Cisco Asa Lab Manual Final

Cisco Certified Security Professional SNAF Securing Networks with ASA Fundamentals

Lab Manual Developed by

M. Irfan Ghauri M. Tanzeel Nasir

C-32/1 Block-5 Gulshan-e-Iqbal, Karachi Ph #021-6034003

ESP Press Copyrights 2011

1 ASA Lab Manual

LAB.

LABS DESCRIPTION

PAGE NO.

1

ASA Basic & Accessing ASA through Telnet/SSH/HTTP

3

2

NETWORK ADDRESS TRANSLATION

8

• • • • • • •

Nat Control Static NAT Dynamic NAT PAT STATIC PAT POLICY NAT NAT 0

3

Fitering ACTIVEX Objects and JAVA Applets

17

4

Transparent Firewall

18

5

Syslog server

20

6

Cut through proxy through LOCAL database & AAA server

21

7

Downloadable Acl

24

8

Tcp intercept Max connection

29

9

Object Grouping and Time-based Acl

30

Routing a.Static Routing b.Dynamic Routing

32

10

2 ASA Lab Manual

11

12

Dynamic Host Configuration Protocol

Demilitarized Zone

34

37

13

Intervlan Routing with ASA

39

14

Modular Policy Framework

41

15

Virtual Private Network Site to Site VPN Web VPN Remote Access VPN

42

3 ASA Lab Manual

Lab # 1 ASA Basic Configuration How to verify Version ciscoasa(config)# sh version

How to Set Hostname ciscoasa(config)# hostname ESP

How to Set Time & Date ciscoasa# clock set 03:40:50 29 december 2010

How to Set Desired Banners ciscoasa(config)# banner exec "you are off"

How to Configure a particular Interface ciscoasa(config)# interface ethernet 0/0 •

Assign IP ciscoasa(config-if)# ip address 20.0.0.10

•

Alive Interface ciscoasa(config-if)# no shutdown

•

Set Speed ciscoasa(config-if)# speed auto

•

Give Label ciscoasa(config-if)# nameif outside

•

Mention Security Level ciscoasa(config-if)# security-level 0 ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto

4 ASA Lab Manual

ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100

How to check Particular Interface information ciscoasa# sh interface ethernet 0/0 ciscoasa# sh interface ethernet 0/1

How to check the applied IP Addresses on the Device ciscoasa# sh ip addresses

How to check interface Labels & Security Levels ciscoasa# sh nameif

How to check Interfaces summary ciscoasa(config)# sh interface ip brief

How to Save Configuration ciscoasa(config)# copy running-config start

How to check state table ciscoasa(config)# sh conn

How to check memory status ciscoasa# sh memory

How to restrict access on Privilege mode ciscoasa(config)# enable password cisco

How to check running configuration ciscoasa(config)# sh run

How to check History of CLI ciscoasa# sh history

5 ASA Lab Manual

Accessing ASA through Telnet/HTTP/SSH Configuration Assigning Speed & IP Address on Inside & Outside Interfaces.

ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside

How to Telnet Adaptive Security Appliance ciscoasa(config)# telnet 10.0.0.4 255.255.255.255 inside ciscoasa(config)# passwd cisco ciscoasa(config)# enable password cisco (Telnet only allow from inside) How to HTTP Adaptive Security Appliance ciscoasa(config)#http server enable ciscoasa(config)#http 10.0.0.1 255.255.255.255 inside How to SSH Adaptive Security Appliance ciscoasa(config)# crypto key generate rsa modulus 1024 ciscoasa(config)# ssh 10.0.0.1 255.255.255.255 inside ciscoasa(config)# ssh 20.0.0.4 255.255.255.255 outside Authentication With local database ciscoasa(config)#username tanzeel password cisco123 ciscoasa(config)# aaa authentication ssh console LOCAL

6 ASA Lab Manual

At Machine 10.0.0.1:

7 ASA Lab Manual

Verification Commands: ciscoasa(config)# show ssh ciscoasa(config)# show ssh session ciscoasa(config)# ssh disconnect session_id ciscoasa(config)# show crypto key mypubkey rsa

8 ASA Lab Manual

Lab # 2 NETWORK ADDRESS TRANSLATION Network Address Translation allows to translate Private Addresses into Public Addresses • • • • • • •

Nat Control Static NAT Dynamic NAT PAT STATIC PAT POLICY NAT NAT 0

Configuration Assigning Speed & IP Address on Inside & Outside Interfaces.

ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside ciscoasa (config)#nat-control ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside

9 ASA Lab Manual

STATIC NETWORK ADDRESS TRANSLATION

Configuration Establish Static NAT & ACLs.

ciscoasa (config)# static (inside,outside) 20.0.0.51 10.0.0.1 ciscoasa (config)# static (inside,outside) 20.0.0.52 10.0.0.2 Verify Configuration by using following commands.

ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1

10 ASA Lab Manual

DYNAMIC NETWORK ADDRESS TRANSLATION

Configuration Establish Dynamic NAT, POOL & ACLss on Inside Interfaces.

ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 20.0.0.51-20.0.0.60 Verify Configuration by using following commands.

ciscoasa (config)# show running-config global ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1

11 ASA Lab Manual

DYNAMIC PORT ADDRESS TRANSLATION

Configuration Establish Dynamic PAT, POOL & ACLs

ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 20.0.0.51 OR

Establish Dynamic PAT by assigning Outside Interface IP Address to POOL

ciscoasa (config)# nat (inside) 1 0 0 ciscoasa (config)# global (outside) 1 interface ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside

12 ASA Lab Manual

Verify Configuration by using following commands.

ciscoasa (config)# show running-config global ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show access-list 1

13 ASA Lab Manual

STATIC PAT

Configuration Establish Port Redirection & ACLs

ciscoasa (config)# static (inside,outside) tcp 20.0.0.50 http 10.0.0.1 80 Verify results by browsing 20.0.0.50 from outside machine. (Outside Machine will successfully access local Web Server) Verify Configuration by using following commands.

ciscoasa (config)# show running-config nat ciscoasa (config)# show running-config xlate

14 ASA Lab Manual

POLICY NAT

Configuration Apply ACLs & NAT POLICY

ciscoasa (config)# access-list 101 permit ip 10.0.0.0 255.0.0.0 host 20.0.0.1

ciscoasa (config)# access-list 102 permit ip 10.0.0.0 255.0.0.0 host 20.0.0.2

ciscoasa (config)# nat (inside) 1 access-list 101 ciscoasa (config)# global (outside) 1 20.0.0.51 ciscoasa (config)# nat (inside) 2 access-list 102 ciscoasa (config)# global (outside) 2 20.0.0.52

15 ASA Lab Manual

Verify Configuration by using following commands.

ciscoasa (config)# show running-config nat ciscoasa (config)# show xlate ciscoasa (config)# show running-config global

16 ASA Lab Manual

NAT CONTROL AND NAT 0

ALI requires a NAT rule

IP Address 10.0.0.1

ATIF using NAT0 policy 10.0.0.2→10.0.0.2

IP Address 20.0.0.1 E1

EO

IP Address 10.0.0.10


IP Address 10.0.0.2

Configuration Enable Nat control. ciscoasa (config)# nat-control Apply NAT 0 Policy for ATIF. ciscoasa (config)# nat (inside) 0 10.0.0.2 255.255.255.255 Verify Configuration by using following commands. ciscoasa (config)# show xlate ciscoasa (config)# show running-config global

IP Address 20.0.0.2

17 ASA Lab Manual

Lab # 3 FILTERING ACTIVEX OBJECTS AND JAVA APPLETS

Configuration Apply Filters.

ciscoasa (config)# filter java 80 0 0 0 0 ciscoasa (config)# filter activex 80 0 0 0 0 Verify results by browsing outside machine from any inside machine. (Host will successfully access the HTML page )

18 ASA Lab Manual

Lab # 4 TRANSPARENT FIREWALL

IP Address 10.0.0.2

IP Address 10.0.0.1

IP Address 10.0.0.3

Configuration Assigning Speed & no Shut Inside & Outside Interfaces.

ciscoasa (config)# firewall transparent ciscoasa (config)# interface ethernet 0/0 ciscoasa (config-if)# no shutdown ciscoasa (config-if)# speed auto ciscoasa (config-if)# nameif outside

ciscoasa (config)# interface ethernet 0/1 ciscoasa (config-if)# no shutdown ciscoasa (config-if)# speed auto ciscoasa (config-if)# nameif inside

19 ASA Lab Manual

ciscoasa (config)# access-list 1 permit ip any any ciscoasa (config)# access-group 1 in interface outside ciscoasa (config)# ip address 10.0.0.10 255.255.255.0 Verify results by IOS commands.

ciscoasa (config)# show firewall ciscoasa (config)# show mac-address-table

20 ASA Lab Manual

Lab # 5 SYSLOG SERVER

IP Address 20.0.0.1


EO



SYSLOG IP Address 10.0.0.2

Configuration: ciscoasa(config)# logging on ciscoasa(config)# logging host inside 10.0.0.2 ciscoasa(config)# logging trap 7

Verification Commands: ciscoasa(config)# show logging

IP Address 20.0.0.2

21 ASA Lab Manual

Lab # 6 Cut through proxy through LOCAL database & AAA server

IP Address 10.0.0.2



EO


IP Address 10.0.0.3

IP Address 20.0.0.2 AAA SERVER IP Address 10.0.0.1

Configuration Cut through Proxy through Local database ciscoasa(config)# username admin password admin ciscoasa(config)# aaa authentication include any inside 0 0 0 0 LOCAL Cut through Proxy with AAA server ciscoasa(config)# aaa-server esp protocol tacacs+ ciscoasa(config-aaa-server-group)# aaa-server esp host 10.0.0.1 cisco123 ciscoasa(config)# aaa authentication include any inside 0 0 0 0 esp

22 ASA Lab Manual

Configuration on ACS server

23 ASA Lab Manual

User accounts on AAA

Verification Commands: ciscoasa(config)# show uauth ciscoasa(config)# clear uauth

24 ASA Lab Manual

Lab # 7 Downloadable Acl

ALI

IP Address 10.0.0.2


ATIF


EO


IP Address 10.0.0.3

IP Address 20.0.0.2 AAA SERVER IP Address 10.0.0.1

Cisco Secure ACS allows to create downloadable ACLs. By this various ACLs can be formed for different users. Downloadable ACL will be activated only when the particular user sign in. Step 1:Configure AAA server using Radius Protocol. ciscoasa(config)# aaa-server esp protocol radius ciscoasa(config-aaa-server-group)# aaa-server esp host 10.0.0.4 cisco ciscoasa(config-aaa-server-host)# aaa authentication include any inside 0 0 0 0 esp

25 ASA Lab Manual

Configuration on ACS server

Step 2:Form Downloadable ACL through Shared profile Components (if Downloadable option is not available then click on Interface Configuration. )

26 ASA Lab Manual

27 ASA Lab Manual

Now option is added in Shared Profile Components

28 ASA Lab Manual

Step 3: Add User “Ali” and apply Downloadable ACL on users profile.

