Understanding Command Base 8 in a safety device Cisco ASA
There are literally thousands of commands and sub-commands available to configure a device Cisco security. As they acquire knowledge of the device, which will increasingly use the commands. Initially, however, there are only a few commands needed to configure basic functionality on the device. Basic functionality is defined as allowing inside hosts to access outside hosts, but not allowing that external users to access hosts inside. In addition, management should be allowed at least one inside host. Here are eight basic commands:
** ** Interface
The interface command identifies the hardware interface or VLAN interface configured. Once in the interface configuration mode, you can switchports assign physical interfaces and allow them (the lights) or you can assign names and security levels to VLAN interfaces.
** ** Nameif
The nameif command gives the interface a name and assigns a security level. Typical names are outside, inside, or DMZ.
** Level of security **
The security levels are used by the device to control the flow of traffic. The traffic flow is allowed to interface with higher security levels to interfaces with lower levels of security, but not the other way. Access to records should be used to allow traffic to flow at low levels of security higher levels of security. Security levels range from 0 to 100. The default security level for an external interface is 0. For inside an interface, the default security level is 100.
In the following example configuration, the command interface was first used in the name of the VLAN interfaces inside and outside, then the interface is called DMZ and security level of 50 assigned.
ciscoasa (config) # interface vlan1
ciscoasa (config) # nameif inside
INFORMATION: Security level for "inside" set to 100 by default.
ciscoasa (config) # interface vlan2
ciscoasa (config) # nameif outside
INFORMATION: Security level "out of range to 0 by default.
ciscoasa (config) # interface VLAN3
ciscoasa (config) # nameif DMZ
ciscoasa (config) Security # level 50
** ** IP address
The command of the IP address is assigned an IP address to a VLAN interface either statically or as is a DHCP client. With modern versions of software security appliance, it is not necessary to explicitly configure default subnet masks. If you are using non-standard masks, you must explicitly configure the mask, but otherwise it is not necessary.
In the following example configuration, an IP address assigned to VLAN 1, the inside interface.
ciscoasa (config) # interface VLAN 1
ciscoasa (config) # ip address 192.168.1.1
** switchport access **
The command switchport access to the ASA 5505 security appliance assigns a physical interface to a logical (VLAN) interface. In the following example, command interface is used to identify physical interfaces, assign them to switchports on the equipment, and allow them (the lights) by using the stop "no" statement.
ciscoasa (config) # interface ethernet 0 / 0
ciscoasa (config) # switchport access vlan 2
ciscoasa (config) # no shutdown
ciscoasa (config) # interface ethernet 0 / 1
ciscoasa (config) # switchport access vlan 1
ciscoasa (config) # no shutdown
nat ** **
The nat command enables network address translation on the specified interface to the specified subnet.
In this example, configuring NAT is enabled on the interface within machine of subnetwork 192.168.1.0/24. The number "1" is the NAT ID which will be used by the global command to associate a global address or pool with the directions inside. (Note: NAT 0 is used to prevent the specified group of addresses to be translated.)
ciscoasa (config) # nat (inside) 1 192.168.1.0 255.255.255.0
** ** World
The global command works in conjunction with the command nat. Identifies the interface (usually outside) through which traffic from hosts nat'ed (usually within hosts) must flow. It also identifies the overall direction nat'ed hosts will use to connect to the outside world.
In the following example, the hosts associated with NAT ID 1 will use the global address 12.3.4.5 on the external interface.
ciscoasa (config) # global (outside) 1 12.3.4.5
In this additional example of using the order "worldwide", says the declaration of the interface that hosts the firewall associated with NAT ID 1 will use the DHCP-assigned global address on the external interface.
ciscoasa (config) # global (outside) 1 interface
** ** Route
The route command, as most basic, you assign a default route for traffic, usually a router from your ISP. It can also be used in conjunction with access lists to send certain types of traffic to specific hosts on specific subnets.
In this sample configuration, the route command is used to configure a default route to the ISP router at 12.3.4.6. The two zeroes before the ISP's router address are shorthand for an IP address of 0.0.0.0 and a mask of 0.0.0.0. The statement outside identifies the interface through which the flow of traffic to get to the default route.
ciscoasa (config) # route outside 0 0 12.3.4.6
The above commands create a very basic firewall, but frankly, using a sophisticated device such as a Cisco PIX and ASA security device to perform the functions basic firewall is an exaggeration. Other commands to use include hostname to identify the firewall, telnet or SSH to allow remote administration, DHCPD commands to allow the firewall to assign IP addresses to hosts within and static route and access-list commands to allow internal hosts such as Web servers or DMZ DMZ mail servers to be accessible to Internet hosts.
About the Author
Did you find this article useful? For more useful tips and hints, points to ponder and keep in mind, techniques, and insights pertaining to credit card, do please browse for more information at our websites.
http://www.yoursgoogleincome.com
http://www.freeearningtip.com
What is the best firewall?
I have to buy a new firewall for our small businesses. I was doing a reading of about few products. I would like to know your opinion. The basic use of the firewall is to protect the internal network has VPN capability and be able to route to a DMZ. Here are my choices: 1) Sonicwall 2040/3060 series of 2) Cisco ASA 5510 3) Cisco PIX 515
Sonicwalls always worked well for customers I have worked, but Cisco is a large superpower in the networking industry. If I had to choose, I probably would go with Cisco, if you have someone who knows how to configure it.
 |
 Cisco Systems Secure PIX 506 Firewall untested  US $.99 |  Cisco PIX 515E UR BUN Firewall Unrestricted US $442.60 |  Cisco Pix 515E Firewall 47 10539 02 New In Box US $49.95 |
 Cisco PIX 515E Firewall VPN 6XFE Ports Failover Only License US $49.99 |  Cisco PIX 515E Firewall w Cisco 320130 05E SafeNet SAFEXCEL 241PCI 2 Power Cord US $69.99 |  Cisco PIX 501 Firewall US $9.99 |
 CISCO PIX 515 515E FIREWALL VPN US $49.99 |  Cisco PIX 506E Firewall US $100.00 |  Cisco PIX 525 VPN Firewall 10xFE FO License 635 US $49.99 |
 Cisco PIX 525 VPN Firewall 10xFE UR License 635 US $89.99 |  Cisco PIX Firewall 501 US $25.00 |  Cisco Systems PIX Firewall Series PIX 520 Network Router Security System US $9.99 |
 CISCO PIX 515 Ver Aug 08 804 30 days Warranty US $799.99 |  3U Rack Mount Ears For Cisco Pix Firewall 69 0467 01 US $7.99 |  Cisco PIX 515E Firewall Security Appliance US $89.00 |
 Cisco PIX 4FE 32 bit 33 Mhz 4 Port Fast Ethernet Adapter 124040 01 US $14.99 |  CISCO PIX 515E FIREWALL W POWER SUPPLY P N 47 13726 01 US $24.99 |  Cisco Secure PIX 506 Firewall US $24.99 |
 Cisco PIX 501 Network FirewallNo power adapter US $9.99 |  CCSP SECUR Exam Certification Guide by Greg Bastien US $16.00 |  Cisco PIX 520 Firewall Security appliance US $224.99 |
 Cisco Pix 525 Firewall US $15.99 |  Cisco PIX 525 VPN Firewall 8xFE FO License 634123 US $49.99 |  Cisco Secure PIX 525 Series FireWall 29779 309 US $.99 |
 Cisco PIX 515E Firewall US $69.99 |  CISCO PIX 506E FIREWALL SECURITY APPLIANCE VPN 3DES AES US $31.99 |  Cisco PIX 501 UL BUN K9 UNLIMITED User US $200.00 |
 Cisco PIX 515E Security Appliance Rack ears included US $350.00 |  Cisco PIX 515E Firewall 10 100 Ethernet Network 1U Used US $99.99 |  Cisco Pix 525 VPN Firewall FO License 2xFE US $39.99 |
