Thanks for your response. I have access-list on the router on the core network. Will i have to configure access-list on the ASA also?
At the moment i have an external and internal interfaces on the watchguard firewall. I have about 10 static routes for communications with a couple of remote offices over a mpls circuit and some vlans. I have 10 policies configured for external OWA, SSL, Sharepoint, ping, etc. I guess i need to configure all of that on this new ASA. Have any recommendations on this?
So if i go with steps 1 name the interfaces, step2 assign security-levels to the interfaces. What I read is that the WAN should be set to 0 and inside LAN should be set to 100, what are those numbers mean?
Step 3 my wan ethernet 0 will be the external IP that's on my firewall and ethernet 1 will be the internal private IP that's on the firewall. step 4 enable NAT and step 5 define a route.
I will also need to add all of those static routes also.
0 and 100 define the security level for the interface. The higher the number, the more trusted it is, thus the reason you would use the interface with a security level of 100 to be your inside interface.
Yes whatever you have setup on your current firewall you will have to add to the asa.
So routes and access-list
you can set up a default route that looks like
route outside 0.0.0.0 0.0.0.0 184.108.40.206
and use this as a template to create the rest of your routes.
For example if you access-list is permitting http, https, and ftp you would create an access-list that looks something like this,
access-list acl_in permit ip any any eq 80
access-list acl_in permit ip any any eq 443
access-list acl_in permit ip any any eq ftp
There is an implcit deny all but it is good practice to define your own..so
access-list acl_in deny ip any any.
THis will be at the very end of your config.
After you create the access-list you will need to bind it to the interface that you sre creating it for. So with the one i just created you would bind it to the inside interface.
access-group acl_in in interface inside (or whatever the nameif name you choose is)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...