Step 3: Verify results. ( Atif can successfully browse & ftp outside network) BUT ( Ali can only successfully ftp outside network)

Verification Commands: ciscoasa(config)# show uauth ciscoasa(config)# clear uauth ciscoasa(config)# show conn

29 ASA Lab Manual

Lab # 8 TCP Intercept Maximum Connection

IP Address 20.0.0.1


EO



FTP & WEB SERVER IP Address 10.0.0.2

IP Address 20.0.0.2

Configuration: ciscoasa(config)# static (inside,outside) 20.0.0.50 10.0.0.1 1 0 ciscoasa(config)# access-list 1 permit ip any any ciscoasa(config)# access-group 1 in interface outside

Verification Commands: ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)#

show show show show

running-config static local-host xlate conn

30 ASA Lab Manual

Lab # 9 Object Grouping

IP Address 20.0.0.1


EO



FTP & WEB SERVER IP Address 10.0.0.2

Configuration: Create network object ciscoasa(config)# object-group network esp ciscoasa(config-network)# network-object host 20.0.0.1 ciscoasa(config-network)# network-object host 20.0.0.2 ciscoasa(config-network)# network-object host 20.0.0.3 ciscoasa(config-network)# exi Create service object ciscoasa(config)# object-group service httpftp tcp ciscoasa(config-service)# port-object eq 80 ciscoasa(config-service)# port-object eq 21 ciscoasa(config-service)# exi

IP Address 20.0.0.2

31 ASA Lab Manual

Calling object in ACL ciscoasa(config)# access-list 101 extended permit tcp object-group esp host 10.0.0.1 object-group httpftp ciscoasa(config)# access-group 101 in interface outside

Time-based Acl Configuration: ciscoasa(config)#time-range test ciscoasa(config-time-range)#periodic daily 15:00 to 15:30 ciscoasa(config-time-range)#exit ciscoasa(config)# access-list 101 permit ip any any time-range test ciscoasa(config)#access-group 101 in interface outside Verifying commands ciscoasa(config)# show access-list ciscoasa(config)# show run object-group

32 ASA Lab Manual

Lab # 10 Routing IP Address 15.0.0.1 E0

IP Address 15.0.0.2 Fa0/0

R2 IP Address 10.0.0.10 Ethernet 1


WEB Server

Host A IP Address 10.0.0.1

Host B IP Address 10.0.0.2

Configuration : ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 15.0.0.1 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# nameif outside ciscoasa(config-if)# security-level 0 ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto

IP Address 20.0.0.1

FTP Server IP Address 20.0.0.2

33 ASA Lab Manual

ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100

• • • • •

Static Routing Dynamic Routing RIP OSPF EIGRP

Static Routes Commands on Asa ciscoasa(config)#route outside 20.0.0.0 255.0.0.0 15.0.0.2 Rip Commands on Asa ciscoasa(config)#router rip ciscoasa(config-router)#network 15.0.0.0 ciscoasa(config-router)#network 10.0.0.0 Ospf Commands on Asa ciscoasa(config)#router ospf 64 ciscoasa(config-router)#network 15.0.0.0 255.0.0.0 area 0 ciscoasa(config-router)#network 10.0.0.0 255.0.0.0 area 0 Eigrp Commands on Asa ciscoasa(config)#router eigrp 10 ciscoasa(config-router)#network 15.0.0.0 ciscoasa(config-router)#network 10.0.0.0 ciscoasa(config-router)#exit Verifying Commands ciscoasa(config)#sh route ciscoasa(config)#sh rip database ciscoasa(config)#sh ospf interface ciscoasa(config)#sh ospf neighbor ciscoasa(config)# sh eigrp interfaces ciscoasa(config)# sh eigrp neighbors

34 ASA Lab Manual

Lab # 11 DYNAMIC HOST CONFIGURATION PROTOCOL ASA Firewall has features that let it be Configured as a • DHCP SERVER • DHCP CLIENT •

DHCP SERVER

Configuration Create POOL for Inside Hosts. ciscoasa(config)# dhcpd address 10.0.0.51-10.0.0.61 inside Enable DHCP on the ASA Firewall. ciscoasa(config)#dhcpd enable inside

35 ASA Lab Manual

Verify Configuration by using following commands. ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)# ciscoasa(config)#

show dhcpd binding show dhcpd state clear dhcpd bindings debug dhcpd events debug dhcpd packet

DHCP CLIENT

Configuration Step 1: Enable DHCP Client. ciscoasa(config)#int e0/0 ciscoasa(config)# ip address dhcp

36 ASA Lab Manual

Step 2: Define new scope for IP addresses range.

