SlideShare a Scribd company logo

Configuring cisco asa and pix firewalls part2

Download as DOCX, PDF
IT Tech
IT Tech
Technology
1 of 5
How to Create a Cisco ASA or PIX Firewall-Part2 To create a firewall object to represent your Cisco ASA device, click on the “Create new firewall” icon in the main window of Firewall Builder, or right-click on the Firewalls system folder in the object tree and select "New Firewall". Either of these methods will launch a wizard that walks you through creating your firewall object. Enter a name for the firewall object. In this example we will use asa-1. Change the drop down menu for the firewall software to read “Cisco ASA (PIX)”. Figure 4. New Firewall Dialog Click the "Next >" button to continue to the next step in the wizard. When creating a firewall object in Firewall Builder you have a choice of configuring interfaces manually, or using SNMP discovery to gather configuration details from a running firewall. SNMP discovery requires you to have SNMP enabled on your firewall and to know either the Read-Only or Read-Write community string. For this example we are going to configure the firewall interfaces manually. Figure 5. Select Interface Configuration Method Click the "Next >" button to continue to the next step. The firewall object you create in Firewall Builder needs to match the Cisco ASA or PIX firewall that you want to deploy security policies on. This means that the interface names and IP addresses in the firewall object you create must exactly match what is configured on the ASA or PIX. Click the green icon to add a new interface to the firewall object. Enter the name of the interface exactly as it is shown on the ASA or PIX command line when you run the "show interface" command. In this example interfaces Ethernet0/0 through Ethernet0/7 are available, but we are only going to use interfaces Ethernet0/0 and Ethernet0/1. Set the interface name to Ethernet0/0 and set the label to outside. Click on the Add address button and set the IP address to 192.0.2.1 with a netmask of 255.255.255.240.
Figure 6. Set Interface IP Address Click the green icon to add another interface to the firewall object. Enter the information in to the wizard to match the second interface as follows: Figure 7. Interface Tabs Click the "Next >" button. Firewall Builder will automatically set the security level of the interface based on the interface label and IP address. The outside interface is set to security level 0 and the inside interface is set to security level 100. Figure 8. Interface Security Levels Click the "Finish" button to create the firewall object. After you create the firewall object representing the ASA or PIX, it is displayed in the object panel on the left side. The Policy object, where the access list rules are configured, is automatically opened in the main window. Figure 9. Firewall Displayed in Object Tree
4.1. Network Zones Firewall Builder uses a Network Zone concept to determine network topology and correctly create rules. Each firewall object interface has a corresponding Network Zone that must be set. The Network Zone represents the set of source IP networks sending traffic inbound to an interface. Figure 10. Network Zones Define Topology Note Warning! If you do not set the Network Zone, Firewall Builder will generate an error when you try to compile the firewall object to generate the configuration file. Outside Interface For the "outside" interface, Ethernet0/0 in this example, you will typically set the Network Zone to "Any". "Any" is defined to be all IP networks that aren't associated with any other interfaces. To set the Network Zone double-click the Ethernet0/0 interface object of the firewall object and select the Network Zone "Any" from the dropdown list. Figure 11. Setting Network Zone For The "outside" Interface
Inside Interface For the "inside" interface, and all other interfaces on the firewall object, you need to select a Network Zone based on the your network topology. In our firewall example object the "inside" interface is attached to the 10.10.10.0/24 network. Firewall Builder comes with a predefined object called net-10.0.0.0 which represents the 10.0.0.0 network. We will use this network for the "inside" interface Network Zone. Figure 12. Setting Network Zone For The "inside" Interface Note A Network Zone can be an individual Network object or a Group object that includes
multiple Network objects. For example, you must set the Network Zone to a Group object if your internal network uses the 10.0.0.0/8 and 172.16.0.0/16 networks. In this case you create a Group object, include network objects for both of these IP networks, and use this Group object as your "inside" interface's Network Zone. Before moving on you should save the data file containing the new firewall object just created. Do this by going to the "File -> Save As" menu item. Choose a name and location to save the file. More Related Cisco Firewall Tips: Cisco Guide: Migration of Cisco PIX 500 Series to Cisco ASA 5500 Series Cisco PIX Firewall Basics

Recommended

Creating a cisco asa or pix firewall
Creating a cisco asa or pix firewallCreating a cisco asa or pix firewall
Creating a cisco asa or pix firewallIT Tech
 
Pertinoswitching2
Pertinoswitching2Pertinoswitching2
Pertinoswitching2ddnoriega
 
Raspberry pi and AWS
Raspberry pi and AWSRaspberry pi and AWS
Raspberry pi and AWSFaisal Mehmood
 
