Understanding Security Levels on Cisco ASA Firewall Tutorial : Cisco Training Videos

Рет қаралды 48,574

11 жыл бұрын

Learn about Security levels on Cisco ASA Firewalls and the default security policy behavior ASAs use when acess-lists aren't applied
Please leave any questions you have in the comments section below!
How to Configure Security Levels on Cisco ASA Firewall Tutorial : Cisco Training Videos
How to Configure Security Levels on Cisco ASA Firewall Tutorial : Cisco Training Videos
How to Configure Security Levels on Cisco ASA Firewall Tutorial : Cisco Training Videos
How to Configure Security Levels on Cisco ASA Firewall Tutorial : Cisco Training Videos
How to Configure Security Levels on Cisco ASA Firewall Tutorial : Cisco Training Videos

Пікірлер: 48

@The-DIY-Guide 11 жыл бұрын

I'm glad it helped you Alex! I'll make more training videos involving firewall basic configurations soon!

@NicholasEnslow 10 жыл бұрын

Great video, I learned a lot while cramming for an interview.

@danchang 7 жыл бұрын

Beautiful! Thanks.

@alexminarovic8156 11 жыл бұрын

very informative thank you :D

@afolabisamuel7228 10 жыл бұрын

Concise and informative, Thanks

@The-DIY-Guide 10 жыл бұрын

I am happy to help! Im working on some certs now, but ill be making more videos soon when some time freezes up. Have a great day!

@rhce2120 7 жыл бұрын

Thanks a lot ....

@northcarolinadronescapes9506 6 жыл бұрын

great video

@riphihe 9 жыл бұрын

oh and Good video too btw!! (I just subscribed after looking at your channel)

@The-DIY-Guide 9 жыл бұрын

Edward Walker Glad it was helpful for you!

@cybersecurity90 3 жыл бұрын

Good explanation. (y)

@randyg.7940 4 жыл бұрын

PERFECT THXXX!!!

@The-DIY-Guide 3 жыл бұрын

You are very welcome!

@maw570 9 жыл бұрын

Fantastic, thank you

@The-DIY-Guide 9 жыл бұрын

maw570 You're welcome! Glad to help

@FFxO 5 жыл бұрын

sh ip int br is my all time fav command!

@eduardobarreto1105 7 жыл бұрын

Hello Trevor, I have a simple question. If I have two interfaces on the ASA configured both with "security-level 0" would I still need the "same-security-traffic permit inter-interface" command to permit traffic between them? wouldn't they be considered as interfaces without any security level? or would the same security level rule would apply not passing traffic between each other? besides the above command, would this also be overwritten if I configure them both with "no security-level"? Is that even possible? Thank you!

@asadmehmood3518 9 жыл бұрын

Simply amazing

@The-DIY-Guide 9 жыл бұрын

Very glad to help! This is a great video to helps with interviews

@acedrumsnyc 5 ай бұрын

What program did you use to make this network diagram? Thanks.

@ricosancarranco7645 9 жыл бұрын

Good video. Thank for explaining. Side Note: You may want to place your mic in a place where it can't be effected by your typing to avoid the "bump" noises.

@The-DIY-Guide 9 жыл бұрын

***** Thank you! glad to help. Yes, I have upgraded microphones and the quality is much more professional in the newer videos. There was a learning curve to sound quality, and the earlier videos suffered unfortunately. I am glad you enjoyed it, depsite the background noise.

@giscardnemaleu3894 9 жыл бұрын

GOOD Job !!

@The-DIY-Guide 9 жыл бұрын

Thank you! glad to help. How is your studying going

@ahmedalali3528 7 жыл бұрын

Hi Nice video, but I have a question. If I need to send a packet from outside to inside of FW, will the FW deny it or permit it. Logically, it should be denied. Am I right?

@SecurityPanda 9 жыл бұрын

nice video

@The-DIY-Guide 9 жыл бұрын

pradnesh keni Thank you let me know if you have any ASA questions

@jbdarula 9 жыл бұрын

Hi Trevor, I'm a newbie to ASA and Networking in general. Any recommendations on which videos to watch first from all of your tutorials? I want to be able to understand the concept since this is all new to me.

@The-DIY-Guide 9 жыл бұрын

I would recommend that you start with the CCENT/CCNA training series playlist: kzbin.info/aero/PLjsSoP29dLx5HfZD0xpTllw7tNJoI9loV

@Gtv7020 9 жыл бұрын

That's Great Trever, i have ASA5520 in my campus and actually i am using it as a Router,my question is can't we assign the outside interface a private ip?

@The-DIY-Guide 9 жыл бұрын

Gezahegn Demas Yes, absolutely you can! In my scenario I think I was describing if the firewall is on the edge of the network performing all of the NATting. Your scenario is perfectly fine. I set up internal routers all the time.

@rahulvirmani5871 9 жыл бұрын

hey trevor nyc video man.. i just came across a doubt.does this security level works if i put an access list on my firewall..?? n through VPN the internet traffic is allowed to pass through the firewall, will it consider the security level at the time of VPN connections????

