ASA (8.X version) firewall configuration instance

1, the external network for 1 fixed IP, do NAT let intranet share Internet.

G0: External network port: 192.168.0.4/24

Extranet Gateway: 192.168.0.1

G2: Intranet port (Gateway of intranet): 172.16.0.1/24

Only key commands are listed below:

Interface GigabitEthernet0

Nameif outside//designated external network port is outside

Security-level 10//Security level manually modified to 10, or it can be the default of 0

IP address 192.168.0.4 255.255.255.0

Interface GigabitEthernet2

Nameif inside//designated intranet port is inside

Security-level 100//The security level here is the default of 100

IP address 172.16.0.1 255.255.255.0

Object network in-net//Name an object for In-net

Nat (inside,outside) Dynamic interface//NAT, last INTERFCE means pat on port

Route outside 0.0.0.0 0.0.0.0 192.168.0.1 1//default route, i.e. gateway to extranet

Note: Because there is only one external network IP to do Pat, so do not need to do the outer network of the object network, only to do the intranet, and then with the NAT command.

2. Disable pinging the ASA extranet IP address from the outside network

It seems to do access-list prohibit ICMP packets, and then apply to the outside in and out direction do not work, in fact, as long as the global next command can be resolved.

ICMP deny any outside

This article is from "I'm Still alive" blog, please be sure to keep this source http://hujizhou.blog.51cto.com/514907/1869024

ASA (8.X version) firewall configuration instance