Pertino screensharing
Pertino screensharingPertino screensharing
Pertino screensharingddnoriega
 
How to File Share on Mac
How to File Share on MacHow to File Share on Mac
How to File Share on MacPertino
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 

Recommended

Creating a cisco asa or pix firewall
Creating a cisco asa or pix firewallCreating a cisco asa or pix firewall
Creating a cisco asa or pix firewallIT Tech
 
Pertinoswitching2
Pertinoswitching2Pertinoswitching2
Pertinoswitching2ddnoriega
 
Raspberry pi and AWS
Raspberry pi and AWSRaspberry pi and AWS
Raspberry pi and AWSFaisal Mehmood
 
Pertino screensharing
Pertino screensharingPertino screensharing
Pertino screensharingddnoriega
 
How to File Share on Mac
How to File Share on MacHow to File Share on Mac
How to File Share on MacPertino
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Configuring cisco asa and pix firewalls part4
Configuring cisco asa and pix firewalls part4Configuring cisco asa and pix firewalls part4
Configuring cisco asa and pix firewalls part4IT Tech
 
Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3IT Tech
 
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdfHaseebAli795005
 
Assigning a static IP Address
Assigning a static IP AddressAssigning a static IP Address
Assigning a static IP Addressjuliemae123
 
A step by step guide to develop temperature sensor io t application using ibm...
A step by step guide to develop temperature sensor io t application using ibm...A step by step guide to develop temperature sensor io t application using ibm...
A step by step guide to develop temperature sensor io t application using ibm...Azilen Technologies Pvt. Ltd.
 
Wi fi ruckus config
Wi fi ruckus configWi fi ruckus config
Wi fi ruckus configtmukumba
 
Win7 settings
Win7 settingsWin7 settings
Win7 settingsARUNACHALAM MUTHIAH
 
Neutron kilo
Neutron kiloNeutron kilo
Neutron kiloLukas Korous
 
Assigning ip adress
Assigning ip adressAssigning ip adress
Assigning ip adressHiie XD
 
ASSIGNING A STATIC IP ADDRESS
ASSIGNING A STATIC IP ADDRESSASSIGNING A STATIC IP ADDRESS
ASSIGNING A STATIC IP ADDRESSdarshelle123
 
Assigning a static ip address
Assigning a static ip addressAssigning a static ip address
Assigning a static ip addressVimar Dohinog
 
Assigning IP Adressing
Assigning IP AdressingAssigning IP Adressing
Assigning IP AdressingAnthony Villanueva
 
Assigning a static ip address (e l jb)
Assigning a static ip address (e l jb)Assigning a static ip address (e l jb)
Assigning a static ip address (e l jb)jamesbryan072399
 
Lab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfLab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfHaseebAli795005
 
Configuring Windows 2000/XP IPsec for Site-to-Site VPN
Configuring Windows 2000/XP IPsec for Site-to-Site VPNConfiguring Windows 2000/XP IPsec for Site-to-Site VPN
Configuring Windows 2000/XP IPsec for Site-to-Site VPNwebhostingguy
 
Assigning a static By: jamesmalto
Assigning a static By: jamesmaltoAssigning a static By: jamesmalto
Assigning a static By: jamesmaltoMaltoSemaj
 
DeviceHub - First steps using Intel Edison
DeviceHub - First steps using Intel EdisonDeviceHub - First steps using Intel Edison
DeviceHub - First steps using Intel EdisonGabriel Arnautu
 
Air max5 and_mikrotik_router_board_connection_guide_revised
Air max5 and_mikrotik_router_board_connection_guide_revisedAir max5 and_mikrotik_router_board_connection_guide_revised
Air max5 and_mikrotik_router_board_connection_guide_revisedSlamet Achwandy
 
Laptop to mobile y5
Laptop to mobile y5Laptop to mobile y5
Laptop to mobile y5Pavithra Kattem
 
Setting up a WiFi Network v3
Setting up a WiFi Network v3Setting up a WiFi Network v3
Setting up a WiFi Network v3Ali Nezhad
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 

More Related Content

Similar to Configuring cisco asa and pix firewalls part2

Configuring cisco asa and pix firewalls part4
Configuring cisco asa and pix firewalls part4Configuring cisco asa and pix firewalls part4
Configuring cisco asa and pix firewalls part4IT Tech
 
Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3IT Tech
 
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdfHaseebAli795005
 
Assigning a static IP Address
Assigning a static IP AddressAssigning a static IP Address
Assigning a static IP Addressjuliemae123
 
A step by step guide to develop temperature sensor io t application using ibm...
A step by step guide to develop temperature sensor io t application using ibm...A step by step guide to develop temperature sensor io t application using ibm...
A step by step guide to develop temperature sensor io t application using ibm...Azilen Technologies Pvt. Ltd.
 
