There are questions regarding the ASA55x0. Grateful if the expert could advise on it.
1. for the configuration of dns, does it support another domain name which is different from the standard Internet domain name. e.g account (not account.abc.com)
dns server-group InterDNS
2. If the name-server command is missing from the configuration, what will happend?
3. does following command support all inbound Internet traffic (tcp, udp, icmp, ...) to 220.127.116.11 ?
access-list ACL_in extended permit ip any host 18.104.22.168
4. Must it configure the outbound ACL to control outgoing traffic to Internet? if so, please advise on the command.
access-list ACL_in extended permit ip any host 22.214.171.124 (inbound Internet traffic to company)
access-list XXXXXXXX (outbound traffic from company to Internet)
5.The staging DB server would be inside the DMZ and allow the remote management from outside internal to the DB server only, the tcp port is 8001 and Windows Remote Desktop Protocol (RDP). How to rewrite this command
access-list ACL_in extended permit ip any host 126.96.36.199 (staging DB server)
6. for the ADSL circuit, should following commands be re-configured to another number lower than 1500? if so, what figure may be the suitable value for it?
mtu inside 1500
mtu outside 1500
7. The ASDM image would be changed to another number for trace the latest asdm image to be download. Is it a good practice? Any idea if the auto down fetaure to be activated for the ASDM image on the ASA55x0? Do we need the "Auto Update Server"?
asdm image disk0:/asdm-0217.bin
8. Is it useful if the history command is enabled? or disable this feature to save the CPU time for ASA?
asdm history enable
9. Someone configres the VPN (F5) behind the ASA55x0 using static NAT, the command is as below. Please advise how to defind the object of VPN_F5? The TCP port 80 and 443 are accepted only. The VPN_F5 object is missing
static (inside,outside) 188.8.131.52 VPN_F5 netmask 255.255.255.255 dns
10. Does the "return" static NAT need to be configured? e.g. (outside, inside) 192.168.1.8 ......
static (inside,outside) 184.108.40.206 192.168.1.8 netmask 255.255.255.255 dns