Step 3: Verify Configuration by using following commands. ciscoasa(config)#debug dhcpd events ciscoasa(config)#debug dhcpd packet

37 ASA Lab Manual

Lab # 12 Demilitarized Zone

Configuration Step 1:Assign IPs and Define Security Levels. ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)# ip address 20.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif outside ciscoasa(config)# interface ethernet 0/1 ciscoasa(config-if)# ip address 10.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif inside

38 ASA Lab Manual

ciscoasa(config)# interface ethernet 0/2 ciscoasa(config-if)# ip address 30.0.0.10 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# speed auto ciscoasa(config-if)# nameif dmz Apply PAT for inside Users & Static Nat for server on DMZ Interface. ciscoasa(config)# nat (inside) 1 0 0 ciscoasa(config)# global (outside) 1 interface ciscoasa(config)# static (dmz,outside) 40.0.0.51 30.0.0.1 ciscoasa(config)# static (dmz,outside) 40.0.0.52 30.0.0.2 Establish ACL to allow traffic from lower security level to servers. ciscoasa(config)# access-list 101 permit tcp any host 40.0.0.51 eq www ciscoasa(config)# access-list 101 permit tcp any host 40.0.0.52 eq ftp ciscoasa(config)# access-group 1 in interface outside

Verifying Commands ciscoasa(config)#sh run access-list ciscoasa(config)#sh run interface

39 ASA Lab Manual

Lab # 13 INTER-VLAN ROUTING WITH ASA IP Address 10.0.0.10 Ethernet 0/1

IP Address 20.0.0.10 Ethernet 0/0

E 0 / 2.40 40.0.0.10 / 8 Security-level 40

E 0 / 2.30 30.0.0.10 / 8 Security-level 30

IP Address 10.0.0.1

Fa 0/24

Fa 0/3

2950

Vlan 30

WEB Server 30.0.0.1/8 30.0.0.10

Configuration ciscoasa(config)#Interface Ethernet0/2 ciscoasa(config-if)#no shut ciscoasa(config-if)#no ip add ciscoasa(config-if)#exit

Fa 0/4

Vlan 40

FTP Server 40.0.0.1/8 40.0.0.10

IP Address 20.0.0.1

40 ASA Lab Manual

ciscoasa(config)#Interface Ethernet0/2.30 ciscoasa(config-if)#vlan 30 ciscoasa(config-if)#no shutdown ciscoasa(config-if)#nameif www ciscoasa(config-if)#security-level 30 ciscoasa(config-if)#ip address 30.0.0.10 255.0.0.0 ciscoasa(config)#Interface Ethernet0/2.40 ciscoasa(config-if)#vlan 40 ciscoasa(config-if)#no shutdown ciscoasa(config-if)#nameif ftp ciscoasa(config-if)#security-level 40 ciscoasa(config-if)#ip address 40.0.0.10 255.0.0.0 After Configuration inside(100) users access ftp(40) and web(30) service now if u want to allow outside users to access ftp and web service make an access-list to allow them ciscoasa(config)# access-list 101 permit tcp any host 30.0.0.1 eq ftp ciscoasa(config)#access-group 101 in interface outside

Switch configuration Switch(config)#vlan 30 Switch(config-vlan)#name www Switch(config)#vlan 40 Switch(config-vlan)#name ftp Switch(config)#interface fa0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 30 Switch(config)#interface fa0/4 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 40 Switch(config)#interface fa0/24 Switch(config-if)#switchport mode trunk Verifying Commands ciscoasa(config)#sh run access-list ciscoasa(config)#sh run interface