Wi fi ruckus config
Wi fi ruckus configWi fi ruckus config
Wi fi ruckus configtmukumba
 
Assigning ip adress
Assigning ip adressAssigning ip adress
Assigning ip adressHiie XD
 
ASSIGNING A STATIC IP ADDRESS
ASSIGNING A STATIC IP ADDRESSASSIGNING A STATIC IP ADDRESS
ASSIGNING A STATIC IP ADDRESSdarshelle123
 
Assigning a static ip address
Assigning a static ip addressAssigning a static ip address
Assigning a static ip addressVimar Dohinog
 
Assigning a static ip address (e l jb)
Assigning a static ip address (e l jb)Assigning a static ip address (e l jb)
Assigning a static ip address (e l jb)jamesbryan072399
 
Lab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfLab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfHaseebAli795005
 
Configuring Windows 2000/XP IPsec for Site-to-Site VPN
Configuring Windows 2000/XP IPsec for Site-to-Site VPNConfiguring Windows 2000/XP IPsec for Site-to-Site VPN
Configuring Windows 2000/XP IPsec for Site-to-Site VPNwebhostingguy
 
Assigning a static By: jamesmalto
Assigning a static By: jamesmaltoAssigning a static By: jamesmalto
Assigning a static By: jamesmaltoMaltoSemaj
 
DeviceHub - First steps using Intel Edison
DeviceHub - First steps using Intel EdisonDeviceHub - First steps using Intel Edison
DeviceHub - First steps using Intel EdisonGabriel Arnautu
 
Air max5 and_mikrotik_router_board_connection_guide_revised
Air max5 and_mikrotik_router_board_connection_guide_revisedAir max5 and_mikrotik_router_board_connection_guide_revised
Air max5 and_mikrotik_router_board_connection_guide_revisedSlamet Achwandy
 
Setting up a WiFi Network v3
Setting up a WiFi Network v3Setting up a WiFi Network v3
Setting up a WiFi Network v3Ali Nezhad
 

Similar to Configuring cisco asa and pix firewalls part2 (20)

Configuring cisco asa and pix firewalls part4
Configuring cisco asa and pix firewalls part4Configuring cisco asa and pix firewalls part4
Configuring cisco asa and pix firewalls part4
 
Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3
 
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
2.1.1.5 Packet Tracer - Create a Simple Network Using Packet Tracer (3).pdf
 
Assigning a static IP Address
Assigning a static IP AddressAssigning a static IP Address
Assigning a static IP Address
 
A step by step guide to develop temperature sensor io t application using ibm...
A step by step guide to develop temperature sensor io t application using ibm...A step by step guide to develop temperature sensor io t application using ibm...
A step by step guide to develop temperature sensor io t application using ibm...
 
Wi fi ruckus config
Wi fi ruckus configWi fi ruckus config
Wi fi ruckus config
 
Win7 settings
Win7 settingsWin7 settings
Win7 settings
 
Neutron kilo
Neutron kiloNeutron kilo
Neutron kilo
 
Assigning ip adress
Assigning ip adressAssigning ip adress
Assigning ip adress
 
ASSIGNING A STATIC IP ADDRESS
ASSIGNING A STATIC IP ADDRESSASSIGNING A STATIC IP ADDRESS
ASSIGNING A STATIC IP ADDRESS
 
Assigning a static ip address
Assigning a static ip addressAssigning a static ip address
Assigning a static ip address
 
Assigning IP Adressing
Assigning IP AdressingAssigning IP Adressing
Assigning IP Adressing
 
Assigning a static ip address (e l jb)
Assigning a static ip address (e l jb)Assigning a static ip address (e l jb)
Assigning a static ip address (e l jb)
 
Lab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfLab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdf
 
Configuring Windows 2000/XP IPsec for Site-to-Site VPN
Configuring Windows 2000/XP IPsec for Site-to-Site VPNConfiguring Windows 2000/XP IPsec for Site-to-Site VPN
Configuring Windows 2000/XP IPsec for Site-to-Site VPN
 
Assigning a static By: jamesmalto
Assigning a static By: jamesmaltoAssigning a static By: jamesmalto
Assigning a static By: jamesmalto
 
DeviceHub - First steps using Intel Edison
DeviceHub - First steps using Intel EdisonDeviceHub - First steps using Intel Edison
DeviceHub - First steps using Intel Edison
 
Air max5 and_mikrotik_router_board_connection_guide_revised
Air max5 and_mikrotik_router_board_connection_guide_revisedAir max5 and_mikrotik_router_board_connection_guide_revised
Air max5 and_mikrotik_router_board_connection_guide_revised
 
