Packet Tracer Basic ASA lab

The purpose of this lab is to provide a better understanding of Cisco’s ASA 5505 Adaptive Security Appliance; The Cisco ASA is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. In this lab we will Packet Tracer 6.1. to learn how to configure the ASA as a basic Firewall. This knowledge is essential to passing the CCNA Security exam and will be used in daily in your position as a Cisco network engineer.


The Cisco ASA 5505 is a next-generation, full-featured security appliance for small business, branch office, and enterprise teleworker environments. The Cisco ASA 5505 delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, “plug-and-play” appliance. Using the integrated Cisco ASDM, the Cisco ASA 5505 can be rapidly deployed and easily managed, enabling businesses to minimize operations costs. The Cisco ASA 5505 features a flexible 8-port 10/100 Fast Ethernet switch, whose ports can be dynamically grouped to create up to three separate VLANs for home, business, and Internet traffic for improved network segmentation and security. The Cisco ASA 5505 provides two Power over Ethernet (PoE) ports, simplifying the deployment of Cisco IP phones with zero-touch secure voice over IP (VoIP) capabilities, as well as the deployment of external wireless access points for extended network mobility. A high-performance intrusion prevention and worm mitigation service is available with the addition of the AIP SSC. Multiple USB ports can be used to enable additional services and capabilities as they are needed.

Learning Objectives:

  • Configure interfaces and vlans.
  • Configure dhcp.
  • Configure Objects and object-groups.
  • Configure NAT rules.
  • Configure class-map.
  • Configure policy-map.
  • Configure service-policy.

Lab Task:

The internet is preconfigured in this lab and will require no additional configuration.

  • DNS Server
  • WEB server (


  1. Configure the interfaces on R1 as shown in the network diagram.
  2. Configure a default route on R1.


  1. Configure the interfaces on R2 as shown in the network diagram.
  2. Configure a default route on R2.


  1. Assign the interface to vlans.
  2. Configure the VLAN interfaces with IP address, interface name and security level.
  3. Configure a default route to allow the inside devices to access the internet.
  4. Configure an object for all inside subnets.
  5. Configure a NAT rule to translate inside addresses to an outside address.
  6. Create a global policy named global-policy, to inspect traffic and filter the traffic to include the following, DNS, FTP, H323, HTTP, ICMP, TFTP
  7. Apply the global policy as a service-policy.

Verify configuration:

  1. From the Local PC-1 ping (this may require doing it twice)
  2. From the Local PC-1 ping (this may require doing it twice)
  3. From the Remote PC ping (this may require doing it twice)
  4. From the Remote PC ping
  5. From the Local PC-1 open the desktop and browse to
  6. From the Remote PC open the desktop and browse to
  7. From the Remote PC open the desktop and browse to

  Basic ASA Lab (137.6 KiB, 13,007 hits)

  Packet Tracer 6.2 (54.9 MiB, 1,328 hits)
You do not have permission to download this file.

If you have found this lab helpful please help us keep this site running

You can leave a response, or trackback from your own site.

14 Responses to “Packet Tracer Basic ASA lab”

  1. Jon Irish says:

    Is there a solutions guide available for this lab?

  2. Jon Irish says:

    I assume that PT does not support ASDM for the ASA?

  3. Vicky Thakur says:


    whats the en password of ASA.

  4. johan mon says:

    There is no password just press enter.

  5. Sudy Guy says:

    Hi, I can’t do ping from remote pc to ASA’s inside interface and local server ip but I can ping ASA’s outside interface! Is this correct or wrong?
    I’ve checked all config. Remote pc needs web access to local server. Please, Could you guide me how to fix it! Other testing are okay!

  6. Jim says:

    On the ASA, what is IP address

    It is used in the command below:

    route outside

    I don’t see that IP on your drawing. Sorry, new to the ASA, just trying to understand.

  7. John says:

    There is no config resolution frm ISP router? How can we ping from remote to local?

  8. tonyL says:

    on the RemotePC,I can’t visit the website on the LocalServer , why?

Leave a Reply

What is 8 + 3 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)


Powered by WordPress | Designed by: backlinks | Thanks to internet marketing, etiketten drucken and index backlink