ASA (8.X version) firewall configuration instance

Source: Internet
Author: User

1, the external network for 1 fixed IP, do NAT let intranet share Internet.

G0: External network port: 192.168.0.4/24

Extranet Gateway: 192.168.0.1

G2: Intranet port (Gateway of intranet): 172.16.0.1/24

Only key commands are listed below:

Interface GigabitEthernet0

Nameif outside//designated external network port is outside

Security-level 10//Security level manually modified to 10, or it can be the default of 0

IP address 192.168.0.4 255.255.255.0


Interface GigabitEthernet2

Nameif inside//designated intranet port is inside

Security-level 100//The security level here is the default of 100

IP address 172.16.0.1 255.255.255.0


Object network in-net//Name an object for In-net

Nat (inside,outside) Dynamic interface//NAT, last INTERFCE means pat on port


Route outside 0.0.0.0 0.0.0.0 192.168.0.1 1//default route, i.e. gateway to extranet

Note: Because there is only one external network IP to do Pat, so do not need to do the outer network of the object network, only to do the intranet, and then with the NAT command.

2. Disable pinging the ASA extranet IP address from the outside network

It seems to do access-list prohibit ICMP packets, and then apply to the outside in and out direction do not work, in fact, as long as the global next command can be resolved.

ICMP deny any outside


This article is from "I'm Still alive" blog, please be sure to keep this source http://hujizhou.blog.51cto.com/514907/1869024

ASA (8.X version) firewall configuration instance

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.