Laptop to mobile y5
Laptop to mobile y5Laptop to mobile y5
Laptop to mobile y5
 
Setting up a WiFi Network v3
Setting up a WiFi Network v3Setting up a WiFi Network v3
Setting up a WiFi Network v3
 

More from IT Tech

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 

More from IT Tech (20)

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 

Recently uploaded

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 

Recently uploaded (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 

Configuring cisco asa and pix firewalls part2

  • 1. How to Create a Cisco ASA or PIX Firewall-Part2 To create a firewall object to represent your Cisco ASA device, click on the “Create new firewall” icon in the main window of Firewall Builder, or right-click on the Firewalls system folder in the object tree and select "New Firewall". Either of these methods will launch a wizard that walks you through creating your firewall object. Enter a name for the firewall object. In this example we will use asa-1. Change the drop down menu for the firewall software to read “Cisco ASA (PIX)”. Figure 4. New Firewall Dialog Click the "Next >" button to continue to the next step in the wizard. When creating a firewall object in Firewall Builder you have a choice of configuring interfaces manually, or using SNMP discovery to gather configuration details from a running firewall. SNMP discovery requires you to have SNMP enabled on your firewall and to know either the Read-Only or Read-Write community string. For this example we are going to configure the firewall interfaces manually. Figure 5. Select Interface Configuration Method Click the "Next >" button to continue to the next step. The firewall object you create in Firewall Builder needs to match the Cisco ASA or PIX firewall that you want to deploy security policies on. This means that the interface names and IP addresses in the firewall object you create must exactly match what is configured on the ASA or PIX. Click the green icon to add a new interface to the firewall object. Enter the name of the interface exactly as it is shown on the ASA or PIX command line when you run the "show interface" command. In this example interfaces Ethernet0/0 through Ethernet0/7 are available, but we are only going to use interfaces Ethernet0/0 and Ethernet0/1. Set the interface name to Ethernet0/0 and set the label to outside. Click on the Add address button and set the IP address to 192.0.2.1 with a netmask of 255.255.255.240.
  • 2. Figure 6. Set Interface IP Address Click the green icon to add another interface to the firewall object. Enter the information in to the wizard to match the second interface as follows: Figure 7. Interface Tabs Click the "Next >" button. Firewall Builder will automatically set the security level of the interface based on the interface label and IP address. The outside interface is set to security level 0 and the inside interface is set to security level 100. Figure 8. Interface Security Levels Click the "Finish" button to create the firewall object. After you create the firewall object representing the ASA or PIX, it is displayed in the object panel on the left side. The Policy object, where the access list rules are configured, is automatically opened in the main window. Figure 9. Firewall Displayed in Object Tree
  • 3. 4.1. Network Zones Firewall Builder uses a Network Zone concept to determine network topology and correctly create rules. Each firewall object interface has a corresponding Network Zone that must be set. The Network Zone represents the set of source IP networks sending traffic inbound to an interface. Figure 10. Network Zones Define Topology Note Warning! If you do not set the Network Zone, Firewall Builder will generate an error when you try to compile the firewall object to generate the configuration file. Outside Interface For the "outside" interface, Ethernet0/0 in this example, you will typically set the Network Zone to "Any". "Any" is defined to be all IP networks that aren't associated with any other interfaces. To set the Network Zone double-click the Ethernet0/0 interface object of the firewall object and select the Network Zone "Any" from the dropdown list. Figure 11. Setting Network Zone For The "outside" Interface
  • 4. Inside Interface For the "inside" interface, and all other interfaces on the firewall object, you need to select a Network Zone based on the your network topology. In our firewall example object the "inside" interface is attached to the 10.10.10.0/24 network. Firewall Builder comes with a predefined object called net-10.0.0.0 which represents the 10.0.0.0 network. We will use this network for the "inside" interface Network Zone. Figure 12. Setting Network Zone For The "inside" Interface Note A Network Zone can be an individual Network object or a Group object that includes
  • 5. multiple Network objects. For example, you must set the Network Zone to a Group object if your internal network uses the 10.0.0.0/8 and 172.16.0.0/16 networks. In this case you create a Group object, include network objects for both of these IP networks, and use this Group object as your "inside" interface's Network Zone. Before moving on you should save the data file containing the new firewall object just created. Do this by going to the "File -> Save As" menu item. Choose a name and location to save the file. More Related Cisco Firewall Tips: Cisco Guide: Migration of Cisco PIX 500 Series to Cisco ASA 5500 Series Cisco PIX Firewall Basics