 Cisco PIX 515E R DMZ BUN Firewall 64MB 1FE US $150.00 |  CISCO FIREWALL PIX515E UR BUN 128MB 16MBFLASH 4FE US $175.00 |  Cisco PIX 515E Firewall VPN FO License 64mb 6xFE Ports US $49.99 |
 Cisco Pix 501 Firewall US $9.99 |  Cisco PIX 506E Security Firewall w AC Adapter WORKING FREE SHIPPING US $49.99 |  Cisco PIX 515 Firewall Security Appliance TESTED US $.01 |
 LOT OF 6 CISCO PIX 501 SERIES FIREWALL SECURITY DEVICE AS IS US $19.99 |  CISCO PIX 515 Networking Security FIREWALL US $27.99 |  Cisco PIX 525 UR BUN PIX 525 Firewall Security appliance US $99.99 |
 CISCO PIX 501 FIREWALL SECURITY APPLIANCE US $31.99 |  Cisco PIX 525 Firewall Security Appliance US $24.99 |  7x Cisco Systems PIX 515 Firewall US $49.99 |
 Cisco PIX 525 VPN Firewall License 10xFE US $99.99 |  CISCO PIX 506E SECURITY FIREWALL – P N 47 13727 01 USED US $.99 |  Cisco PIX 506E Firewall VPN 3DES AES Unlimited US $.99 |
| Powered by phpBay Pro |
 | Cisco ASA5505-PWR-AC Power Adapter for ASA 5505 Router List Price:  |
DescriptionCisco® announces the end-of-sale and end-of life dates for the Cisco PIX Security Appliance Cards and Hardware Accessories. The last day to order the affected product(s) is January 27, 2009. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin... |
 | Cisco Unrestricted PIX Firewall 515 |
DescriptionThe Cisco® PIX® 515E Security Appliance delivers a wealth of advanced security and networking services for small-to-medium business and enterprise networks, in a modular, purpose-built appliance. Its versatile one-rack unit (1RU) design supports up to six 10/100 Fast Ethernet interfaces, making it an excellent choice for businesses requiring a cost-effective, resilient security solution with DMZ support. |
 | Cisco PIX 501 10-50 User Upgrade Software License ( PIX-501-SW-10-50= ) List Price: |
DescriptionPIX 501 10 TO 50U UPGRADE |
 | Cisco ASA5505-BUN-K9 ASA 5505 10 User Security Appliance List Price: |
DescriptionThe Cisco ASA 5505 Adaptive Security Appliance is a next-generation, full-featured security appliance for small business, branch office, and enterprise teleworker environments that delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, "plug-and-play" appliance... |
 | Cisco ASA5505-50-BUN-K9 Asa 5505 Security Appliance List Price: |
DescriptionThe Cisco ASA 5505 Adaptive Security Appliance is a next-generation, full-featured security appliance for small business, branch office, and enterprise teleworker environments that delivers high-performance firewall, SSL and IPsec VPN, and rich networking services in a modular, "plug-and-play" appliance... |
 | Cisco Wireless-N VPN Firewall - Router List Price: |
DescriptionCisco RV 120W Wireless-N VPN Firewall combines secure connectivityto the Internet, site to site, and remote accesswith a high-speed, 802.11n wireless access point, a 4-port switch, and an intuitive, browser-based device manager, along with support for Cisco FindIT, a free network discovery utility. |
 | The Accidental Administrator: Cisco ASA Security Appliance: A Step-by-Step Configuration Guide List Price: |
DescriptionThe Accidental Administrator: Cisco ASA Step-by-Step Configuration Guide is packed with 56 easy-to-follow hands-on exercises to help you build a working firewall configuration from scratch. Based on software version 8... |
Configure a Cisco ASA as a Transparent Firewall
Tags: cisco, cisco pix firewall 501, cisco pix firewall and vpn configuration guide, cisco pix firewall command reference, cisco pix firewall configuration, cisco pix firewalls, firewall, networking, pix, security