Cisco ASA 5510 Configuration

Unanswered Question
Feb 18th, 2007

Hi,

i am new to Cisco ASA 5510, i just received a demo piece of Cisco ASA 5510, just because i am planning to put firewall on my network, so how do i start, i totally new on to this, any link which can show me step by step configuration. all these days my linux servers which are pointing towards internet has got firewall enabled, now if this demo can be handled by me, i can plan buying cisco ASA 5510 itself.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anand S Sun, 02/18/2007 - 05:05

what is that security level 0 to 100 in ethernet interface, what does it really mean & how does it is going to help?

shyamatopsource Sun, 02/18/2007 - 05:10

Hi,

Security level essentially is for different interfaces. 0 and 100 are default for outside and inside interfaces. you can assign from 1-99 sec levels to other interfaces.

sec levels determine how you traverse from one interface to another.. You cannot traverse from a smaller sec level to a bigger without access lists and static. You may have to use nat/globals from bigger to smaller sec levels

Thanks

Shyam

HTH

hoogen_82 Sun, 02/18/2007 - 05:11

Well Security level 0 is reserved for the outside interface, i.e. you consider your outside to be least secure and security level 100 is reserved for your inside interface this means this is most trusted interface.

Two rules to remember. For a device sitting in the inside network needs only a nat statement to access the outside network.

Whereas the outside network needs a nat and access-list to access inside network. Ofcourse there are several scenarios and different things you can do with the ASA.

Cheers

Hoogen

Anand S Sun, 02/18/2007 - 07:24

thanks for your response, but i am bit more confused, so i wanted how to start the initial configuration like basic firewall setup & then slowly to deep level of firewall config.

shyamatopsource Sun, 02/18/2007 - 07:31

1. Configure the interfaces

2. Configure the sec level for the interfaces and the IP Addresses

3. Configure the nat on the inside/dmz

4. configure globals on the outside.

5. Create access-lists for which traffic from the outside to access the dmz/indside and which traffic from dmz to access the inside

6. Configure the users on the local database or configure AAA on the inside server

It is best that you understand the operations of the PIX/ASA.. Coz you are going to get a lot of issues while configuring..

HTH

Thanks

Shyam

lakshmipathymeg... Sun, 02/18/2007 - 12:06

Hi, Anand,

If u want to know the full configuration of ASA 5510 firewall pl buy and read the book Cisco[1].Press.CCSP.SNPA.Official.Exam.Certification.Guide.3.pdf

just go through this book.This will help u a lot.u can buy this in online also.

Actions

This Discussion