@The-DIY-Guide 9 жыл бұрын

Hi Rahul, remember, the security levels are the default security policy for the ASA. When you add an access-list, the security level is bypassed and no longer used. So, No, the security level will not be viewed in your scenario since you have added an access-list for the VPN.

@riphihe 9 жыл бұрын

Hey Trevor, why does it let you assign IP addresses to the actual interfaces? On my ASA (the one included in Packet Tracer 6.1) it only lets me put IP addresses on VLANs.

@The-DIY-Guide 9 жыл бұрын

Edward Walker What type of ASA do you have? The Cisco 5505 is the only ASA platform that operates the way you are describing. The 5505 is the smallest platform of the ASA model line and is configured slightly differently than the rest of the ASA and ASAx model line.

@riphihe 9 жыл бұрын

Does anyone here know where I can get packet tracer with the Security + on the ASA? I can't do most of the labs out there I find without it.

@The-DIY-Guide 9 жыл бұрын

Edward Walker Edward, instead of using packet tracer, why dont you simulate the real thing in GNS3? There are no limitations with this, here is the link: kzbin.info/www/bejne/qmi6lYGfqdB_r5o

@Eric3Frog 10 жыл бұрын

Thanks. What certs are you working on?

@The-DIY-Guide 10 жыл бұрын

You're welcome! Glad to help! Right now I am working on getting my 2nd ccnp, once that is complete is july ill be starting my ccie route switch! so excited to start the long journey

@The-DIY-Guide 9 жыл бұрын

Eric3Frog I just passed all my tests, so I now have my CCNP route and switch, and CCNP security. I am beginning these training videos again as I start my CCIE journey. Keep in touch. New videos daily!

@Eric3Frog 9 жыл бұрын

CiscoTrainingVideos Congratulations! You have made a lot of progress in 5 months. Thanks for sharing your knowledge with the KZbin community.

@chaj2r 10 жыл бұрын

hi, im having a problem with the out o inside trafic not permited

@The-DIY-Guide 10 жыл бұрын

Hi Emir!Can you send me a "show run int " output in a comment?Do you have any access-lists or access-groups applied?

@mohammedzldjali6015 8 жыл бұрын

Dear I have a question can I run ASA in GNS3. If yes could you please guide me !!!!!

@noname89636 5 жыл бұрын

Share to save a life.

@leokachy 10 жыл бұрын

Nice work. Please now can i get traffic to move from outside interface to a inside networks. i have a internet router connected to the outside interface of the ASA - 192.168.20.0/24 .Router fa0/1 is 20.1/24 while ASA outside is 20.2/24 now ASA inside interface is 192.168.11.0/24 i can ping 11.0/24 from 20.0/24 i used ASDM packet tracer and keep getting dropped packet by Implicit ACL the whole essesnce of this is that i have internet routers speakin to each other via RIP, even though i have enabled RIP on the ASA and the ASA can reach all other remote network via the RIP process, the routers can't reach the ASA inside - 192.168.11.0/24 even when the network appears in there routing tables. i am lost (:|

@The-DIY-Guide 10 жыл бұрын

So you're network layout is the following: router ---- 192.168.20.0/24--------ASA-------192.168.11.0/24? correct? Remember a packet tracer is a simulated packet that documents how the ASA is going to process a request with that information in the IP header. Since it is identifying that the ACL lookup phase is failing, this is going to be the first thing we need to fix. Can you should me the output of the following commands: show run access-group & show run access-list & the packet tracer output

@leokachy 10 жыл бұрын

CiscoTrainingVideos Yes thats correct. # sh run access-group access-group inside_access_in_1 in interface inside access-group outside_access_in in interface outside sh run access-list access-list outside_access_in extended permit ip any any access-list Nigeria-IKEA_splitTunnelAcl standard permit 192.168.11.0 255.255.255 .0 access-list gaffeltruck9_splitTunnelAcl standard permit 192.168.11.0 255.255.255 .0 access-list outside_1_cryptomap extended permit ip 192.168.11.0 255.255.255.0 19 2.168.10.0 255.255.255.0 access-list Nigeria-PH_splitTunnelAcl standard permit 192.168.11.0 255.255.255.0 access-list inside_access_in extended deny ip any object-group Blocked access-list inside_access_in_1 extended deny ip any object-group Blocked access-list inside_access_in_1 extended permit ip any any access-list outside_cryptomap extended permit ip 192.168.11.0 255.255.255.0 192. 168.12.0 255.255.255.0 access-list inside_mpc extended permit object-group TCPUDP any any eq www Additional Infomation: The above ASA in question talks to two other ASAs [192.168.10.0/24 and 192.168.12.0/24 via ipsec.] Now for cost reason, i want this ASA to communicate to a new remote site [192.168.40.0] that has only a cisco 800series router. i have enable RIP and have aGRE running from the 800 router at the remote site terminating at the Internet demarcating router of this ASA side. When i issue a sh ip route on this remote 800 router side, i see the 192.168.11.0/24 [ASA inside] network, but pings can just get there. Many thanks for reaching out.