|
Welcome,
Guest
|
|
TOPIC: ASA5510 configuration
ASA5510 configuration 8 years 8 months ago #32755
|
Hi,
I am a newbie and have very limited knowledge of firewall and router configuration. I was "forced" to setup a network for my school project and I am in deep shit :cry: :cry: I am really appreciated if the experts here can give me some help Refer to the attached draft diagram, how am I going to configure the access list and route. 1) FTP server is accessed from external network using IP 39.0.2.13. 2) The PIX provide allow anonymous read/write access to the FTP server on the DMZ from both the outside and office networks. Wireless clients are not allowed access to the FTP server. 3) The PIX should allow only read access to the HTTP server for outside networks. All users of the network should also be able to access the HTTP server. 4) The PIX provides syslog information to asyslog server on the office network. A TFTP server is also set up on the office network to save the configuration settings of the PIX. Both the syslog and TFTP servers are not to be accessed by external networks or the DMZ. Sorry the stupid and lengthy questions. Thanks in advance 
|
|
Re: ASA5510 configuration 8 years 8 months ago #32770
|
alf6901, Welcome to firewall.cx
 I will assume first that the physical topology has been setup, That IPs on the PCs and the servers has been already setup. If not, please tell and we'll try to help. I can try to help with most of the requirements except for syslog which I almost don't know any thing about. Hope that others here do. Before attacking the stated requirements, I would make sure that basic connectivity is established, IPs of Pix interfaces are setup and that NAT is setup to allow inside users to connect to the outside (internet). These are implicit requirements that really doesn't have to be said in the project description you provided. Your teacher will most probably expect that done. 1. Starting the Pix from scratch I'm assuming here that you don't want to backup the Pix's configuration and that you want to start from scratch. Type the following on the Pixes CLI (Console Screen): [code:1]Pix# write erase Erase PIX configuration in flash memory? [confirm] [/code:1] As you can see it asks you to confirm the erase of the current configuration. Press [Enter]. Then type: [code:1] Pix# reload Proceed with reload? [confirm] [/code:1] Press [Enter], this will reload the Pix. After it reloads, you will get a message like this: [code:1]Pre-configure PIX Firewall now through interactive prompts [yes]?[/code:1] Type n and press [Enter]. Now you are ready to configure the Pix 2. Naming the DMZ interface [code:1] Pix# conf t Pix(config)# nameif ethernet2 dmz security10[/code:1] This assigns interface ethernet2 to the dmz (as you need in the diagram). It also gives the interface a security level of 10. Security levels go from 0 to 100 (lower to higher security). By default, the ethernet0 and ethernet1 are already named outside and inside respectively. Also by default, inside has the highest security level of 100 and outside has the lowest level of 0. 3. Assigning IP addresses/masks for the Pix interfaces [code:1] Pix# conf t Pix(config)# ip address inside 10.10.10.1 255.255.255.0 Pix(config)# ip address outside 192.168.168.2 255.255.255.0 [/code:1] Now to turn ON the interfaces: [code:1]Pix(config)# interface ethernet0 auto Pix(config)# interface ethernet1 auto Pix(config)# interface ethernet2 auto [/code:1] Now if you connect a PC to the inside interface (E1) you should be able to ping the Pix IP 10.10.10.1 Try to complete up to this point now. Then we'll try to help further. |
|
|
Time to create page: 0.164 seconds