Firewalls PT Activity 07 -- Lab Be sure to place the name Gene Garrett to name the file after opening the file else, when I go to add my name to the file it will erase all the work. Follow all...

Firewalls PT Activity 07 -- Lab

Be sure to place the name Gene Garrett to name the file after opening the file else, when I go to add my name to the file it will erase all the work. Follow all instructions below and send back PKA file as well as script for each step.Be sure to run the configuration so we know it is good to go.



In this activity you will configure your ASA with outside, inside, and dmz vlans with configuration steps given below. Be sure to run the configuration so we know it is good to go.

From the CLI of the ASA 5505, update the firewall configuration.

1. Give the firewall hostname of ASA-AUSTIN


2. Create Vlan 1 as follows




1. interface name = inside


2. security-level = 100


3. ip address = XXXXXXXXXXclass B, not subnetted)




3. Create Vlan 2 as follows




1. interface name = outside


2. security-level = 0


3. ip address = XXXXXXXXXXclass C, not subnetted)




4. Create Vlan 3 as follows




1. no forwarding to vlan 1


2. interface name = dmz1


3. security-level = 55


4. ip address = XXXXXXXXXXclass B, not subnetted)




5. Assign ethernet0/0 to Vlan 2


6. Assign ethernet0/3 to Vlan 3


7. Enable the webvpn on the outside interface


8. Create these network objects with the given NAT




1. MktServer with host XXXXXXXXXXassign static nat XXXXXXXXXXhost is in dmz1


2. inside-net with subnet XXXXXXXXXXassign dynamic nat the outside interface IP for all hosts on the inside vlan


3. DocServer with host XXXXXXXXXXassign static nat XXXXXXXXXXhost is in the inside vlan




9. Create an object group of type service "webports" with the tcp ports 80 and 443


10. set default gateway for the firewall to XXXXXXXXXX


11. Create access-list "allow-inbound" with the following permissions




1. permit tcp access from any outside host to DocServer on port 80 and port 443


2. permit tcp access from any outside host to MktServer on port 80 and port 443


3. Permit icmp from any outside host to MktServer of message-type echo


4. Permit icmp from any outside host to the MktServer of message-type echo-reply




12. Apply the access-list "allow-inbound" to inbound traffic on the outside interface


13. Create the following users




1. spongebob, password=squarepants


2. pinky, password=thebrain




14. Modular Policy Framework




1. Create a class-map 'normal-traffic" to match default-inspection-traffic


2. Create a layer 7 policy map "dns-settings" to set parameters for dns inspection -- maximum message length 1024


3. Create a policy-map "ThePolicy"




1. Use the class "normal-traffic"


2. Inspect dns using the dns-settings map for added parameters


3. Inspect ftp, http, icmp, and tftp




4. Apply the policy map "global-policy" globally




15. Enable ssh from any host in the network XXXXXXXXXXoff the inside interface


16. Enable ssh from the host XXXXXXXXXXfrom outside of the firewall


17. Set SSH timeout to 45 seconds

Save the Config on the ASA