CLI Simple Cisco ASA/PIX Config

Written on February 2, 2008 – 8:25 am | by Yanurmal |

This config is for simple config ASA/PIX firewall with 2 network interface. One for outside (Internet) and other for inside (LAN). All traffic from internal to external is accepted. All traffic from external to internal is droped.

Requirement:
- Cisco ASA/PIX with 2 network interface
- IP Public/Outside IP Address (ie: 65.1.1.x)
- IP Private/Inside IP Address (ie: 192.168.1.x)
- Next hop/Gateway IP Address (ie: 65.1.1.1)
- PIX/ASA ver.7.x or above

Firewall> enable
Password:
Firewall#
Firewall# config terminal
Firewall(config)# interface Ethernet0
Firewall(config-if)# nameif outside
Firewall(config-if)# security-level 0
Firewall(config-if)# ip address 65.1.1.2 255.255.255.0
Firewall(config-if)# speed 100
Firewall(config-if)# duplex full
Firewall(config-if)# exit

Firewall(config)# interface Ethernet1
Firewall(config-if)# nameif inside
Firewall(config-if)# security-level 100
Firewall(config-if)# ip address 192.168.1.1 255.255.255.0
Firewall(config-if)# speed 100
Firewall(config-if)# duplex full

Firewall(config)# nat (inside) 1 0.0.0.0 0.0.0.0
Firewall(config)# global (outside) 1 65.1.1.3 netmask 255.255.255.224

Firewall(config)# route outside 0.0.0.0 0.0.0.0 65.1.1.1

Popularity: 96%

Share This Post

Related Posts

  • Activate ASDM as GUI Interface for Cisco ASA/PIX Firewall

    1. One Response to “CLI Simple Cisco ASA/PIX Config”

    2. By thais.gaspar on Jul 11, 2008 | Reply

      Hi All,

      Someone here can help with PIX 515e.
      I have this topology:
      outside 200.x.x.x
      outside2 200.x.x.x
      inside 11.x.x.x

      nat
      nat (inside) 0 access-list nonat
      nat (inside) 2 access-list xxx 0 0
      nat (inside) 1 10.0.0.0 255.0.0.0 0 0
      nat (dmz1) 1 192.x.x.x 255.255.255.0 0 0

      global
      global (outside) 2 200.x.x.x
      global (outside) 1 200.y.y.y
      global (outside2) 1 200.z.z.z

      I configure a new interface outside (outside2) to send the http traffic to the new internet connection. To do this I tried to create a new nat/pat, using the same inside interface and creating a new outside. But when i do this the other nat/pat stop to working.
      Only when I create a new default route in the pix that send all traffic to the outside2 the new nat/pat works, but the other nat/pats stop.

      Any help will be great.
      Thanks in advanced.

    You must be logged in to post a comment.

    Ads

    Find entries :