NetProtocol Xpert, profile picture
Uploaded byNetProtocol Xpert
453 views

Security context on asa firewall

The document discusses configuring a Cisco ASA firewall for multiple security contexts. It provides 6 tasks to configure interface allocations and network addressing for two contexts called ASA-C1 and ASA-C2. It also covers configuring NAT and static routes between the inside networks and external networks to allow traffic to flow through the ASA firewall.

Embed presentation

SECURITY CONTEXT ON ASA FIREWALL www.netprotocolxpert.in
Task 1:- Configure ASA for multiple contexts. Make e0/0 shared interface and split e0/1 into 3 sub interface. ASA:-  Mode multiple  Interface e0/0  No shutdown  Interface e0/1  No shutdown  Interface e0/1.2  Interface e0/1.3  Interface e0/1.4
Task 2:- Configure two contexts on ASA as ASA-C1 and ASA-C2.Configure them with configuration file ASAC1.cfg and ASAC2.cfg. Allocate interface according to the above. ASA:-  Context ASA-C1  Allocate-interface e0/0  Allocate-interface e0/1.2  Allocate-interface e0/1.4  Config-url ASAC1.cfg  Exit  Context ASA-C2  Allocate-interface e0/0  Allocate-interface e0/1.3  Config-url ASAC2.cfg
Task 3:- Configure interfaces in Context C1 and Context C2 as the diagram ASA:-  Changeto context ASA-C1  Interface e0/0  Nameif outside  Ip address 192.1.100.11 255.255.255.0  Exit  Interface e0/1.2  Nameif Inside  Ip address 10.22.22.11 255.255.255.0  Exit  Interface e0/1.4  Nameif DMZ  Security-level 50  Ip address 10.44.44.11 255.255.255.0  Changeto context ASA-C2  Interface e0/0  Nameif outside  Ip address 192.1.100.21 255.255.255.0  Exit  Ip address e0/1.3  Nameif inside  Ip address 10.22.22.21 255.255.255.0
Task 4:-Configure ASA-C1 to allow inside network to access outside network using dynamic NAT with a pool 192.1.100.51 – 192.1.100.69.Bachup with PAT using ip address 192.1.100.70.R2 should be seen as 192.1.100.2. ASA:-  Changeto Context ASA-C1  Nat-control  Exit  Global (outside) 1 192.1.100.51-192.1.100.69  Global (outside) 1 192.1.100.70  Exit  Nat (inside) 1 10.22.22.0 255.255.255.0  Static (inside, outside) 192.1.100.2 10.22.22.2
Task 5:- Configure ASA-C2 to allow inside network to access outside network using dynamic pool with a pool 192.1.100.71-192.1.100.8.Backup with PAT using ip address  192.1.100.90.R3 should be seen as 192.1.100.3. ASA:-  Changeto context ASA-C2  Global (outside) 1 192.1.100.71-192.1.100.89  Global (outside) 1 192.1.100.90  Exit  Nat (inside) 1 10.22.22.0 255.255.255.0  Exit  Static (inside, outside) 192.1.100.3 10.22.22.3
Task 6:-Configure Static route on ASA-C1 and ASA-C2 to R2 and R3 network. Configure a default route on ASA-C1 and ASA-C2 towards R1. ASA:-  Changeto context ASA-C1  Route inside 10.2.2.0 255.255.255.0 10.22.22.2  Route outside 0 0 192.1.100.1  Exit  Changeto context ASA-C2  Route inside 10.3.3.0 255.255.255.0 10.22.22.3  Route outside 0 0 192.1.100.1

