I was wondering if I could get a bit of configuration advice to add a honeypot on my 5505 (10 user base license) in my home environment.
Currently I have default vlans 1 and 2 setup for inside and outside. I would like to set up vlan 3 with restricted traffic flow so it is completed segregated from my home network but is able to access the outside interface. It is my understanding that this can be done with the base license as long as vlan 3 has Restrict Traffic Flow enabled, correct?
My plan is to use vlan 3 for the honeypot. Will I have any problems being able to block all OUTBOUND traffic and allowing all INBOUND traffic to this vlan. Should the security level be set to 50 as if it were a DMZ or should I set it at 0 to match my outbound interface?
Thanks for your help. I am brand new to the ASA. I have worked with a PIX 506E and came across the 5505 for a pretty good price so I decided to pick it up for the home and also so I can dive a little deeper into the FOS.
Yes, you're right. You can create a 3rd VLAN with the BASE license, but the hosts on that VLAN will only be able to fully communicate with the hosts on the OUTSIDE interface and they won't be able to access your home network(INSIDE). In order to accomplish this, you'll also have to configure the "no forward interface Vlan1" command.
As for the security level for that VLAN, I'd set it to 50 (like you offered) and block all OUTBOUND traffic and allow all INBOUND traffic to this vlan by using access-lists.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :