I'm in the process of learning how to configure Cisco ASA. I've got the ASA simulated on GNS3.
Can some tell me where I can find books or material that has actual labs included in the book.
The books I have found seem to be handbook type of material. I need something that steps through a lab.
You can always use the certifications books from Cisco, one each chapter they explain a feature and you can see a lab recreation ( configuration part) so you can implemented by yourself following the book and understanding the logic,
That is my opinion and what I have used so far.
Cisco Security Engineer
Hi Julio, thanks for responding.
I have found a site with many ASA lab samples. The problem is I don't know how to test the lab... Attached is one of the labs I'm about to build. Can someone describe how I can test the lab?
You can use a VMware machine as the internal host or another router, then configure the ASA as properly and just try to give to that host connectivity to a host on the outside interface of the ASA ( via ICMP,etc).
This lab is real simple to build on GNS. ( You can do it with 2 routers and one ASA, Just make the inside router able to ping the Outside router)
Julio, thanks again for responding.
I have already built this on GNS. My problem is I don't know how to actually test it - how to determine if its working?
You would need to be able to ping from the inside router to the external router (or SSH or telnet)
Do you follow me?
I checked the document again to see if I got wrong but nop I am right.
The whole purpose of the lab setup you have there is to be able to configure Dynamic Nat for the internal network when they go to the outside world using a 8.3 or higher version.
A Ping will fully showed you if its working or not. Now if you want to do it with another service.. Just use a packet-tracer and the result should be allowed and of course you will need to check a the NAT stage.
Edit: I sent you a private message, please check it
Good but do you understand the purpose of the Lab now?
I will build the lab, however I still don't see how a simple ping will fully test this scenario...
What is the point with all the following commands on the ASA
object network OBJ_GENERIC_ALL subnet 0.0.0.0 0.0.0.0 nat (inside,outside) source dynamic OBJ_GENERIC_ALL interface route outside 0.0.0.0 0.0.0.0 10.165.200.225 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:...
The purpose of the lab is do NAT on 8.3 version ( because as you will need to know from 8.2 to 8.3 or higher versions this changes a lot).
So as on the PDF is marked as important that is what you need to focus on ( NAT), that's it bro!!
The other stuff in that configuration is there by default.
So what you will need to do in this lab:
Now to make it more interesting after you configure all that, try to ping from the inside host to the outside host
Let me know the result of the lab as soon as you have it!
Do rate all the helpful post