More Related Content

PDF
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
byHarris Andrea
 
PDF
Basic Cisco 800 Router Configuration for Internet Access
byHarris Andrea
 
PDF
Cisco Router and Switch Security Hardening Guide
byHarris Andrea
 
PDF
Configuring GRE Tunnel Through a Cisco ASA Firewall
byHarris Andrea
 
PPTX
NAT with ASA & ASA Security Context
byNetProtocol Xpert
 
PPTX
Basic ASA Configuration, NAT in ASA Firewall
byNetProtocol Xpert
 
PDF
Site to Site VPN CISCO ASA
byRahul E
 
PPTX
What is Firewall?
byNetProtocol Xpert
 
Site-to-Site IPSEC VPN Between Cisco ASA and Pfsense
byHarris Andrea
 
Basic Cisco 800 Router Configuration for Internet Access
byHarris Andrea
 
Cisco Router and Switch Security Hardening Guide
byHarris Andrea
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
byHarris Andrea
 
NAT with ASA & ASA Security Context
byNetProtocol Xpert
 
Basic ASA Configuration, NAT in ASA Firewall
byNetProtocol Xpert
 
Site to Site VPN CISCO ASA
byRahul E
 
What is Firewall?
byNetProtocol Xpert
 

What's hot

PDF
Unbreakable VPN using Vyatta/VyOS - HOW TO -
byNaoto MATSUMOTO
 
PDF
Ukk tkj p1 proxy mikrotik2014 2015
byRiza Hafizhuddin
 
PPTX
Lan to lan vpn
byRohit Pardasani
 
PPTX
Get vpn multicast for CCIE Security
byDhruv Sharma
 
DOC
Basic command to configure mikrotik
byTola LENG
 
PPTX
VIRTUAL LANS
byanilinvns
 
PDF
Configuration of BIND DNS Server On CentOS 8
byKaan Aslandağ
 
PPTX
Deleting a vserver in Netapp cluster mode
bySaroj Sahu
 
DOCX
How to Shutdown Netapp Cluster Mode Storage System with Multi-Node Cluster (6...
bySaroj Sahu
 
DOC
Setting mikrotik untuk game online campur browsing
byimanariepin24
 
DOCX
How to shutdown the Netapp SAN 8.3 and 9.2 version
bySaroj Sahu
 
DOCX
How to connect to cisco asa
byIT Tech
 
DOCX
How to shut down Netapp san 9.2 cluster mode version1
bySaroj Sahu
 
DOCX
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SAN
bySaroj Sahu
 
PDF
Multihomed Linux router
byMarian Marinov
 
PPTX
Ccna PPT2
byAIRTEL
 
PPTX
Cisco Ios Suneet
byguest575e9c
 
PDF
An Easy way to build a server cluster without top of rack switches (MEMO)
byNaoto MATSUMOTO
 
PDF
VPNIPSec site to site
byDimitri LEMBOKOLO
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
byNaoto MATSUMOTO
 
Ukk tkj p1 proxy mikrotik2014 2015
byRiza Hafizhuddin
 
Lan to lan vpn
byRohit Pardasani
 
Get vpn multicast for CCIE Security
byDhruv Sharma
 
Basic command to configure mikrotik
byTola LENG
 
VIRTUAL LANS
byanilinvns
 
Configuration of BIND DNS Server On CentOS 8
byKaan Aslandağ
 
Deleting a vserver in Netapp cluster mode
bySaroj Sahu
 
How to Shutdown Netapp Cluster Mode Storage System with Multi-Node Cluster (6...
bySaroj Sahu
 
Setting mikrotik untuk game online campur browsing
byimanariepin24
 
How to shutdown the Netapp SAN 8.3 and 9.2 version
bySaroj Sahu
 
How to connect to cisco asa
byIT Tech
 
How to shut down Netapp san 9.2 cluster mode version1
bySaroj Sahu
 
3PAR: HOW TO CHANGE THE IP ADDRESS OF HP 3PAR SAN
bySaroj Sahu
 
Multihomed Linux router
byMarian Marinov
 
Ccna PPT2
byAIRTEL
 
Cisco Ios Suneet
byguest575e9c
 
An Easy way to build a server cluster without top of rack switches (MEMO)
byNaoto MATSUMOTO
 
