Hi Julio, thanks for responding.

I have found a site with many ASA lab samples. The problem is I don't know how to test the lab... Attached is one of the labs I'm about to build. Can someone describe how I can test the lab?

Cheers

Carlton

Hello Carlton,

You can use a VMware machine as the internal host or another router, then configure the ASA as properly and just try to give to that host connectivity to a host on the outside interface of the ASA ( via ICMP,etc).

This lab is real simple to build on GNS. ( You can do it with 2 routers and one ASA, Just make the inside router able to ping the Outside router)

Regards

Julio

Julio, thanks again for responding.

I have already built this on GNS. My problem is I don't know how to actually test it - how to determine if its working?

Hello Carlton,

You would need to be able to ping from the inside router to the external router (or SSH or telnet)

Do you follow me?

Regards,

Julio,

I don't understand

Julio,

I don't think a simple ping will fully test this lab ....

Hello Carlton,

I checked the document again to see if I got wrong but nop I am right.

The whole purpose of the lab setup you have there is to be able to configure Dynamic Nat for the internal network when they go to the outside world using a 8.3 or higher version.

A Ping will fully showed you if its working or not. Now if you want to do it with another service.. Just use a packet-tracer and the result should be allowed and of course you will need to check a the NAT stage.

Edit: I sent you a private message, please check it

Regards,

Julio

Security Engineer

Julio,

I have replied.....

Hello,

Good but do you understand the purpose of the Lab now?

Regards,

Julio,

I will build the lab, however I still don't see how a simple ping will fully test this scenario...

What is the point with all the following commands on the ASA

object network OBJ_GENERIC_ALL 
 subnet 0.0.0.0 0.0.0.0

nat (inside,outside) source dynamic OBJ_GENERIC_ALL interface

route outside 0.0.0.0 0.0.0.0 10.165.200.225
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:...

Julio,

I guess I still don't understand the purpose of the lab.....

Hello Carlton,

The purpose of the lab is do NAT on 8.3 version ( because as you will need to know from 8.2 to 8.3 or higher versions this changes a lot).

So as on the PDF is marked as important that is what you need to focus on ( NAT), that's it bro!!

The other stuff in that configuration is there by default.

So what you will need to do in this lab:

1-Interface configuration

2-Nat configuration

3-Routing configuration

Now to make it more interesting after you configure all that, try to ping from the inside host to the outside host

Let me know the result of the lab as soon as you have it!

Regards,

Do rate all the helpful post

Julio

I'll be sure to let you know..

Cheers mate.