Let's begin...

Configuring trunk link and sub-interfaces between ASA and Switch

On the outside physical interface of switch1:

           Interface f0/10

           Switchport mode trunk

           No shutdownOn the inside interface of ASA firewall:

           Interface f0/3

           Switchport mode trunk

           Switchport trunk allowed vlan 20,10

           No shutdown

           Interface f0/3.1

           Vlan 20 [ or use encapsulation command]

           No shutdown

           Interface f0/3.2

           Vlan 10 [ or use encapsulation command]

           No shutdown

Note: the command used to create trunk link between two networking devices should be used once between router and switch and must be used twice between firewall and switch on each opposite interface

Configure an ASA interface

Interface eth0/0

Nameif outside [ or inside]

Ip address ip-address [subnet-mask]

Speed [ auto | 10 | 100 | 1000]

Duplex [ auto | full | half]

Ip address dhcp [setroute]

Security-level [level:0-100]

When configuring interfaces with same security level, a command must be explicitly configured to allow traffic between them

           Same-security-traffic permit inter-interface

Configuring and changing MTU size for each interface to carry larger packets

           Mtu if_name bytes

Enabling Jumbo frame processing. This applicable only on ASA 5580

           Jumbo-frame reservation

Verifying the status of an interface

           Show interface if_name

Verifying the status of all interfaces

           Show interface ip brief

The ASA does not forward DHCP requests by default so it needs to be configured to use dhcp relay agent

           Dhcprelay server ip-address interface

           Dhcprelay enable interface

Note that in the first command, the refered interface is the one connected to the DHCP Server or gateway while the second interface in the second command is the one facing the clients

Enabling DHCP Server on ASA to assign IP addresses to clients

           Dhcp enable interface

           Dhcp address ip1-ip2 interface              [address pool]

Delivering DNS addresses to clients

           Dhcp dns ip1 ip2

Delivering the domain name to the clients

           Dhcp domain  your-domain

Configuring default and static routes

           Route [ inside – outside ]  [ dest ] [ dest-subnet mask ] [next hop gateway ]

           Route [ inside – outside ]  [next hop gateway ]

Configuring RIPV2 to Exchange routing information with other RIPv2 routers.

           Access-list  [Access-list name ] standard [ permi tor deny ] [ network ip ] [ subnet mask ]

           Router rip

           Version 2

           No auto-summary

           Default-information orginiate [ to advertise static routes ]

           Network [ the IP of the  intended network to be advertised ]

           Distribute-list [Access-list name used above ] [ in or out ]] interface [ inside or outside]


           İnterface eth0/2

           Rip authentication  mode md5

           Rip authentication key [ your key ] key_id [id]

Configuring EIGRP routing on ASA

         Router eigrp [AS number]

           Network ip-addr [mask]

           İnterface [interface]

           Summary-address eigrp [AS number] [ip-addr] [ mask] [AD]

Redistribute routes that are learned through RIPv2, Static routes or Directly connected routes

         Redistribute [ rip | static | connected ] [metric : bandwidth | delay | reliability | load | mtu ] [ route-map map_name]

Define default metric for redistribution with different routes

         Default-metric bandwidth delay reliability loading mtu

Securing EIGRP routes

         İnterface interface

           Authentication mode eigrp AS number md5

           Authentication key eigrp AS number key-string key_id key_id

Filtering routing updates

         Access-list  [Access-list name ] standard [ permi tor deny ] [ network ip ] [ subnet mask ]

         Distribute-list [Access-list name used above ] [ in or out ]] interface [ inside or outside]

Configure OSPF on ASA

         Router ospf pid

           Router-id ip_addr

           Network ip_addr netmask area area_id

           Area area_id authentication md5

           İnterface interface

           Ospf message-digest-key key_id md5 key

           Ospf authentication –message-digest

           Prefix-list list_name [permit | deny ] network_ip ge min_bit le max_bit

           Area area_id filter-list prefix list_name [in | out ]

Start learning with Cybrary

Create a free account

Related Posts

All Blogs