12-02-2019 02:14 AM - edited 12-02-2019 07:58 AM
Hi All,
Below is a picture of my topology,
The file to the packet tracer is also attached. All password or logins are admin and cisco.
I would like DEV and Management network traffic to route through the firewall when access the corp network.
I have yet to configure the router and firewall as i'm not sure in what to do.
My other question is VLAN 10 and 20 can not cross communicate. This is the way i want it, but should i also put ACLS to reinforce this rule as best practice?
Kind Regards,
Daniel!
12-02-2019 08:36 AM
Hello,
you need to decide what your topology is supposed to look like. All switches are layer 3 capable, do you want them to be used as such ? If so, you need to configure common subnets between the switches and the ASA.
What, if any, are the requirements ?
12-03-2019 05:20 AM
The topology is set now. The Layer 3 switches for the DEV and Project backbone are going to act as layer 2.
@Georg Pauwen The requirements are that the DEV and Management connection can communicate with the Loopback located at the top of the network. This will act as a remote passage for the a team over the corporate network.
I have never configured a cisco firewall before only a fortigate through GUI.
@Leo Laohoo this is not a student project but a workplace project. I have changed the IP's and names of some systems/areas for confidentially. I have asked for support on assignments before now but this is the real thing, :)
12-03-2019 05:23 AM
Hello,
thanks for the update. I'll have a look at the file again...
12-03-2019 06:56 AM
Hello,
I have attached the revised project file. The ASA has just the most basic configuration, all traffic inbound is being alllowed.
S1 and S2 are set up as HSRP switches for all your Vlans, for redundancy. These are the only layer 3 switches now left in your network.
Check in how far this helps you out, and let us know if you need further assistance.
12-03-2019 07:11 AM
12-03-2019 08:02 AM
12-03-2019 08:32 AM
12-03-2019 09:52 AM
12-03-2019 10:24 AM
12-03-2019 10:54 AM
Hello,
the ASA does not save the configuration. Weird, and probably one of the many quirks in Packet Tracer. Here is the configuration that is needed, manually add what is missing:
ciscoasa#sh run
: Saved
:
ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface Port-channel1
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/2
description Link to S1
nameif inside1
security-level 100
ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet1/3
description Link to S2
nameif inside2
security-level 100
ip address 2.2.2.1 255.255.255.252
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
security-level 0
no ip address
channel-group 1 mode on
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
route outside 0.0.0.0 0.0.0.0 192.168.1.2 1
!
access-list INSIDE extended permit ip any any
!
!
access-group INSIDE in interface outside
!
!
!
!
class-map inspection_default
!
policy-map global_policy
class inspection_default
inspect icmp
!
telnet timeout 5
ssh timeout 5
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 0.0.0.0 area 0
default-information originate
12-04-2019 02:31 AM