Download video: ASA firewall theory
basic configuration
1-determine the asa version,interface and license.
--------------
show version
--------------
2-determine the file system and contents of flash memory
---------------
dir flash
-------------
3-restore the asa to its factory default setting
----------------
configure factory-default
-------------------
4-configure the hostome and domain name
----------------------
hostname asa
domain-name cnfcpl.dz
----------------------
5-configure a MOTD banner
--------------------
banner motd ---------------------
banner motd welcome to cnfcpl
banner motd ---------------------
6-configure the login and enable mode password
-------------------------
enable password 123 !crytpé auto (line vty ssh t telnet)
7-change the password encryption key to ciscoccnasec
------------------
show password encryption
key config-key ciscoccnasec
password encryption aes
show password encryption
8-set the date and time
-----------------------
clock set 00:00:00 01 jan 2006
show clock
------------------------
9- synchronize the time with an NTP server located in DMZ interface
-----------------------
ntp master ! au niveau dmz-server
ntp server 11.0.0.100
show clock
show ntp
-----------------------------
10-configure the inside,outside and dmz interfaces
show interface ip brief
int mana 0/0
ip add 192.168.1.100 255.255.255.0
name if inside
int g0/0
ip add 10.0.0.1 255.255.255.0
nameif dmz
security-level 50
int g0/1
ip add 11.1.0.1 255.255.255.0
nameif outside
show ip
------------------------------------
11-configure telnet access to the asa from the inside network
---------------------------------------------------
password 123
telnet 192.168.1.100 255.255.255.0 inside
telnet timeout 5
username admin password 123
aaa authentication telnet console local
------------------------------------------
12-configure SSH remote access to the ASA
-----------------------
ssh 11.1.0.0 255.255.255.0 outside
crypto key generate rsa modulo 1024
show crypto key mypublickey rsa
dmz-server ssh -l admin 192.168.1.1
wan-serv ssh -l admin 11.1.0.1
--------------------
13-configure the asa as a dhcp server for the inside network
--------------------------
dhcpd 192.168.168.1.10-192.168.1.50 inside
dhcpd dns 8.8.8.8
dhcp domain cnfcpl.dz
dhcp enable inside
show dhcpd binding
ASA(config)#aaa authentication http console LOCAL
ASA(config)#http server enable
ASA(config)#http 0.0.0.0 0.0.0.0 core
Remember to create username, password to be able to authenticate to asdm:
asdm image flash:asdm-631.bin
ASA(config)#username admin password secretpassword
********************Clear configuration file
configure factory-default
No comments:
Post a Comment