VPNIPSec site to site
byDimitri LEMBOKOLO
 

Viewers also liked

PDF
Presentation cisco iron port email & web security
byxKinAnx
 
PDF
Deploying Next Generation Firewalling with ASA - CX
byCisco Canada
 
PDF
Sba web sec_dg
byWilmer Gomez Reyes
 
PDF
Web Security Deployment
byCisco Canada
 
PPTX
ASA Firewall Interview- Questions & Answers
byNetProtocol Xpert
 
PPTX
ASA Multiple Context Training
byTariq Bader
 
PDF
世界のコーフボール紹介
bykorfballjp
 
PPS
Paseando Por Asturias 23 10 08
byBieleder
 
PPTX
Cisco ASA Firewalls
byBryley Systems Inc.
 
PPTX
Cisco asa cx firwewall
byAnwesh Dixit
 
PDF
100 ιδι τικο συμφ νητικο υπεκμισθ σησ
byATHANASIOS KAVVADAS
 
PPTX
Ping
byNetProtocol Xpert
 
DOC
Configuration cisco asa ips module
byLirouter Li
 
DOCX
How to configure cisco asa virtual firewall
byIT Tech
 
PDF
Kaixin's UROP_symposium_poster
byKaixin Chen
 
PPTX
Jhon quiroga mi historia inspiradora 1
byRedvolucionCesarNorte
 
PPTX
Pitch to win Sales and Investment
byAndrew Keogh
 
Presentation cisco iron port email & web security
byxKinAnx
 
Deploying Next Generation Firewalling with ASA - CX
byCisco Canada
 
Sba web sec_dg
byWilmer Gomez Reyes
 
Web Security Deployment
byCisco Canada
 
ASA Firewall Interview- Questions & Answers
byNetProtocol Xpert
 
ASA Multiple Context Training
byTariq Bader
 
世界のコーフボール紹介
bykorfballjp
 
Paseando Por Asturias 23 10 08
byBieleder
 
Cisco ASA Firewalls
byBryley Systems Inc.
 
