05-26-2012 11:43 AM - edited 03-11-2019 04:12 PM
Hello All,
I'm in the process of learning how to configure Cisco ASA. I've got the ASA simulated on GNS3.
Can some tell me where I can find books or material that has actual labs included in the book.
The books I have found seem to be handbook type of material. I need something that steps through a lab.
Cheers
Carlton
05-26-2012 02:13 PM
Hello Carlton,
You can always use the certifications books from Cisco, one each chapter they explain a feature and you can see a lab recreation ( configuration part) so you can implemented by yourself following the book and understanding the logic,
That is my opinion and what I have used so far.
Regards,
Julio
Cisco Security Engineer
05-26-2012 02:50 PM
05-26-2012 03:18 PM
Hello Carlton,
You can use a VMware machine as the internal host or another router, then configure the ASA as properly and just try to give to that host connectivity to a host on the outside interface of the ASA ( via ICMP,etc).
This lab is real simple to build on GNS. ( You can do it with 2 routers and one ASA, Just make the inside router able to ping the Outside router)
Regards
Julio
05-26-2012 03:24 PM
Julio, thanks again for responding.
I have already built this on GNS. My problem is I don't know how to actually test it - how to determine if its working?
05-26-2012 03:29 PM
Hello Carlton,
You would need to be able to ping from the inside router to the external router (or SSH or telnet)
Do you follow me?
Regards,
05-26-2012 03:31 PM
Julio,
I don't understand
05-26-2012 03:34 PM
Julio,
I don't think a simple ping will fully test this lab ....
05-26-2012 03:40 PM
Hello Carlton,
I checked the document again to see if I got wrong but nop I am right.
The whole purpose of the lab setup you have there is to be able to configure Dynamic Nat for the internal network when they go to the outside world using a 8.3 or higher version.
A Ping will fully showed you if its working or not. Now if you want to do it with another service.. Just use a packet-tracer and the result should be allowed and of course you will need to check a the NAT stage.
Edit: I sent you a private message, please check it
Regards,
Julio
Security Engineer
05-26-2012 03:46 PM
Julio,
I have replied.....
05-26-2012 03:47 PM
Hello,
Good but do you understand the purpose of the Lab now?
Regards,
05-26-2012 03:52 PM
Julio,
I will build the lab, however I still don't see how a simple ping will fully test this scenario...
What is the point with all the following commands on the ASA
object network OBJ_GENERIC_ALL subnet 0.0.0.0 0.0.0.0 nat (inside,outside) source dynamic OBJ_GENERIC_ALL interface route outside 0.0.0.0 0.0.0.0 10.165.200.225 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:...
05-26-2012 03:53 PM
Julio,
I guess I still don't understand the purpose of the lab.....
05-26-2012 03:59 PM
Hello Carlton,
The purpose of the lab is do NAT on 8.3 version ( because as you will need to know from 8.2 to 8.3 or higher versions this changes a lot).
So as on the PDF is marked as important that is what you need to focus on ( NAT), that's it bro!!
The other stuff in that configuration is there by default.
So what you will need to do in this lab:
1-Interface configuration
2-Nat configuration
3-Routing configuration
Now to make it more interesting after you configure all that, try to ping from the inside host to the outside host
Let me know the result of the lab as soon as you have it!
Regards,
Do rate all the helpful post
Julio
05-26-2012 04:05 PM
I'll be sure to let you know..
Cheers mate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide