Scribd Logo
Upload

Welcome to Scribd!

  • ASA Objetos

    Uploaded by

    jerep_15
    58 views8 pages
    The document discusses the configuration of basic objects on an ASA firewall including: 1. Creating network objects to define internal networks, DMZ networks, and individual hosts. 2. Creating service objects and object groups to define common protocols and ports like TCP, HTTP, HTTPS, DNS, LDAP and RADIUS. 3. Creating protocol objects and groups to allow TCP, UDP, and ICMP traffic.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the configuration of basic objects on an ASA firewall including: 1. Creating network objects to define internal networks, DMZ networks, and individual hosts. 2. Creating service objects and object groups to define common protocols and ports like TCP, HTTP, HTTPS, DNS, LDAP and RADIUS. 3. Creating protocol objects and groups to allow TCP, UDP, and ICMP traffic.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    58 views8 pages

    ASA Objetos

    Uploaded by

    jerep_15
    The document discusses the configuration of basic objects on an ASA firewall including: 1. Creating network objects to define internal networks, DMZ networks, and individual hosts. 2. Creating service objects and object groups to define common protocols and ports like TCP, HTTP, HTTPS, DNS, LDAP and RADIUS. 3. Creating protocol objects and groups to allow TCP, UDP, and ICMP traffic.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    El Router

    ASA

    Profesor

    : Ing. Italo Chinchay

    El Router
    Configuracin bsica del ASA 1) Interfaces:

    Interface fa 0/0 nameif OUTSIDE ip add 150.1.1..2 255.255.255.240 level-security 0


    Interface fa 0/1 nameif INSIDE ip add 192.168.1.1 255.255.255.0 level-security 100 Interface fa 0/2 nameif DMZ ip add 10.10.10.1 255.255.255.0 level-security 50

    2) Crear objetos bsicos:


    Object network RED-INTERNA subnet 192.168.1.0 255.255.255.0 Object network RED-DMZ subnet 10.10.10.0 255.255.255.0 Object network SRV1 host 10.10.10.25 Object network SRV2 host 10.10.10.80

    3) NAT dinmico bsico: Object network RED-INTERNA nat (INSIDE, OUTSIDE) dynamic interface Object network RED-DMZ nat (DMZ, OUTSIDE) dynamic interface 4) NAT esttico bsico: Object network SRV1 nat (DMZ, OUTSIDE) static 150.1.1.4

    El Router
    5) Crear objetos de servicios: Object-group service TCP_WEB tcp port-object eq 80 port-object eq 443

    6) Crear una ACL para permitir trfico desde el OUTSIDE: access-list OUTSIDE_access_in extended permit tcp any object SRV1 object-group TCP_WEB

    7) Aplicar la ACL a la interface: access-group OUTSIDE_access_in in interface OUTSIDE

    El Router
    8) Port Forwarding: object network INSIDE_HOST host 192.168.1.5 nat (INSIDE,OUTSIDE) static interface service 26883 26883

    El Router

    ASA: objetos de Red


    hostname (config)# object network OBJECT1 hostname (config-network-object)# host 10.2.2.2 hostname (config)# object-group network admins hostname (config-protocol)# description Administrator Addresses hostname (config-protocol)# network-object host 10.2.2.4 hostname (config-protocol)# network-object host 10.2.2.78 hostname (config-protocol)# network-object host 10.2.2.34 Create network object groups for privileged users from various departments by entering the following commands: hostname (config)# object-group network eng hostname (config-network)# network-object host 10.1.1.5 hostname (config-network)# network-object host 10.1.1.9 hostname (config-network)# network-object host 10.1.1.89 hostname (config)# object-group network hr hostname (config-network)# network-object host 10.1.2.8 hostname (config-network)# network-object host 10.1.2.12 hostname (config)# object-group network finance hostname (config-network)# network-object host 10.1.4.89 hostname (config-network)# network-object host 10.1.4.100 You then nest all three groups together as follows: hostname (config)# object-group network admin hostname (config-network)# group-object eng hostname (config-network)# group-object hr hostname (config-network)# group-object finance

    El Router

    ASA: objetos de servicios


    hostname (config)# object service SERVOBJECT1 hostname (config-service-object)# service tcp source eq www destination eq ssh The following example shows how to add both TCP and UDP services to a service object group: hostname(config)# object-group service CommonApps hostname(config-service-object-group)# service-object destination tcp eq ftp hostname(config-service-object-group)# service-object destination tcp-udp eq www hostname(config-service-object-group)# service-object destination tcp eq h323 hostname(config-service-object-group)# service-object destination tcp eq https hostname(config-service-object-group)# service-object destination udp eq ntp The following example shows how to add multiple service objects to a service object group: hostname(config)# service object SSH hostname(config-service-object)# service tcp destination eq ssh hostname(config)# service object EIGRP hostname(config-service-object)# service eigrp

    hostname(config)# service object HTTPS hostname(config-service-object)# service tcp source range 0 1024 destination eq https
    hostname(config)# object-group service Group1 hostname(config-service-object-group)# service-object object SSH hostname(config-service-object-group)# service-object object EIGRP hostname(config-service-object-group)# service-object object HTTPS

    El Router Componentes internos de un router


    To create service groups that include DNS (TCP/UDP), LDAP (TCP), and RADIUS (UDP), enter the following commands: hostname (config)# object-group service services1 tcp-udp hostname (config-service)# description DNS Group hostname (config-service)# port-object eq domain

    hostname (config)# object-group service services2 udp hostname (config-service)# description RADIUS Group hostname (config-service)# port-object eq radius hostname (config-service)# port-object eq radius-acct
    hostname (config)# object-group service services3 tcp hostname (config-service)# description LDAP Group hostname (config-service)# port-object eq ldap

    hostname (config)# object-group icmp-type ping hostname (config-service)# description Ping Group hostname (config-service)# icmp-object echo hostname (config-service)# icmp-object echo-reply

    El Router

    hostname (config)# object-group protocol tcp_udp_icmp hostname (config-protocol)# protocol-object tcp hostname (config-protocol)# protocol-object udp hostname (config-protocol)# protocol-object icmp

    You might also like