0% found this document useful (0 votes)

13 views

Firewall & VPN

The document describes the configuration of an ASA firewall, router, and VPN between two sites. The ASA firewall is configured with an inside interface on VLAN 2 with an IP of 192.168.1.0/24. NAT is configured to translate the inside network to the outside interface IP of 200.1.1.1. ICMP inspection is enabled. The router is configured with an interface connected to the ASA at 200.1.1.2 and another connected externally at 8.8.8.1. An IPSec VPN is configured between sites using pre-shared keys and AES encryption to connect the 192.168.0.0/24 and 172.16.0

Uploaded by

Stéphane ATIDIGA

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

13 views

Firewall & VPN

Uploaded by

Stéphane ATIDIGA

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 3

ASA 5505

Int vlan 2
ciscoasa(config-if)#ip add 200.1.1.1 255.255.255.0
ciscoasa(config-if)#no shut
ciscoasa(config-if)#exit
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 200.1.1.2
ciscoasa(config)#object network INSIDE
ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface
ciscoasa(config-network-object)#exit
ciscoasa#conf t
ciscoasa(config)#class-map INSPECTION_DEFAULT
ciscoasa(config-cmap)#match default-inspection-traffic ( ?)
ciscoasa(config-cmap)#exit
ciscoasa(config)#policy-map global_policy
ciscoasa(config-pmap)#class INSPECTION_DEFAULT
ciscoasa(config-pmap-c)#
ciscoasa(config-pmap-c)#inspect icmp
ciscoasa(config-pmap-c)#exit
ciscoasa(config)#service-policy global_policy global

Router

Router(config)#interface GigabitEthernet0/0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to

up
ip address 200.1.1.2 255.255.255.0
Router(config-if)#ip address 200.1.1.2 255.255.255.0
Router(config-if)#
Router(config-if)#exit
Router(config)#interface GigabitEthernet0/1
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to

up
ip address 8.8.8.1 255.0.0.0
Router(config-if)#ip address 8.8.8.1 255.0.0.0
Router(config-if)#

SITE1(config)# crypto isakmp enable

SITE1(config)# crypto isakmp policy 10

SITE1(config-isakmp)# encryption aes

SITE1(config-isakmp)# authentication pre-share

SITE1(config-isakmp)# hash sha

SITE1(config-isakmp)# group 2

SITE1(config)# crypto isakmp key pass1234 address 80.2.0.2

SITE1(config)# crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac

SITE1(config)# ip access-list extended VPN

SITE1(config-ext-nacl)# permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255

SITE1(config)# crypto map VPNMAP 10 ipsec-isakmp

SITE1(config-crypto-map)# match address VPN

SITE1(config-crypto-map)# set peer 80.2.0.2

SITE1(config-crypto-map)# set transform-set VPNSET

SITE1(config)# interface serial 0/0

SITE1(config-if)# crypto map VPNMAP

SITE2(config)# crypto isakmp enable

SITE2(config)# crypto isakmp policy 10

SITE2(config-isakmp)# encryption aes

SITE2(config-isakmp)# authentication pre-share

SITE2(config-isakmp)# hash sha

SITE2(config-isakmp)# group 2

SITE2(config)# crypto isakmp key pass1234 address 80.1.0.2

SITE2(config)# crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac

SITE2(config)# ip access-list extended VPN

SITE2(config-ext-nacl)# permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255

SITE2(config)# crypto map VPNMAP 10 ipsec-isakmp

SITE2(config-crypto-map)# match address VPN

SITE2(config-crypto-map)# set peer 80.1.0.2

SITE2(config-crypto-map)# set transform-set VPNSET

SITE2(config)# interface serial 0/0

SITE2(config-if)# crypto map VPNMAP

#######################################################################

POUR LA VERIFICATION

 # show crypto isakmp sa

 # show crypto ipsec sa

Amazon Interview Questions
No ratings yet
Amazon Interview Questions
2 pages
Cisco ASA Firewall Commands - Cheat Sheet
No ratings yet
Cisco ASA Firewall Commands - Cheat Sheet
8 pages
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
From Everand
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
Redouane MEDDANE
No ratings yet
Cisco ASA Firewall Commands Cheat Sheet
100% (1)
Cisco ASA Firewall Commands Cheat Sheet
10 pages
Cisco - Asa Lab Manual Final
No ratings yet
Cisco - Asa Lab Manual Final
62 pages
Cisco ASA
No ratings yet
Cisco ASA
5 pages
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
2.3.2.6 Packet Tracer - Configuring PAP and CHAP Authentication - ILM
No ratings yet
2.3.2.6 Packet Tracer - Configuring PAP and CHAP Authentication - ILM
7 pages
Hashdd Phishtank
No ratings yet
Hashdd Phishtank
414 pages
13-F - W Config, VPN Config, IOS IPS Configuration, Hardware F - w-14-03-2024
No ratings yet
13-F - W Config, VPN Config, IOS IPS Configuration, Hardware F - w-14-03-2024
7 pages
Lab - Configure ASA 5505 Basic Settings Using CLI
No ratings yet
Lab - Configure ASA 5505 Basic Settings Using CLI
11 pages
Config
No ratings yet
Config
16 pages
ICS lab manual
No ratings yet
ICS lab manual
18 pages
Firewalll
No ratings yet
Firewalll
15 pages
ASA3
No ratings yet
ASA3
3 pages
Asa Lab Manual
No ratings yet
Asa Lab Manual
14 pages
Firewalll Dnscorreo
No ratings yet
Firewalll Dnscorreo
2 pages
Configuring A Cisco ASA 5505 Router
No ratings yet
Configuring A Cisco ASA 5505 Router
1 page
PIM Multicast Routing
No ratings yet
PIM Multicast Routing
4 pages
Configuration of Cisco ASA Firewall
No ratings yet
Configuration of Cisco ASA Firewall
3 pages
21.7.5 Packet Tracer - Configure ASA Basic Settings and Firewall Using the CLI - ILM
No ratings yet
21.7.5 Packet Tracer - Configure ASA Basic Settings and Firewall Using the CLI - ILM
6 pages
Configuring ASA On GNS3 Allow ICMP Packet
No ratings yet
Configuring ASA On GNS3 Allow ICMP Packet
5 pages
ASA Administration: Basic Commands
No ratings yet
ASA Administration: Basic Commands
2 pages
ASA Administration: Basic Commands
No ratings yet
ASA Administration: Basic Commands
2 pages
Packet Tracer Configuring Asa Basic Settings and Firewall Using Cli 1
No ratings yet
Packet Tracer Configuring Asa Basic Settings and Firewall Using Cli 1
7 pages
9 3 1 1 Packet Tracer Configuring ASA Basic Settings and Firewall Corrigé
No ratings yet
9 3 1 1 Packet Tracer Configuring ASA Basic Settings and Firewall Corrigé
14 pages
1.1 Solution PDF
No ratings yet
1.1 Solution PDF
165 pages
Lab - Configure ASA 5505 Basic Settings Using CLI
0% (1)
Lab - Configure ASA 5505 Basic Settings Using CLI
10 pages
Roteiro Pratica-SegurançaAcesso-02
No ratings yet
Roteiro Pratica-SegurançaAcesso-02
9 pages
ASA4
No ratings yet
ASA4
3 pages
Configuring ASA 5506, Practice Lab - PKT
No ratings yet
Configuring ASA 5506, Practice Lab - PKT
11 pages
9.3.1.1 Packet Tracer - Configuring ASA Basic Settings and Firewall Using CLI
No ratings yet
9.3.1.1 Packet Tracer - Configuring ASA Basic Settings and Firewall Using CLI
7 pages
9.1 Configurazionerouter
No ratings yet
9.1 Configurazionerouter
3 pages
Cisco ASA
No ratings yet
Cisco ASA
6 pages
Config
No ratings yet
Config
3 pages
9.3.1.2 Lab - Configure ASA 5505 Basic Settings and Firewall Using CLI
0% (1)
9.3.1.2 Lab - Configure ASA 5505 Basic Settings and Firewall Using CLI
26 pages
ASA Step by Step
No ratings yet
ASA Step by Step
10 pages
Configuring ASA Basic Settings and Firewall Using CLI
100% (1)
Configuring ASA Basic Settings and Firewall Using CLI
16 pages
All Chapter 10 Lab B Configuring ASA Bas
No ratings yet
All Chapter 10 Lab B Configuring ASA Bas
42 pages
Asa
No ratings yet
Asa
6 pages
Packet Tracer 21.7.5
No ratings yet
Packet Tracer 21.7.5
8 pages
STFG_SFI1088,341,1091_2 ELA NUESTRO
No ratings yet
STFG_SFI1088,341,1091_2 ELA NUESTRO
11 pages
Configuring ASA 5506
No ratings yet
Configuring ASA 5506
8 pages
10.1.4.8 Lab - Configure ASA 5505 Basic Settings and Firewall Using ASDM
No ratings yet
10.1.4.8 Lab - Configure ASA 5505 Basic Settings and Firewall Using ASDM
40 pages
Transparent Firewall
No ratings yet
Transparent Firewall
13 pages
9.4.1.5 Packet Tracer - Configuring ASA Basic Settings and Firewall Using CLI
No ratings yet
9.4.1.5 Packet Tracer - Configuring ASA Basic Settings and Firewall Using CLI
7 pages
Walk 1
No ratings yet
Walk 1
6 pages
CCNA5 ScaN EIGRP Practice Skills Assessment - PT
No ratings yet
CCNA5 ScaN EIGRP Practice Skills Assessment - PT
15 pages
San Jose
No ratings yet
San Jose
14 pages
basic router
No ratings yet
basic router
5 pages
CCNA5 ScaN EIGRP Practice Skills Assessment - PT
No ratings yet
CCNA5 ScaN EIGRP Practice Skills Assessment - PT
13 pages
CCNA5 ScaN EIGRP Practice Skills Assessment - PT
No ratings yet
CCNA5 ScaN EIGRP Practice Skills Assessment - PT
13 pages
DHCP Andres
No ratings yet
DHCP Andres
5 pages
222
No ratings yet
222
5 pages
Lab05 - Configuring ASA Basic Settings and Firewall Using CLI
100% (1)
Lab05 - Configuring ASA Basic Settings and Firewall Using CLI
26 pages
Lec2 Basic Router Configuration
No ratings yet
Lec2 Basic Router Configuration
20 pages
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
From Everand
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
Mamta Devi
No ratings yet
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
From Everand
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
Mulayam Singh
No ratings yet
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
From Everand
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
Steve Brown
No ratings yet
Azure For Starters
From Everand
Azure For Starters
Chinmoy Mukherjee
No ratings yet
Computer Engineering Laboratory Solution Primer
From Everand
Computer Engineering Laboratory Solution Primer
Karan Bhandari
No ratings yet
Cisco Routers for the Desperate, 2nd Edition: Router Management, the Easy Way
From Everand
Cisco Routers for the Desperate, 2nd Edition: Router Management, the Easy Way
Michael W. Lucas
4.5/5 (3)
ZXDSL 831 Ii
No ratings yet
ZXDSL 831 Ii
7 pages
Create Dan Config GPON
No ratings yet
Create Dan Config GPON
38 pages
Henry NetworkTech 04LabAct1334
No ratings yet
Henry NetworkTech 04LabAct1334
8 pages
Computer Networking Notes For Tech Placements
No ratings yet
Computer Networking Notes For Tech Placements
16 pages
Communication Protocols
No ratings yet
Communication Protocols
15 pages
Fortinet Syllabus
No ratings yet
Fortinet Syllabus
2 pages
Wireshark Lab: DNS: Approach, 7 Ed., J.F. Kurose and K.W. Ross
No ratings yet
Wireshark Lab: DNS: Approach, 7 Ed., J.F. Kurose and K.W. Ross
9 pages
History of The Internet - Javatpoint
No ratings yet
History of The Internet - Javatpoint
10 pages
ACN Chapter 2 - Part 1 Notes by Ur Engineering Friend
No ratings yet
ACN Chapter 2 - Part 1 Notes by Ur Engineering Friend
5 pages
EJPT Notes 2022 PDF
No ratings yet
EJPT Notes 2022 PDF
9 pages
CN Unit-5
No ratings yet
CN Unit-5
68 pages
Computer Networks
No ratings yet
Computer Networks
18 pages
LEGUANG N800 Wireless Router Configuration Guide
No ratings yet
LEGUANG N800 Wireless Router Configuration Guide
18 pages
Chapter 1
No ratings yet
Chapter 1
20 pages
Group Member_20250527_173639_0000
No ratings yet
Group Member_20250527_173639_0000
3 pages
Cisco Catalyst SD-WAN Zero-to-One (Part 1)
No ratings yet
Cisco Catalyst SD-WAN Zero-to-One (Part 1)
12 pages
CCNP Enterprise-Roadmap
No ratings yet
CCNP Enterprise-Roadmap
5 pages
Common Port Numbers
No ratings yet
Common Port Numbers
1 page
IPCP
No ratings yet
IPCP
7 pages
OSPF Route Filtering Demystified
No ratings yet
OSPF Route Filtering Demystified
25 pages
ITT542 - Case Study 1 Network Layer Protocol ORI
No ratings yet
ITT542 - Case Study 1 Network Layer Protocol ORI
10 pages
Tidbit - IOS-XR BGP Allocate Label + Some Inter-AS VPNv4 - Come Route With Me!
No ratings yet
Tidbit - IOS-XR BGP Allocate Label + Some Inter-AS VPNv4 - Come Route With Me!
5 pages
BGP Lab
No ratings yet
BGP Lab
24 pages
BRKENT-2123
No ratings yet
BRKENT-2123
67 pages
Comandos-Ccna1 1
No ratings yet
Comandos-Ccna1 1
6 pages
Imf 202401 Cs 51
No ratings yet
Imf 202401 Cs 51
19 pages
FortiGate Infrastructure 6.2 Study Guide-Online
No ratings yet
FortiGate Infrastructure 6.2 Study Guide-Online
414 pages