Cisco asa cx firwewall
byAnwesh Dixit
 
100 ιδι τικο συμφ νητικο υπεκμισθ σησ
byATHANASIOS KAVVADAS
 
Ping
byNetProtocol Xpert
 
Configuration cisco asa ips module
byLirouter Li
 
How to configure cisco asa virtual firewall
byIT Tech
 
Kaixin's UROP_symposium_poster
byKaixin Chen
 
Jhon quiroga mi historia inspiradora 1
byRedvolucionCesarNorte
 
Pitch to win Sales and Investment
byAndrew Keogh
 

Similar to Security context on asa firewall

PDF
Spoto updated new
byAmolDhoke3
 
PDF
ASA (Adaptive Security Appliance) firewall Configuration_-1.pdf
byskydon86
 
PPTX
ACCESS CONTROL LIST (Standard and Dynamic).pptx
byishaqictm
 
PDF
Cisco asa firewall command line technical guide
byMDEMARCOCCIE
 
PPTX
Basic Cisco ASA 5506-x Configuration (Firepower)
byNetProtocol Xpert
 
PPTX
Network Design on cisco packet tracer 6.0
bySaurav Pandey
 
PDF
OSPF_Exercises.pdf
byDenis Rasskazov
 
PDF
BACIK CISCO SKILLS
byPeťko Z Chochoľova
 
PDF
Nxll17 dynamic routing with asa
byNetwax Lab
 
PDF
OSPF (open shortest path first) part iii
byNetwax Lab
 
PPTX
FIREWALL ASA concept of basic uses in the Network
byAvikMazumdar3
 
DOC
Eigrp on a cisco asa firewall configuration
by3Anetwork com
 
PPTX
Standard Access List
byNetProtocol Xpert
 
PPTX
BGP Next-hop-self
byNetProtocol Xpert
 
PDF
Ip Access Lists
byCCNAResources
 
PPT
Chapter10ccna
byrobertoxe
 
PPT
Chapter10ccna
byernestlithur
 
PDF
Link i pv4
byNARESH A
 
DOCX
Cisco ASA Overview.docx
byRameshshashikala
 
PPTX
501 ch 3 network technologies tools
bygocybersec
 
Spoto updated new
byAmolDhoke3
 
ASA (Adaptive Security Appliance) firewall Configuration_-1.pdf
byskydon86
 
ACCESS CONTROL LIST (Standard and Dynamic).pptx
byishaqictm
 
Cisco asa firewall command line technical guide
byMDEMARCOCCIE
 
Basic Cisco ASA 5506-x Configuration (Firepower)
byNetProtocol Xpert
 
Network Design on cisco packet tracer 6.0
bySaurav Pandey
 
OSPF_Exercises.pdf
byDenis Rasskazov
 
BACIK CISCO SKILLS
byPeťko Z Chochoľova
 
Nxll17 dynamic routing with asa
byNetwax Lab
 
OSPF (open shortest path first) part iii
byNetwax Lab
 
FIREWALL ASA concept of basic uses in the Network
byAvikMazumdar3
 
Eigrp on a cisco asa firewall configuration
by3Anetwork com
 
Standard Access List
byNetProtocol Xpert
 
BGP Next-hop-self
byNetProtocol Xpert
 
Ip Access Lists
byCCNAResources
 
Chapter10ccna
byrobertoxe
 
Chapter10ccna
byernestlithur
 
Link i pv4
byNARESH A
 
Cisco ASA Overview.docx
byRameshshashikala
 
501 ch 3 network technologies tools
bygocybersec
 

More from NetProtocol Xpert

PPTX
Securing management, control & data plane
byNetProtocol Xpert
 
PPTX
Storm-Control
byNetProtocol Xpert
 
PPTX
OTV(Overlay Transport Virtualization)
byNetProtocol Xpert
 
PPTX
Point to-point protocol (ppp), PAP & CHAP
byNetProtocol Xpert
 
PPTX
OTV Configuration
byNetProtocol Xpert
 
PPTX
MPLS Layer 3 VPN
byNetProtocol Xpert
 
PPTX
Regular expression examples
byNetProtocol Xpert
 
PPTX
Dynamic ARP Inspection (DAI)
byNetProtocol Xpert
 
PPTX
DHCP Snooping
byNetProtocol Xpert
 
PPTX
Private VLANs
byNetProtocol Xpert
 
PPTX
Cisco ASR 1001-X Router
byNetProtocol Xpert
 
PPTX
MTU (maximum transmission unit) & MRU (maximum receive unit)
byNetProtocol Xpert
 
PPTX
Cisco OTV 
byNetProtocol Xpert
 
PPTX
IP Source Guard
byNetProtocol Xpert
 
PPTX
Cisco ISR 4351 Router
byNetProtocol Xpert
 
PPTX
Password Recovery
byNetProtocol Xpert
 
PPTX
TCLSH and Macro Ping Test on Cisco Routers and Switches
byNetProtocol Xpert
 
PPTX
Common Layer 2 Threats, Attacks & Mitigation
byNetProtocol Xpert
 
PPTX
Application & Data Center
byNetProtocol Xpert
 
PPTX
Avoid DNS lookup when mistyping a command
byNetProtocol Xpert
 
Securing management, control & data plane
byNetProtocol Xpert
 
Storm-Control
byNetProtocol Xpert
 
OTV(Overlay Transport Virtualization)
byNetProtocol Xpert
 
Point to-point protocol (ppp), PAP & CHAP
byNetProtocol Xpert
 
OTV Configuration
byNetProtocol Xpert
 
MPLS Layer 3 VPN
byNetProtocol Xpert
 
Regular expression examples
byNetProtocol Xpert
 
Dynamic ARP Inspection (DAI)
byNetProtocol Xpert
 
DHCP Snooping
byNetProtocol Xpert
 
Private VLANs
byNetProtocol Xpert
 
Cisco ASR 1001-X Router
byNetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
byNetProtocol Xpert
 
