Overview

Introduction

The Implement the Cisco Adaptive Security Appliance module provides you with the instructions and Cisco hardware to develop your hands-on skills in the following topics:

  • Configuring core ASA features
  • Configuring NAT
  • Configuring a security policy
  • Modular Policy Framework

Exercise 1 - Configuring Core ASA Features

In this module you will configure a Cisco ASA firewall, enabling Internet access for the internal users and DMZ web access for external Internet-based users to be able to access your corporate web server.

If you look at the diagram, your internal host is PLABMGMT. This will act as your management station and an internal test client. PLABDMZWEB is the web server that should be accessible from the outside world. PLABEXTCLI will as two things: firstly, it will be a client machine that will be used to test access to the corporate web server and secondly it will be used as a test web server that your internal management station will be able to browse to. Both PLABDMZWEB and PLABEXTCLI are running Microsoft IIS server, a web server, with a test website.

In this exercise, you will build the base configuration of the Cisco ASA firewall, LDNFWASA01 so that you can remotely connect and use the Cisco ASA Device Manager (ASDM) to make further configuration changes to the firewall.

To enable remote access to the ASA firewall, you need to have the following configured:

  • An IP address either on an internal interface on the firewall, or the management interface (which you will use)
  • The HTTP server enabled on the firewall
  • An access list enabling remote access to the device
  • A username and password to authenticate with

If you observe the diagram, you will also need to configure the IP addresses on the ASA interfaces enabling IP connectivity throughout the lab. The switch and external router have been pre-configured to make life a little easier. You will configure the ASA interfaces in the next steps using the ASDM software, but to connect using the ASDM you need some base configuration on the ASA.

Exercise 2 - Configuring NAT

In this exercise, you will configure NAT so that you can browse to PLABEXTCLI from PLABMGMT. This will take place using a valid routable Internet address for the PLABMGMT device and not its own private address. You will also configure a translation such that the PLABDMZWEB server will have a valid external IP address.

Exercise 3 - Configuring a Security Policy

In this exercise, you will configure a policy to allow Internet based devices to browse into your webserver PLABDMZWEB.

This will complete the basic configuration of the Cisco ASA firewall.

Exercise 4 - Modular Policy Framework

In this exercise, you will create a default modular policy framework (MPF) that the ASA will use to inspect traffic.

Ensure you are still connected to PLABMGMT and you are logged into the ASDM software.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.