Pages

Sunday, December 20, 2015

ASA(Adaptive Security Appliance) and ASDM(Adaptive Security Device Manager) Essentials



Basic Checks:
Versions and image, certificates like self-signed which is temporary, Access allowed like SSH, user auth etc.

Certificates Options:
Temporary Self-signed
Permanent Self-signed
Permanent from CA

Configuring :
Security Levels and Other Interfaces
NAT and DHCP Services

Verification
To check Licensing on ASDM
Config -> Device Management -> Licensing -> Activation Key

To check boot image :
Config -> Device Management -> System Image -> Boot Image

To check management access :
Config -> Device Management -> Management Access -> ASDM/https/telnet/ssh

To allow http and ssh on inside interface
http 10.0.0.0 255.255.255.0 inside
ssh 10.0.0.0 255.255.255.0 inside

Lets create some users under LOCAL on ASA
Config -> device mgmt -> Users/AAA -> user accounts

CLI :
username admin password XXXXXXX encrypted privilege 15

Now for http and ssh access use LOCAL database
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL

Certificate Options:
Config -> device mgmt -> certificate mgmt -> Identity cert

We can have inside host as dhcp server so that it can assign ip address to outside clients.
We can also configure NAT. Anybody coming from 10.0.0.0 network and going to internet from outside interface translates the source ip address

The router is doing some basic NAT as well for the 192.168.1.0/24 address space.

To verify routing :
Monitoring -> Routing -> Routes

To configure NAT:
Config -> Firewall -> NAT

nat (inside, outside) 1 source dynamic any interface
#nat from inside to outside coming from any ip, pat on outside interface.

Configure DHCP server:
config -> device mgmt -> dhcp-> dhcpserver

dhcpd address 10.0.0.51-10.0.0.60 inside
dhcpd enable inside
dhcpd dns 8.8.8.8 interface inside















No comments:

Post a Comment