41 ASA Lab Manual

Lab # 14 MODULAR POLICY FRAMEWORK

Configuration Step 1:Define Class Name. ASA(config)# class-map http ASA(config-cmap)# match port tcp eq 80 Step 2:Define Classes to the Policy Map ASA(config)# policy-map esp ASA(config-pmap)# class-map http ASA(config-pmap-c)# priority-queue inside ASA(config)# service-policy esp interface inside Step 3:Verify Results by IOS commands. ASA# show service-policy

42 ASA Lab Manual

Lab # 15 SITE TO SITE VPN



WAN RmtRouter IP Address 20.0.0.10 Fa0/1

IP Address 10.0.0.10 Ethernet 1

Rmt Users

WEB Server IP Address 20.0.0.1

FTP Server Host A IP Address 10.0.0.1

Host B IP Address 10.0.0.2

IP Address 20.0.0.2

Configuration Site-to-Site Vpn Configuration on Asa ciscoasa(config)#crypto isakmp enable outside ciscoasa(config-isakmp-policy)#crypto isakmp policy 10 ciscoasa(config)# authen pre-share ciscoasa(config)# hash md5 ciscoasa(config)# encrypt des ciscoasa(config)# group 2 ciscoasa(config)# tunnel-group 15.0.0.2 type ipsec-l2l ciscoasa(config)# tunnel-group 15.0.0.2 ipsec-attributes ciscoasa(config-tunnel-ipsec)# pre-shared-key cisco123

43 ASA Lab Manual

ciscoasa(config)# access-list 101 permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0 ciscoasa(config)# crypto ipsec transform-set aset esp-des esp-md5-hmac ciscoasa(config)# crypto map outside_map 1 set peer 15.0.0.2 ciscoasa(config)# crypto map outside_map 1 set transform-set aset ciscoasa(config)#crypto map outside_map 1 match address 101 ciscoasa(config)# crypto map outside_map interface outside

44 ASA Lab Manual

IPsec(Site-to-Site) VPN Wizard

45 ASA Lab Manual

46 ASA Lab Manual

47 ASA Lab Manual

48 ASA Lab Manual

CLIENT LESS WEB VPN Unlike a standard IPSec VPN which requires specific client software, Web VPN is a clientless Remote-Access VPN that uses a web browser to access a Corporate Network.


WAN IP Address 20.0.0.1 With no Vpn client IP Address 10.0.0.10 Ethernet 1

IP Address 20.0.0.5 With no Vpn client

Local FTP Server IP Address 10.0.0.3 Host A IP Address 10.0.0.1 Local web Server IP Address 10.0.0.2

Configuration SSL VPN Wizard

49 ASA Lab Manual

50 ASA Lab Manual

51 ASA Lab Manual

52 ASA Lab Manual

53 ASA Lab Manual

54 ASA Lab Manual

Verify results by accessing Corporate Network. Type username and password .

55 ASA Lab Manual

Step 3(A): Verify results by IOS commands. ciscoasa# show running-config webvpn

56 ASA Lab Manual

REMOTE-ACCESS VPN Access VPN provides secure communication with remote users who are working from home and connect through modem or mobile but they should have client Hardware & client Software running on there computers.


WAN IP Address 20.0.0.1 With Vpn client IP Address 10.0.0.10 Ethernet 1

IP Address 20.0.0.5 With Vpn client

Local FTP Server IP Address 10.0.0.3 Host A IP Address 10.0.0.1 Local web Server IP Address 10.0.0.2

Configuration IPsec(Remote-access) VPN Wizard

57 ASA Lab Manual

58 ASA Lab Manual

59 ASA Lab Manual

60 ASA Lab Manual

61 ASA Lab Manual

Cisco Asa Lab Manual Final

Recommend Documents