another ASA question

anitachoi3 · ‎09-19-2009

Hi expert,

Grateful if the expert could advise on it.

11. If there is one DMZ, does the extra default route (item a) need to be configured for the DMZ?

a. route dmz 0.0.0.0 0.0.0.0 210.1.3.1 (for DMZ)

b. route outside 0.0.0.0 0.0.0.0 210.1.3.1 (for outbound traffic to Internet)

12 how do I defind the "CHK_attack" object if the command is configured as below?

ip audit interface inside CHK_attack

13. The decription from the command reference is obscure, grateful if you could advise on the "LOCAL". what user account to be auth?

dynamic-access-policy-record InControlPolicy

aaa authentication enable console LOCAL

14 if the enable password is not configured but the enable secret was confiured, what will happen if the command is configured as below?

aaa authentication http console

15. Following is the default policy to be configured from the cisco web site. What happen if those commands are removed? what is the different between command "ip audit interface outside CHK_attack"?

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

!

service-policy global_policy global

rdgs

acomiskey · ‎09-19-2009

"11. If there is one DMZ, does the extra default route (item a) need to be configured for the DMZ?

a. route dmz 0.0.0.0 0.0.0.0 210.1.3.1 (for DMZ)

b. route outside 0.0.0.0 0.0.0.0 210.1.3.1 (for outbound traffic to Internet) "

NO. 210.1.3.1 exists on the outside interface, not the DMZ.

anitachoi3 · ‎09-19-2009

Hi,

any idea regarding item 12 - 15 ?

rdgs