Firewall & VPN

Uploaded by

Firewall & VPN

Uploaded by

ASA 5505

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to

SITE1(config)# crypto isakmp enable

SITE1(config)# crypto isakmp policy 10

SITE1(config-isakmp)# encryption aes

SITE1(config-isakmp)# authentication pre-share

SITE1(config-isakmp)# hash sha

SITE1(config)# crypto isakmp key pass1234 address 80.2.0.2

SITE1(config)# crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac

SITE1(config)# ip access-list extended VPN

SITE1(config-ext-nacl)# permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255

SITE1(config)# crypto map VPNMAP 10 ipsec-isakmp

SITE1(config-crypto-map)# set peer 80.2.0.2

SITE1(config-crypto-map)# set transform-set VPNSET

SITE1(config)# interface serial 0/0

SITE1(config-if)# crypto map VPNMAP

SITE2(config)# crypto isakmp enable

SITE2(config)# crypto isakmp policy 10

SITE2(config-isakmp)# encryption aes

SITE2(config-isakmp)# authentication pre-share

SITE2(config-isakmp)# hash sha

SITE2(config)# crypto isakmp key pass1234 address 80.1.0.2

SITE2(config)# crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac

SITE2(config)# ip access-list extended VPN

SITE2(config-ext-nacl)# permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255

SITE2(config)# crypto map VPNMAP 10 ipsec-isakmp

SITE2(config-crypto-map)# match address VPN

SITE2(config-crypto-map)# set peer 80.1.0.2

SITE2(config-crypto-map)# set transform-set VPNSET

SITE2(config)# interface serial 0/0

SITE2(config-if)# crypto map VPNMAP

 # show crypto isakmp sa

 # show crypto ipsec sa

You might also like