Network Security & Cryptography

ဒီ BLOG ေလးကို အခ်ိန္ရရင္ရသလို ဝင္ေရာက္ၿပီး ေလ့လာနိင္ပါတယ္ ဗ်

8/3/16

2 Firewall, Double NAT, DMZ : CISCO

#Credit-RHC Technologies 


Step-1
ASA-1(config)# int gigabitEthernet 0
ASA-1(config-if)# ip add 203.81.71.2 255.255.255.0
ASA-1(config)# int gi 1
ASA-1(config-if)# ip add 192.168.12.1 255.255.255.0
ASA-1(config)# int gi 3
ASA-1(config-if)# ip add 172.16.12.1 255.255.255.0
ASA-1(config)# int gi 2
ASA-1(config-if)# ip add 172.31.12.1 255.255.255.0
Step-2
ASA-1(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA-1(config-if)# security-level 0
ASA-1(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ASA-1(config-if)# nameif dmz2
INFO: Security level for "dmz2" set to 0 by default.
ASA-1(config-if)# security-level 50
ASA-1(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ASA-1(config-if)# security-level 100

Step-3
ASA-1(config)# object network DMZ_NET
ASA-1(config-network-object)# subnet 192.168.12.0 255.255.255.0
ASA-1(config-network-object)# description For DMZ
ASA-1(config-network-object)# exit
ASA-1(config)# object network LAN1_NET
ASA-1(config-network-object)# subnet 172.31.12.0 255.255.255.0
ASA-1(config-network-object)# description For LAN
ASA-1(config-network-object)# exit
ASA-1(config)# object network DMZ2_NET
ASA-1(config-network-object)# subnet 172.16.12.0 255.255.255.0
ASA-1(config-network-object)# description For DMZ2
access-list Outside_IN extended permit ip any object LAN_Net
ASA
route outside 0.0.0.0 0.0.0.0 203.81.71.1
access-group Outside_IN in interface outside
Default Route To Internet 
Default Route To Internet 
Ping Test LAN1 To Internet
ASA-1(config)# Object network LAN_Net
ASA-1(config-network-object)# nat (inside,outside) dynamic interface
verify
sh xlate
sh nat detail

Step-6
ASA-1(config)# object network Static_Nat_Svr
ASA-1(config-network-object)# host 192.168.12.11
ASA-1(config-network-object)# nat (dmz,outside) static 203.81.71.3
ASA-1(config)# access-list OUT_IN extended permit ip any object Static_Nat_Svr
Static Route To Server IP 
Ping Test To Public IP 
Step-7
DMZ 's router 4 Telnet Service ON 
Default Route to Internet 
Step-8
ciscoasa(config)# object network STATIC_PAT_SER
ciscoasa(config-network-object)# host 192.168.12.10
ciscoasa(config-network-object)# nat (dmz,outside) static interface service tcp telnet telnet
Telenet Tesintg R2 To R4

Please Try yourself Complete Config:  
Posted by at No comments:
Labels: , ,
Subscribe to: Comments (Atom)