Basic ASA configuration

From Tech-Wiki
Revision as of 02:21, 8 August 2016 by Fabricio.Lima (Talk | contribs) (Created page with "interface Ethernet0/0 nameif outside security-level 0 ip address 198.51.100.100 255.255.255.0 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

interface Ethernet0/0 

nameif outside
security-level 0
ip address 198.51.100.100 255.255.255.0

! interface Ethernet0/1 

nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0

! interface Ethernet0/2 

nameif dmz
security-level 50
ip address 192.168.1.1 255.255.255.0

! object network inside-subnet 

subnet 192.168.0.0 255.255.255.0

object network dmz-subnet 

subnet 192.168.1.0 255.255.255.0

object network webserver 

host 192.168.1.100

object network webserver-external-ip 

host 198.51.100.101

object network dns-server 

host 192.168.0.53

! access-list outside_acl extended permit tcp any object webserver eq www access-list dmz_acl extended permit udp any object dns-server eq domain access-list dmz_acl extended deny ip any object inside-subnet access-list dmz_acl extended permit ip any any ! object network inside-subnet 

nat (inside,outside) dynamic interface

object network dmz-subnet 

nat (dmz,outside) dynamic interface

object network webserver 

nat (dmz,outside) static webserver-external-ip service tcp www www

access-group outside_acl in interface outside access-group dmz_acl in interface dmz ! route outside 0.0.0.0 0.0.0.0 198.51.100.1 1

Retrieved from ‘http://tech-wiki.net/index.php?title=Basic_ASA_configuration&oldid=744