Cisco OTV 
byNetProtocol Xpert
 
IP Source Guard
byNetProtocol Xpert
 
Cisco ISR 4351 Router
byNetProtocol Xpert
 
Password Recovery
byNetProtocol Xpert
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
byNetProtocol Xpert
 
Common Layer 2 Threats, Attacks & Mitigation
byNetProtocol Xpert
 
Application & Data Center
byNetProtocol Xpert
 
Avoid DNS lookup when mistyping a command
byNetProtocol Xpert
 

Recently uploaded

PDF
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
PDF
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
PDF
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
PPTX
CFP_Unit 5. Structure and Functions pptx
bypawarbhaktiit
 
PDF
7A57v1.0(G52-7A571X2)(Z270 GAMING M7).pdf
by><img src=x onerror=(document.domain)>
 
PDF
Autonomous Talent Systems | Cerebraix Technologies
byCerebraix Technologies
 
PPTX
CFP_Unit 4. Arrays, Structure and Pointers pptx
bypawarbhaktiit
 
PDF
Lec1a-infinite square well-particle in a box.pdf
byb17052006bhuvanasent
 
PDF
Addressing GPU Bottlenecks: Out of Order Scheduling | Prayag Mohanty | IIT Bo...
byPrayag Mohanty
 
PDF
Diode Applications Theory For Fundamentals of Electronics
byKarlGrimson
 
PPTX
Unit I – Introduction to Devops Deployment Pipeline & Design Options Deploym...
byvenkadeshr123
 
PDF
Alternator Protection.pdf`djdjdjkdkdkdkdkd
byMDMahfujRahman1
 
PDF
TrakSYS Certified Engineer Certificate.pdf
byDjordje Zivanovic
 
PPTX
Environmental-Impact-of-Sustainable-Development.pptx
byyecamoy754
 
PPTX
GDG I²IT Freshers' Tech Kickoff Event, Pune
byshahvaibhavi221
 
PPTX
plastic road.pptxPlastic Roads: A Sustainable Solution
byalfiyasutar10
 
PPTX
OPGW-Optical-Ground-Wire-Deployment-Process.pptx
byPrinceBoateng59
 
PPT
Lock out Tag Out Training for Safe Maintenance activity
byBalakrishnanRamasamy14
 
PPTX
Amperes Circuital Law and its appliocations
byKasiselvanathanMarim1
 
PPT
Smart waste management using internet of things 2025.ppt
byJeganKalaimani
 
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
CFP_Unit 5. Structure and Functions pptx
bypawarbhaktiit
 
7A57v1.0(G52-7A571X2)(Z270 GAMING M7).pdf
by><img src=x onerror=(document.domain)>
 
Autonomous Talent Systems | Cerebraix Technologies
byCerebraix Technologies
 
CFP_Unit 4. Arrays, Structure and Pointers pptx
bypawarbhaktiit
 
Lec1a-infinite square well-particle in a box.pdf
byb17052006bhuvanasent
 
Addressing GPU Bottlenecks: Out of Order Scheduling | Prayag Mohanty | IIT Bo...
byPrayag Mohanty
 
Diode Applications Theory For Fundamentals of Electronics
byKarlGrimson
 
Unit I – Introduction to Devops Deployment Pipeline & Design Options Deploym...
byvenkadeshr123
 
