cisco ASA 5505 can be rapidly deployed and easily managed, enabling businesses to minimize operations costs. The Cisco ASA 5505 features a flexible 8-port 10/100 Fast Ethernet switch, whose ports can be dynamically grouped to create up to three separate VLANs for home, business, and Internet traffic for improved network segmentation and security. The Cisco ASA 5505 provides two Power over Ethernet (PoE) ports, simplifying the deployment of Cisco IP phones with zero-touch secure voice over IP (VoIP) capabilities, as well as the deployment of external wireless access points for extended network mobility. A high-performance intrusion prevention and worm mitigation service is available with the addition of the AIP SSC. Multiple USB ports can be used to enable additional services and capabilities as they are needed.
Learning Objectives:
- Configure interfaces and vlans.
- Configure dhcp.
- Configure Objects and object-groups.
- Configure NAT rules.
- Configure class-map.
- Configure policy-map.
- Configure service-policy.
Lab Task:
The internet is preconfigured in this lab and will require no additional configuration.
- DNS Server 209.165.200.10/48.
- WEB server 209.165.200.11. (freecnalab.com).
R1:
- Configure the interfaces on R1 as shown in the network diagram.
- Configure a default route on R1.
R2:
- Configure the interfaces on R2 as shown in the network diagram.
- Configure a default route on R2.
ASA:
- Assign the interface to vlans.
- Configure the VLAN interfaces with IP address, interface name and security level.
- Configure a default route to allow the inside devices to access the internet.
- Configure an object for all inside subnets.
- Configure a NAT rule to translate inside addresses to an outside address.
- Create a global policy named global-policy, to inspect traffic and filter the traffic to include the following, DNS, FTP, H323, HTTP, ICMP, TFTP
- Apply the global policy as a service-policy.
Verify configuration:
- From the Local PC-1 ping 209.165.200.11. (this may require doing it twice)
- From the Local PC-1 ping 172.16.3.3. (this may require doing it twice)
- From the Remote PC ping 209.165.200.11. (this may require doing it twice)
- From the Remote PC ping 192.168.1.100.
- From the Local PC-1 open the desktop and browse to freeccnalab.com.
- From the Remote PC open the desktop and browse to freeccnalab.com.
- From the Remote PC open the desktop and browse to 192.168.1.100.
Basic ASA Lab (137.6 KiB, 12,976 hits)
Packet Tracer 6.2 (54.9 MiB, 1,327 hits)
You do not have permission to download this file.
Is there a solutions guide available for this lab?
The solution is in the config directory
I assume that PT does not support ASDM for the ASA?
No not at this time.
The solution is the final configs in the config dir.
hi
whats the en password of ASA.
There is no password just press enter.
There is no password just press enter.
Hi, I can’t do ping from remote pc to ASA’s inside interface and local server ip but I can ping ASA’s outside interface! Is this correct or wrong?
I’ve checked all config. Remote pc needs web access to local server. Please, Could you guide me how to fix it! Other testing are okay!
This is correct you should not be able to ping devices on the inside from the outside that is the point of a firewall.
On the ASA, what is IP address 209.165.200.225?
It is used in the command below:
route outside 0.0.0.0 0.0.0.0 209.165.200.225
I don’t see that IP on your drawing. Sorry, new to the ASA, just trying to understand.
That is the default route it points to the R1 Gig0/0 interface.
There is no config resolution frm ISP router? How can we ping from remote to local?
on the RemotePC,I can’t visit the website on the LocalServer , why?