- How to configure security on a asa 5505 cisco update#
- How to configure security on a asa 5505 cisco password#
Protocol-violation action drop-connection logįW01(config)# show running-config policy-map Policy-map type inspect http Http_inspection_policyĭescription Inspecting GoToMeeting and LogMeIn Match request header host regex class DomainBlockListįW01(config)# show running-config policy-map type inspect http I have tried using regex however whenever I apply the policy it somehow blocks a lot of http and IM (instant Messaging) traffic:įW01(config)# regex contenttype50 “Content-Type”įW01(config)# regex domainlist50 “\.gotomeeting\.com”įW01(config)# regex domainlist51 “\.logmein.\com”įW01(config)# regex domainlist52 “\.GoToMyPC.\com”įW01(config)# show running-config class-mapĬlass-map type regex match-any DomainBlockListĬlass-map type inspect http match-all BlockDomainsClassĭescription This will block Access to GoToMeeting and LogMeIn I’m trying to block GoToMyPC LogMeIn and GoToMeeting. I am by far not an expert when it comes to cisco,I greatly appreciate your help Nat (inside) 0 access-list ACL_dmz outside Nat (inside) 0 access-list inside_nat0_outbound_1 Static (dmz,outside) tcp interface I am also using an sql server that is on the Inside interface and the web server needs to connect to it via port 1433 for which I used
Static (inside,outside) tcp interface (Assuming that I understand this correctly) If the dmz interface is on 192.168.10.x/24 subnet, the static NAT will look something like this The server has not been placed in dmz yet, so I have following config for http Īccess-list inbound extended permit tcp any interface outside eq www Thank you for the prompt reply, the ASA 5510 is running version 8.2. ***Correction*** (please ignore my earlier post I noticed an error in the information I provided) For a more complete practical guide about Cisco ASA Firewall configuration I suggest you to read the “ Cisco ASA Firewall Fundamentals – 3rd Edition” ebook at the link HERE. I just tried to offer you a starting point for a basic configuration from where you can build your knowledge further. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc. The above basic configuration is just the beginning for making the appliance operational. The PAT configuration below is for ASA 8.3 and later: NAT (static and dynamic) and PAT are configured under network objects.
The “global” command is no longer supported. This version introduced several important configuration changes, especially on the NAT/PAT mechanism.
How to configure security on a asa 5505 cisco update#
UPDATE for ASA Version 8.3 and later (including ASA 9.x)įrom March 2010, Cisco announced the new Cisco ASA software version 8.3. Step 4: Configure PAT on the outside interfaceĪSA5510(config)# global (outside) 1 interfaceĪSA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0
How to configure security on a asa 5505 cisco password#
Configure this under Configuration Mode:ĪSA5510(config)# enable password mysecretpassword Step1: Configure a privileged level password (enable password)īy default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Let’s see a snippet of the required configuration steps for this basic scenario: All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface. The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts.
0 kommentar(er)