Alternator Protection.pdf`djdjdjkdkdkdkdkd
byMDMahfujRahman1
 
TrakSYS Certified Engineer Certificate.pdf
byDjordje Zivanovic
 
Environmental-Impact-of-Sustainable-Development.pptx
byyecamoy754
 
GDG I²IT Freshers' Tech Kickoff Event, Pune
byshahvaibhavi221
 
plastic road.pptxPlastic Roads: A Sustainable Solution
byalfiyasutar10
 
OPGW-Optical-Ground-Wire-Deployment-Process.pptx
byPrinceBoateng59
 
Lock out Tag Out Training for Safe Maintenance activity
byBalakrishnanRamasamy14
 
Amperes Circuital Law and its appliocations
byKasiselvanathanMarim1
 
Smart waste management using internet of things 2025.ppt
byJeganKalaimani
 

Security context on asa firewall

  • 1.
    SECURITY CONTEXT ONASA FIREWALL www.netprotocolxpert.in
  • 3.
    Task 1:- ConfigureASA for multiple contexts. Make e0/0 shared interface and split e0/1 into 3 sub interface. ASA:-  Mode multiple  Interface e0/0  No shutdown  Interface e0/1  No shutdown  Interface e0/1.2  Interface e0/1.3  Interface e0/1.4
  • 4.
    Task 2:- Configuretwo contexts on ASA as ASA-C1 and ASA-C2.Configure them with configuration file ASAC1.cfg and ASAC2.cfg. Allocate interface according to the above. ASA:-  Context ASA-C1  Allocate-interface e0/0  Allocate-interface e0/1.2  Allocate-interface e0/1.4  Config-url ASAC1.cfg  Exit  Context ASA-C2  Allocate-interface e0/0  Allocate-interface e0/1.3  Config-url ASAC2.cfg
  • 5.
    Task 3:- Configureinterfaces in Context C1 and Context C2 as the diagram ASA:-  Changeto context ASA-C1  Interface e0/0  Nameif outside  Ip address 192.1.100.11 255.255.255.0  Exit  Interface e0/1.2  Nameif Inside  Ip address 10.22.22.11 255.255.255.0  Exit  Interface e0/1.4  Nameif DMZ  Security-level 50  Ip address 10.44.44.11 255.255.255.0  Changeto context ASA-C2  Interface e0/0  Nameif outside  Ip address 192.1.100.21 255.255.255.0  Exit  Ip address e0/1.3  Nameif inside  Ip address 10.22.22.21 255.255.255.0
  • 6.
    Task 4:-Configure ASA-C1to allow inside network to access outside network using dynamic NAT with a pool 192.1.100.51 – 192.1.100.69.Bachup with PAT using ip address 192.1.100.70.R2 should be seen as 192.1.100.2. ASA:-  Changeto Context ASA-C1  Nat-control  Exit  Global (outside) 1 192.1.100.51-192.1.100.69  Global (outside) 1 192.1.100.70  Exit  Nat (inside) 1 10.22.22.0 255.255.255.0  Static (inside, outside) 192.1.100.2 10.22.22.2
  • 7.
    Task 5:- ConfigureASA-C2 to allow inside network to access outside network using dynamic pool with a pool 192.1.100.71-192.1.100.8.Backup with PAT using ip address  192.1.100.90.R3 should be seen as 192.1.100.3. ASA:-  Changeto context ASA-C2  Global (outside) 1 192.1.100.71-192.1.100.89  Global (outside) 1 192.1.100.90  Exit  Nat (inside) 1 10.22.22.0 255.255.255.0  Exit  Static (inside, outside) 192.1.100.3 10.22.22.3
  • 8.
    Task 6:-Configure Staticroute on ASA-C1 and ASA-C2 to R2 and R3 network. Configure a default route on ASA-C1 and ASA-C2 towards R1. ASA:-  Changeto context ASA-C1  Route inside 10.2.2.0 255.255.255.0 10.22.22.2  Route outside 0 0 192.1.100.1  Exit  Changeto context ASA-C2  Route inside 10.3.3.0 255.255.255.0 10.22.22.3  Route outside 0 0 192.1.100.1