12-02-2019 02:14 AM - edited 12-02-2019 07:58 AM
Hi All,
Below is a picture of my topology,
The file to the packet tracer is also attached. All password or logins are admin and cisco.
I would like DEV and Management network traffic to route through the firewall when access the corp network.
I have yet to configure the router and firewall as i'm not sure in what to do.
My other question is VLAN 10 and 20 can not cross communicate. This is the way i want it, but should i also put ACLS to reinforce this rule as best practice?
Kind Regards,
Daniel!
12-04-2019 07:24 AM
12-04-2019 08:04 AM
Hello,
did you make all the changes on the firewall ? Post the running config of the firewall so I can doublecheck.
If I run the file on a 4Gig computer, it is indeed very slow. If I run it on a 16Gig computer, it is fast, so it might be the machine you are running it on. Either way, you would need to test in a real environment anyway, so I wouldn't worry too much about the performance of what in the end is just a simulator...
12-04-2019 08:25 AM
12-04-2019 08:38 AM
Hello,
click on the ASA icon and go to the CLI tab. The prompt will be:
ciscoasa>
Type 'enable' and press ENTER (you don't need a password).
Then cut and paste the script below:
conf t
interface GigabitEthernet1/1
nameif outside
exit
route outside 0.0.0.0 0.0.0.0 192.168.1.2
access-group INBOUND in interface outside
end
wr mem
12-04-2019 09:37 AM
12-04-2019 10:30 AM
Hello,
post the ASA config again with the changes you have implemented.
12-04-2019 12:53 PM
12-04-2019 01:23 PM
Hello,
that is still the old, non-working config. None of the changes have been applied, I don't know why that is to be honest. How do you actually access the ASA, and can you enter the changes manually ? Post the sequence of commands you enter from the ASA command line...
12-05-2019 01:11 AM
12-02-2019 01:35 PM
To all concerned,
It is very clear this thread is school work.
Help the students learn: Post the links to documents and configuration guides.
Please refrain from handing out answers.
12-03-2019 06:52 AM
12-04-2019 04:44 AM
Hello,
I have revised the topology and made the links between both L3 switches and the firewall part of the Vlan 15.
Make sure the ASA has the config exactly as below. If it doesn't work, post the ASA configuration you have, so I can double check.
ASA Version 9.6(1)
!
hostname ciscoasa
names
!
interface Port-channel1
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/2
description Link to S1
nameif inside1
security-level 100
ip address 10.10.15.20 255.255.255.224
!
interface GigabitEthernet1/3
description Link to S2
nameif inside2
security-level 100
ip address 10.10.15.21 255.255.255.224
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
security-level 0
no ip address
channel-group 1 mode on
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
route outside 0.0.0.0 0.0.0.0 192.168.1.2 1
!
access-list INBOUND extended permit ip any any
!
access-group INBOUND in interface outside
!
class-map inspection_default
!
policy-map global_policy
class inspection_default
inspect icmp
!
telnet timeout 5
ssh timeout 5
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 0.0.0.0 area 0
default-information originate
12-05-2019 07:56 AM
12-05-2019 08:15 AM
Hello,
you need to name interface GigabitEthernet 'outside' first:
interface GigabitEthernet1/1
nameif outside
12-05-2019 08:36 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: