Friday, September 26, 2014

Very Simple Network Diagram with Cisco ASA 5520

 

 Apply IP Address to Interface

 interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 192.168.5.121 255.255.255.0
 no sh
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.4.1 255.255.255.0
 no sh

 !
interface Ethernet0/2
 nameif dmz
 security-level 50
 ip address 192.168.6.1 255.255.255.0
 no sh
!

NAT 0 for Without address translate inside to dmz
access-list no-nat extended permit ip 192.168.4.0 255.255.255.0 192.168.6.0 255.255.255.0
nat (inside) 0 access-list no-nat
******************************************************
Allow web side from DMA to Inside host, and Outside

access-list dmz-in extended permit tcp host 192.168.6.2 any eq www
access-list dmz-in extended permit udp host 192.168.6.2 any eq domain
access-list dmz-in extended permit tcp host 192.168.6.2 any eq domain
access-list dmz-in extended permit tcp host 192.168.6.2 any eq https

Allow Ping from DMA
access-list dmz-in extended permit icmp 192.168.6.0 255.255.255.0 any
access-list dmz-in extended deny tcp any any log
access-group dmz-in in interface dmz
*******************************************************
Allow All from inside
access-list inside-in extended permit ip any any log
access-group inside-in in interface inside

*******************************************************
Allow web server from internet with port forward of DMZ WEB Server 192.168.6.2
access-list OUTSIDE_IN extended permit tcp any host 192.168.5.120 eq www
static (dmz,outside) tcp 192.168.5.120 8080 192.168.6.2 www netmask 255.255.255.255
access-group OUTSIDE_IN in interface outside

Allow NAT with inside and DMZ
global (outside) 1 interface
nat (inside) 1 192.168.4.0 255.255.255.0
nat (dmz) 1 192.168.6.0 255.255.255.0


Default Route
route outside 0.0.0.0 0.0.0.0 192.168.5.1 1
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)