Firewalls PT Activity 03 -- MPF
Be sure to place the name Gene Garrett to name the file after opening the file else, it will I go to add my name to the file it will erase all the work. follow all instructions below and send back PKA file as well as script for each step.
In this activity you will configure your ASA 5505 with Modular Policy Framework settings for application and protocol inspection.
Information
Modular Policy Framework is used to configure the firewall to perform various complex actions. In Packet Tracer those actions are limited to application and protocol inspection.
By "inspection" we mean adjusting the behavior of the firewall to allow an application or protocol to perform correctly as the packets pass through the firewall.
In the case of ICMP protocol, inspection allows ICMP traffic to be treated as stateful, so no ACL is needed to allow echo-reply packets to traverse the firewall in response to an echo request sent from inside.
Normally inspection of HTTP is not needed for a web reply to traverse the firewall in response to a web request from inside the firewall, but in packet tracer HTTP traffic is not treated as stateful without inspection.
Pre-testing
From PC0 attempt to access the External Server web page at http:// XXXXXXXXXX
The request will timeout.
From PC0 attempt to ping External Server at XXXXXXXXXX.
The request will timeout.
From the CLI of the ASA 5505, update the firewall configuration. Step 1 -- Create a class-map matching a pre-defined set of protocols
class-map default-traffic
match default-inspection-traffic
exit
Step 2 -- Create a "type inspect" policy-map to set parameters for dns inspection
policy-map type inspect dns dns-settings
parameters
message-length maximum 1024
exit
exit
Step 3 -- Create a policy-map to carry out the inspections
policy-map global-policy
class default-traffic
inspect ftp
inspect http
inspect icmp
inspect tftp
exit
Step 4 -- Apply the policy-map globally
service-policy global-policy global
Post-testing
From PC0 attempt to access the External Server web page at http:// XXXXXXXXXX
The request will succeed.
From PC0 attempt to ping External Server at XXXXXXXXXX.
The request will succeed