How to install and configure ASA Firewall to network with intervlan routing on L3 and L2 switches
In this video I will install and configure ASA firewall to my existing network shown in my previous video Intervlan routing with Layer 3 and L2 switches.
In this firewall I will be using the command line to configure the inside and outside interfaces, http server, user account, access-list to permit ICMP, static routes, policy map and then use Advance Security Device Manager to configure Port Address Translation.
I will also configure NXOS interface connected to the firewall and add a route for vlan access to the outside network.
and finally test for connectivity by pinging from Guest1, all the vlan gateways, workstations connected to different vlans, firewall interfaces and outside network gateway and DNS server.
A. On CiscoASA
1. Configure Outside Interface
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.10 255.255.255.0
2. enable Http server and allow access from the outside
http server enable
http 192.168.1.0 255.255.255.0 outside
3. Create a user account cisco with a privilege of 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
4. Configure Inside interface
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
5. Create an extended access-list 101 and 102 with ICMP to be able to ping from inside to outside
access-list 101 extended permit icmp any any echo
access-list 101 extended permit icmp any any echo-reply
access-list 102 extended permit icmp any any echo
access-list 102 extended permit icmp any any echo-reply
6. Apply access-list 102 from the outside going in and access-list 101 from inside
going in
using access-group command
access-group 102 in interface outside
access-group 101 in interface inside
7. Create a route for all inside networks to the outside network.
route inside 0.0.0.0 0.0.0.0 192.168.1.1 1
8. Create routes to the 4 vlans since there's no way for the ASA to
know that they exist, they are not directly connected to ASA.
Directly connected network are automatically added to the
routing table
route inside 192.168.10.0 255.255.255.0 192.168.2.2 1
route inside 192.168.20.0 255.255.255.0 192.168.2.2 1
route inside 192.168.30.0 255.255.255.0 192.168.2.2 1
route inside 192.168.40.0 255.255.255.0 192.168.2.2 1
9. Create and ICMP policy map.
policy-map global-policy
class inspection_default
inspect icmp
B. NXOS
1. Configure interface e2/15
no switchport
ip address 192.168.2.2/24
no shutdown
2. add a route of all VLANs to the ASA inside interface and save the configuration
ip route 0.0.0.0/0 192.168.2.1
![[친절한꿀팁] 다이소에서이것만은사지말자/다이소비추템](https://images.videosashka.com/watch/nlkaq6kQ83Q)
