some questions about the ASA

Unanswered Question
Sep 19th, 2009


There are questions regarding the ASA55x0. Grateful if the expert could advise on it.

1. for the configuration of dns, does it support another domain name which is different from the standard Internet domain name. e.g account (not

dns server-group InterDNS

domain-name aaabbb

2. If the name-server command is missing from the configuration, what will happend?

3. does following command support all inbound Internet traffic (tcp, udp, icmp, ...) to ?

access-list ACL_in extended permit ip any host

4. Must it configure the outbound ACL to control outgoing traffic to Internet? if so, please advise on the command.

access-list ACL_in extended permit ip any host (inbound Internet traffic to company)

access-list XXXXXXXX (outbound traffic from company to Internet)

5.The staging DB server would be inside the DMZ and allow the remote management from outside internal to the DB server only, the tcp port is 8001 and Windows Remote Desktop Protocol (RDP). How to rewrite this command

access-list ACL_in extended permit ip any host (staging DB server)

6. for the ADSL circuit, should following commands be re-configured to another number lower than 1500? if so, what figure may be the suitable value for it?

mtu inside 1500

mtu outside 1500

7. The ASDM image would be changed to another number for trace the latest asdm image to be download. Is it a good practice? Any idea if the auto down fetaure to be activated for the ASDM image on the ASA55x0? Do we need the "Auto Update Server"?

asdm image disk0:/asdm-0217.bin

8. Is it useful if the history command is enabled? or disable this feature to save the CPU time for ASA?

asdm history enable

9. Someone configres the VPN (F5) behind the ASA55x0 using static NAT, the command is as below. Please advise how to defind the object of VPN_F5? The TCP port 80 and 443 are accepted only. The VPN_F5 object is missing

static (inside,outside) VPN_F5 netmask dns

10. Does the "return" static NAT need to be configured? e.g. (outside, inside) ......

static (inside,outside) netmask dns


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion