Configuring an ASA Firewall on Cisco Packet Tracer

Configuring an ASA Firewall on Cisco Packet Tracer - Part One

Рет қаралды 117,185

Күн бұрын

Пікірлер: 86

@SecretPotato4123 3 жыл бұрын

This is really good, you're teaching people your knowledge for free and in a really well explained way, thank you for this!

@GregSouth 3 жыл бұрын

You’re welcome Jordan-thanks for the feedback!

@thepuldarshana9056 Жыл бұрын

I like this tutorial. explains clearly and very in detail . feel like in a class. thanks

@GregSouth Жыл бұрын

Glad it was helpful!

@adrianspataru1408 Жыл бұрын

thanks for the video and for sharing your knowledge with us. Verry well structured, the only minus is the fact that you are not using a dedicated microphone. Thank you.

@GregSouth Жыл бұрын

Hi @@adrianspataru1408 - thank you! I'll try to improve the sound quality in future - thanks for your feedback.

@jean-lucpicard5510 2 жыл бұрын

Trying to re-create this on PT. are the Serial cables DCE or DTE? Nevermind I see the clock symbol.

@Better403 3 жыл бұрын

Thank you so much, you helped me to finish my graduation project.

@GregSouth 3 жыл бұрын

Glad I could help!

@jean-lucpicard5510 2 жыл бұрын

@@GregSouth Using this as my Final Year Project at college.

@galaxyspace4077 Жыл бұрын

your teaching method is so clear and understandable . can you do a tutorial with ASA active / stand by Fail over with GNS3 (since fail over not supportive with packet tracer)

@GregSouth Жыл бұрын

Great suggestion! Unfortunately I just don’t get the time at present to do any recordings but when I do in the future- il keep this suggestion in mind- thank you

@sergeattia2866 Жыл бұрын

Bonjour, Depuis la La France Thank you very much for the labs and TP. It helps us a lot. I really appreciate With you all these concepts become understandable excellent teaching, many thanks Please also provide the basic files This allows us to get to the point Thank you Regards

@GregSouth 11 ай бұрын

Thank you - files are below videos usually in first video - all the best , Greg

@ahmed00777 3 жыл бұрын

Great free training man

@GregSouth 3 жыл бұрын

Glad you like it and thanks for the feedback Ahmed!

@lemon2524 Жыл бұрын

This is a beneficial video for me thank you.

@GregSouth Жыл бұрын

Glad it was helpful!

@AT-sj1wl Жыл бұрын

Good evening, I know this video is from a few years back but I was wondering if it was possible to create Vlan's on the firewall? Or can I only do that for switches?

@jonathanbeya465 2 жыл бұрын

Very useful tuto. Is there a way of connecting more than 2 PCs without a switch ?

@GregSouth Жыл бұрын

Hi Jonathan, Yes, in packet tracer this can be implemented. Add two PC's, connect with a cross over cable (dashed line) - add IP address to each PC e.g. PC1-192.168.1.1 subnet mask 255.255.255.0 and PC2-192.168.1.2 subnet mask 255.255.255.0 and go into command prompt on PC1 and ping from PC1 to PC2 (e.g. ping 192.168.1.2) - you should see replies so you know you have layer 3 connectivity. Hope this helps and all the best, Greg

@scott2495 3 жыл бұрын

I was asking myself why have you assigned .226 to the outside interface on the asa then next thing you answered my question! Good video!

@mouvratha 2 жыл бұрын

great video lesson bro, subscribed

@GregSouth 2 жыл бұрын

Thanks Mouv! Glad video helped.

@patrickjones2843 Жыл бұрын

Great videos! I'm currently shopping for a midrange firewall and I'm most comfortable with Palo Altos but they are going to be way to expensive at current mid size company. I would like to find a good upgrade from the Sonic Firewall TZ400 Series that has central management in a GUI suitable for about 100-150 people. ANyone have any suggestions? There's so many options but its like I'd have to call each company becuase some you just buy the box and maybe RMA support and some your forced into licensing. Even if I could determine the best Gen 7 Sonic Firewall to go with for that 100-150 user base would be great. (Currently on Gen6 Sonic Wall TZ400W) I'm inheriting all of this and my boss is great and know a decent amount but we are kinda walking tight ropes with price and scalibility and we heard the Dream Wall might not be good option for Mid Range.

@GregSouth Жыл бұрын

Thanks for the feedback on my videos Patrick and hope you made some progress with your shopping for a firewall. All the best, Greg

@Zero_VIII 3 жыл бұрын

There are any chance to get the base of the project (all the devices connected)? So i can follow you step by step in your lessons?

@GregSouth 3 жыл бұрын

Hi @blackshadow93 _ - I link in the top of the video to the Packet Tracer file with original setup - here is the link for convenience. All the best, Greg. bit.ly/38o8Dxf

@Zero_VIII 3 жыл бұрын

@@GregSouth thanks a lot Greg, and compliments for those video!

@saltech2024 3 жыл бұрын

Hi Thank you.... Your videos have helped me a lot but I'm facing problem with my final year project more specifically asa policy inspections.... icmp, http, dns, ftp, VoIP etc.

@GregSouth 3 жыл бұрын

Hi Ibrahim, glad they helped - if you can understand this example using ICMP - I believe you will be fine to do more policy inspections such as the one's you mention...good luck with your project and thanks for watching. Greg

@watora_mari 5 ай бұрын

Level 1 teaching, thanks. I couldn’t finish it though. Too much of talking. It’s good for someone on level 1. Keep it up

@GregSouth 5 ай бұрын

Hi @watora_mari - Glad it helped! There are other parts to this (that follow on from part one) if it helps. All the very best. Greg

@arjunadityarastogi2118 2 жыл бұрын

hi greg, thanks for what you are doing My outside vlan's status shows down, how should I "up" it?

@GregSouth 2 жыл бұрын

Hi @Arjun - It's difficult to tell why the outside VLAN is down without seeing your actual network design. Here is a couple of reasons why is could be down - is there a cable connected to Et0/0 on the ASA and is the device it's connected to powered on (interface not shutdown on router) ? Another way to solve this is to view my original network setup - Have you taken a look at the exercise file I've uploaded?This provides the original network topology. When you open this the VLAN status is already set to up, up. Hope this helps, Greg - please find link here - bit.ly/38o8Dxf

@arjunadityarastogi2118 2 жыл бұрын

@@GregSouth hi again greg, As it turned out, I did not issue the no shutdown command on the router's side of the line. Thts why the line protocol was down. But thank you anyways, you helped me with my assignment that day ✨

@GregSouth 2 жыл бұрын

@@arjunadityarastogi2118 - pleased that you spotted the issue and got it fixed. Well done

@rayane2290 3 жыл бұрын

packet tracer , nowadays, still good ? for all network devices including cloud engineering versus GNS3 ?

@GregSouth 2 жыл бұрын

Hi Ray, depends on the context. Packet Tracer is a great learning tool. It is a simulator and it’s a great tool in my opinion for understanding protocols(particularly for new students getting started in networking ).Excellent learning tool for ccna . Gns3 is also very useful tool - requires a little more effort to setup (need ios images etc) but also a great tool for learning and emulating networks - useful in my opinion for more detailed learning(progressing to ccnp etc)

@rayane2290 2 жыл бұрын

@@GregSouth ok i understand Well. Thank yor for your effort in answer.

@galaxyspace4077 Жыл бұрын

Hi, why do you assign IP addresses to 'inside if' and 'outside' via vlans ? . why cant you assign those directly to physical interfaces ? is it possible ? thanks

@jamesbond-cx2uh 4 жыл бұрын

How do i ping or access devices behind the firewall ( from outside to inside)?

@GregSouth 4 жыл бұрын

Hi James, why would you want to do this? Initial traffic from outside to inside is untrusted and should not be passed by the firewall. The firewall is there to block / filter traffic coming from outside to inside. I show in the following video how to allow from outside to DMZ - which is better security practice. kzbin.info/www/bejne/pnO6Yotsp5qehK8 - if you wish to allow outside to inside for testing purposes i have created a document here bit.ly/38o8Dxf and i also show the completed solution (but again this is only for Packet Tracer testing purposes and would not be recommended as I mention for the above reasons).

@a.j.5475 2 жыл бұрын

You are using 2 vlans, one is number 1, the default. Which ports did you trunk or how did you get the vlans communicate to eachtother if you didnt use trunk?

@GregSouth 2 жыл бұрын

Hi A.J. - vlans are not set to trunk. You will notice I setup a default static route on the ASA outside interface to enable the ASA to reach external networks and additionally setup NAT. OSPF is already setup on Router 1,2,3 so traffic will be able to be routed back to the ASA. Hope this helps, Greg

@mellluxe7826 2 жыл бұрын

Hi, What is I have many vlans inside of the internal network? how would I configure it? I need help with my project. Is there any way to contact you?

@GregSouth 2 жыл бұрын

Hi @Mell Luxe, unfortunately Packet Tracer and ASA specifically is limited in the amount of VLANs you can create (due to licenses) and the fact it's a simulator. My best advice here would be to create an ASA setup similar to the videos I demo and then for other sites to use a normal router and add extra functionality for security such as Access Control lists, VLANs and VPN etc etc to provide extra security in depth. Hope this helps and all the best with your project. Thanks, Greg

@SharvApte-ml5gc Жыл бұрын

Thank you sir for this tutorial. Can you pls provide PKT file ?

@GregSouth Жыл бұрын

Glad you liked it. Yes, Packet Tracer file it is provided here. bit.ly/38o8Dxf

@AbbasAbidi-c8l 8 ай бұрын

Bro where is part 5, i can not access DMZ from internet, when a 7200 router is in between asa firewall and that 7200 cisco router is connected to IPS

@GrimReaper2121 2 жыл бұрын

Hello Richard Madden, I was wondering if you have the router configurations for this packet tracer? You can copy and paste them here as a reply. I would greatly appreciate it. I have been in the network field for over 8 years and if one doesn't use their knowledge constantly, you lose it! Beautiful set of videos my friend. Keep up the good work.

@GregSouth 2 жыл бұрын

Hi there, thanks for the feedback. The link for the original file, configuring an ASA Firewall on Cisco Packet Tracer is here - bit.ly/38o8Dxf - hope this helps. All the best, Greg

@GrimReaper2121 2 жыл бұрын

@@GregSouth thank you Greg. I appreciate it my friend.

@mkbhoir5923 3 жыл бұрын

which routing topology is being used?

@GregSouth 3 жыл бұрын

Hi MK, OSPF is used on Routers R1, R2 and R3. You can check this by running 'show ip protocols' on those routers. In addition, I configure a static default route from the ASA in the videos. Hope this helps, Greg

@mkbhoir5923 3 жыл бұрын

@@GregSouth Thanks a lot that was helpful

@xtrax9 Жыл бұрын

I dont have vlan 1 and 2 on my firewall default configuration

@GregSouth Жыл бұрын

Hi @xtrax9 - did you use the 5506 ASA instead? This doesn't have vlan 1 and 2 (in Packet Tracer 8.2). Note: the one that I configure in these videos is a 5505 ASA. This by default (in Packet Tracer 8.2) will have both vlan 1 (inside) and vlan 2 (outside) configured by default - they will also have ports assigned to them initially. You can see this by issuing the 'ciscoasa#show switch vlan' command - hope this helps, Greg

@a.j.5475 2 жыл бұрын

Noticed the nameif doesnt work, but when checking the vlan 1 with the name inside and the security-level 100 already exists in your downloadable packettracer. Is that correct?

@GregSouth 2 жыл бұрын

Hi A.J, the nameif command should work under an interface. E.g. # interface vlan 1, nameif inside. Yes, by default this name of inside is already configured on a ASA 5505- I demonstrate this in the video to compare this to other interfaces such as outside and DMZ. It helps to show, the highest possible level is used by the inside interface by default. Using the trusted-untrusted terminology, this level is considered the most trusted (value of 100).

@hamzadirieh3982 3 жыл бұрын

thank you keep going

@taniakanth2657 3 жыл бұрын

is it possible to make vlans for my internal network, while having the vlans for my firewall?

@GregSouth 3 жыл бұрын

Hi, should not be any issue - have you tried setting up a layer 3 switch and then connecting this to firewall?

@taniakanth2657 3 жыл бұрын

@@GregSouth Is it possible to email you about a problem i have with the nwtwork, mine keeps failing, i dont know why

@issafeika2867 4 жыл бұрын

Thank you so... Much ❤.

@juancamilomedinagarzon1375 3 жыл бұрын

hey friend could you help me with my topology it is not working I am doing the same as yours.

@GregSouth 2 жыл бұрын

Hi @Juan - sorry just seeing your comment now. Not sure if you saw this but I have the original exercise file uploaded if this helps in any way. All the best, Greg - please find link here - bit.ly/38o8Dxf

@ajayv6964 3 жыл бұрын

Hai....Is it possible to ping from outside to inside?

@GregSouth 3 жыл бұрын

Hi there - yes this is possible but remember typical role of a firewall is to block traffic from an untrusted network coming into a more trusted network

@doggy007ooo 4 жыл бұрын

quality Content 👌

@matthewkeen6281 9 ай бұрын

Nice.

@anthonysijera7871 3 жыл бұрын

THANK YOU !!!

@stevezzorr 4 жыл бұрын

What if the LAN network has multiple VLAN's?

@GregSouth 4 жыл бұрын

Hi @Steven A, you may notice if you try to create more SVI (Switched Virtual Interfaces) on the ASA e.g. int vlan 10 and then try naming the interface using 'nameif' command you will get an error regarding the license. ASA doesn't allow configuring more than 2 interfaces with naeif and without a 'no forward' command...Another strategy you may use is to connect a layer 3 switch directly to e.g. VLAN 1 on the ASA. You can then use the layer 3 switch to create as many vlans as you wish and use the L3 Switch to do inter-vlan routing etc. If you need to route out to the Internet you can add the necessary routes from the Layer 3 Switch and subsequent routes out of the ASA (to the internet). Hope this helps, Greg

@kitaspidate5835 3 жыл бұрын

@@GregSouth hi i have the same issue, i tried multilayer swh method, like FW inside to L3 swh port24 n prts1,2,3 to 3 diff L@ swhs n i configured L3 swh as dhcp to assign 10.10.10.0,10.10.10.20.0,10.10.30.0/24 ip assign for L@ swh end devices. then i did FW inside ip 10.10.50.1/24-sec lvl 100, now if i ping from L2 PC to L2 PC diff vlans,still it pings, but i cant ping FW inside 10.10.50.1 from 10.10.10.3-PC. it failed to move from L# swh. so I trblsht as L# to FW link f0/24 as no swhport and gave ip 10.10.50.2 same subnet as FW IN, n then it passes pkt to FW, but no return frm firewall, again I added a static route to the 10.10.50.2 L#3 swhs link to FW [any ip,any subnet to 10.10.50.2], bt still cant ping the FW inside link from PC. can u help pls? i dont know what I am missing. do i need to add [swhprt trunk encap dot1q on L3 link to FW]?

@kitaspidate5835 3 жыл бұрын

hi i found it, it worked, i just have to add static route to my internal networks in ASA [route inside 10.10.10.0 255.255.255.0 10.10.50.2] here 50.2 is my L# swhs f0/24 port-no swhport ip addrs which connects ASA on 50.1] , now gonna try the remainning outside nw. thanx anyway

@stuffandthangs3953 Жыл бұрын

On the rooter.

@shaymaatareef7230 3 жыл бұрын

thank you

@KhalidKhan-xr8jc 4 жыл бұрын

nice

@fixnet2918 10 ай бұрын

"Some of my configuration is already being done here" (min 7.05) ????

@GregSouth 10 ай бұрын

Apologies-should have said - some config already completed here - as you can see these videos are far from rehearsed! Hope this helps

@yandasaketh2177 3 жыл бұрын

209th like

@bfacewcollar1328 3 жыл бұрын

When I saw the topology I knew I was out of my league. Bye

@MrDass20 Жыл бұрын

I want to change the Ip on the inside interface. How do I go aout doing that?

@MrDass20 Жыл бұрын

If you need to change the inside interface IP you will have to remove the nameif inside from the interface and re add it. Thanks for this video tho. Very informative and detail.