Hi @SCMcDonLon - lot of config in ASA setup - hope you managed to get your's working too if you were configuring aswell. All the very best. Greg

Hi @user-xe5hr5sr2f - Wow, thank you! Glad you found them useful! Thanks for the feedback. Greg

Thanks for your words of encouragement David!

Thanks for the feedback and hoping to make some more videos over the summer

Your welcome 👍

Thanks for feedback- I haven’t tested this with software version 8.3 - much appreciated 👍

Glad you like them!

Thanks for the feedback Cameron - will definitely look into timestamps in the future

Glad you like them and thanks for your feedback!

Thanks for your feedback @Asiedu Desmond

Thanks Samiul! Glad it helped

Thanks for watching! Glad it helped @Mr.roulette

@@GregSouth it did help me sir

Thanks Gul. Glad it helped.

Glad you liked it Mohor! Thanks for viewing-Greg

Hi there, on the ASA, we first create a class map to identify traffic, policy maps to identify actions you are going to take on the traffic and service polices are needed to implement the policy. In our case, we wish to allow ICMP (ping requests) traffic to travel from inside zone to outside zone and then also to allow legitimate icmp traffic to return back - in our case ping replies. Also, important to note we are also going from a higher security level 100 (inside zone) to lower security level 0 (outside zone) . Then later in the exercise (in this video), we create an additional access list to allow traffic from outside to travel to the DMZ zone to one specific server host only. Note: this traffic goes from security level 100 (outside zone) to security level 70 (dmz zone). So initial traffic to dmz server, from the untrusted Ineernet is not allowed by default and this is why we need the additional ACL. So in summary, we are doing two different access control changes. I hope this helps, Greg

Thanks for watching/ listening

You're welcome! Thanks for the feedback @KhaDija BOU

Hi Calvin, if you configure interface vlan 3, ip address 192.168.2.1 255.255.255.0 and then don't add in no forward interface vlan 1, you will be met by the following error "ERROR: This license does not allow configuring more than 2 interfaces with nameif and without a "no forward" command on this interface or on 1 interface(s) with nameif already configured." Best regards, Greg

Hi Nasar, I have some videos on AWS and you could check these out as you may find these helpful. Thanks, Greg

@@GregSouth thanks for that Greg your videos are really helpful. Could you provide me with a link to your AWS videos thanks

My pleasure Ahmed! Glad it was useful, Thanks, Greg

Welcome 😊

Hi Juan, what version of Packet Tracer are you using? These exercises were developed and tested on version 7.3. Thanks Greg

Hi @Elluel Elf, The 209.165.200.227 is a public IPv4 address (that’s chosen in this simulation). This would typically be provided to an organisation from an ISP. It allows for a PC/device on the outside network e.g. the Internet to access an internal server that is located in our case in our DMZ network. In simple terms, it allows people using devices to access our web server from the Internet.

@@GregSouth I see, I've understood now. Thanks for the explanation!

Hi Mohammad, if you would like to access the DMZ Web Server from inside host e.g PC-B - add the inspection of HTTP traffic to the policy map and then open a browser in PC-B and put in the IP address of 192.168.2.3 and this should display web server home page. (I walk through how to setup ICMP traffic in the video - it is just one additional statement (inspect http) and this will then work. I hope this helps, Greg

Hi Jean! Squeezed it into four videos

Hi Sacinthaka, I squeezed it down to four videos so that was actually the last one! Hope these helped. Thanks, Greg

@@GregSouth yes, i didnt see thanks for this videos

Thanks Adam - glad you liked video