another ASA question

anitachoi3 — Mon, 11 Mar 2019 16:17:30 GMT

Hi expert,

Grateful if the expert could advise on it.

11. If there is one DMZ, does the extra default route (item a) need to be configured for the DMZ?

a. route dmz 0.0.0.0 0.0.0.0 210.1.3.1 (for DMZ)

b. route outside 0.0.0.0 0.0.0.0 210.1.3.1 (for outbound traffic to Internet)

12 how do I defind the "CHK_attack" object if the command is configured as below?

ip audit interface inside CHK_attack

13. The decription from the command reference is obscure, grateful if you could advise on the "LOCAL". what user account to be auth?

dynamic-access-policy-record InControlPolicy

aaa authentication enable console LOCAL

14 if the enable password is not configured but the enable secret was confiured, what will happen if the command is configured as below?

aaa authentication http console

15. Following is the default policy to be configured from the cisco web site. What happen if those commands are removed? what is the different between command "ip audit interface outside CHK_attack"?

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

service-policy global_policy global

rdgs

Re: another ASA question

acomiskey — Sat, 19 Sep 2009 14:29:44 GMT

"11. If there is one DMZ, does the extra default route (item a) need to be configured for the DMZ?

a. route dmz 0.0.0.0 0.0.0.0 210.1.3.1 (for DMZ)

b. route outside 0.0.0.0 0.0.0.0 210.1.3.1 (for outbound traffic to Internet) "

NO. 210.1.3.1 exists on the outside interface, not the DMZ.

Re: another ASA question

anitachoi3 — Sat, 19 Sep 2009 15:54:39 GMT

Hi,

any idea regarding item 12 - 15 ?

rdgs

topic Re: another ASA question in Network Security

another ASA question

Re: another ASA question

Re: another ASA question