SlideShare une entreprise Scribd logo

Configuring NAT Rules on Cisco ASA Firewalls

Télécharger en tant que DOCX, PDF
IT Tech
IT Tech

This document discusses configuring NAT rules on a Cisco ASA or PIX firewall using Firewall Builder. It describes creating a NAT rule to translate the source IP of inside traffic to the outside interface address. It also covers compiling the firewall configuration into device commands, inspecting the output, and using the installer to deploy the configuration to the firewall via SSH.

Technologie
1  sur  4
Configuring Cisco ASA and PIX Firewalls-Part4 7. Configuring NAT Rules Now that the basic firewall rules are configured we need to define our NAT policy. Open the NAT object for editing by double-clicking on it in the object tree as shown in the diagram below. Figure 28. Open the NAT Object for Editing For this example we will create a single NAT rule that translates the source IP address of any traffic coming from the inside 10.10.10.0/24 network going to the Internet. The source IP should be translated to the IP address of the "outside" interface of the firewall. To edit NAT rules we use the same concepts used to edit the firewall Policy rules. Start by clicking the green icon at the top of the Rules panel to add a new NAT rule. Drag-and-drop the "Internal Network" object you created earlier to the Original Src column of the NAT rule. This identifies the traffic that will have its source IP address translated. Now, drag-and-drop the "outside" interface from the asa-1 firewall object to the Translated Src column of the rule. This field identifies the IP address that the traffic will be translated to. After you are done the NAT rule should like the diagram below. Figure 29. Completed NAT Rule That's it! Now we are ready to generate the configuration file and use the built-in installer to deploy it to the firewall. 8. Compile and Install In Firewall Builder the process of converting the rules from the Firewall Builder GUI syntax to the target device commands is called compiling the configuration.
To compile, click on the Compile icon which looks like a hammer . If you haven’t saved your configuration file yet you will be asked to do so. After you save your file, a wizard will be displayed that lets you select which firewall(s) you want to compile. In this example we are going to compile the firewall called asa-1 configured with the rules above. If there aren’t any errors, you should see some messages scroll by in the main window and a message at the top left stating Success. To view the output of the compile, click on the button that says Inspect Generated Files. This will open the file that contains the commands in Cisco command format. Note that any line that starts with “!” is a comment. Figure 30. Example Compiler Output The output from the compiler is automatically saved in a file in the same directory as the data file that was used to create it. The generated files are named with the firewall name and a .fw extension. In our example the generated configuration file is called asa-1.fw. You can copy and copy and paste the commands from this file to your ASA or PIX firewall or you can use the built-in Firewall Builder installer. Installing Firewall Builder can install the generated configuration file for you using SSH and SCP. To use the installer we need to identify one of the router interfaces as the “Management Interface”. This tells Firewall Builder which IP address to connect to on the router.
Do this by double-clicking the firewall object to expand it, and then double-clicking on the interface name that you want to assign as the management interface. In this example this is interface Ethernet0/1, the interface connected to the internal network. Figure 31. Setting the Managment Interface Note Any time you change access lists on your router you face the risk of locking yourself out of the device. Please be careful to always inspect your access lists closely and make sure that you will be able to access the ASA / PIX after the access list is installed. To install your access lists on the firewall, click on the install icon . This will bring up a wizard where you will select the firewall to install. Click Next > to install the selected firewall. Figure 32. Setting Compile and Install Actions Firewall Builder will compile your rules, converting them to Cisco access list command line format. After the compile completes successfully click Next>. Enter the firewall's username, password and enable password. Figure 33. Install Dialog
After the access list configuration is installed you will see a message at the bottom of the main window and the status indicator in the upper left corner of the wizard will indicate if the installation was successful. Figure 34. Successful Install By default Firewall Builder uses SCP to copy the generated config file to the firewall. Once the file is copied to the firewall, Firewall Builder connects to it using SSH. It loads the transferred config file from memory using the "copy" command, merging the Firewall Builder generated command with the current running configuration. Firewall Builder requires SSH version 2 to be enabled on the firewall. More… Cisco Guide: Migration of Cisco PIX 500 Series to Cisco ASA 5500 Series Cisco PIX Firewall Basics

Recommandé

Esa faq how do you upgrade an esa that is in a cluster - cisco
Esa faq how do you upgrade an esa that is in a cluster - ciscoEsa faq how do you upgrade an esa that is in a cluster - cisco
Esa faq how do you upgrade an esa that is in a cluster - ciscoGlDemira
 
Installing centos on xenserver
Installing centos on xenserverInstalling centos on xenserver
Installing centos on xenserverNati Shalom
 
Knowledge article
Knowledge articleKnowledge article
Knowledge articleDeepanshu Tyagi
 
Firefox Extension Development: Bundle
Firefox Extension Development: BundleFirefox Extension Development: Bundle
Firefox Extension Development: BundleBob Chao
 
Upgrade ESM Express License to ESM 6.11.0
Upgrade ESM Express License to ESM 6.11.0Upgrade ESM Express License to ESM 6.11.0
Upgrade ESM Express License to ESM 6.11.0Protect724migration
 
Rdo mitaka
Rdo mitakaRdo mitaka
Rdo mitakaNarasimha sreeram
 
Devstack
DevstackDevstack
DevstackNarasimha sreeram
 
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsEincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsNetwax Lab
 

Recommandé

Esa faq how do you upgrade an esa that is in a cluster - cisco
Esa faq how do you upgrade an esa that is in a cluster - ciscoEsa faq how do you upgrade an esa that is in a cluster - cisco
Esa faq how do you upgrade an esa that is in a cluster - ciscoGlDemira
 
Installing centos on xenserver
Installing centos on xenserverInstalling centos on xenserver
Installing centos on xenserverNati Shalom
 
Knowledge article
Knowledge articleKnowledge article
Knowledge articleDeepanshu Tyagi
 
Firefox Extension Development: Bundle
Firefox Extension Development: BundleFirefox Extension Development: Bundle
Firefox Extension Development: BundleBob Chao
 
Upgrade ESM Express License to ESM 6.11.0
Upgrade ESM Express License to ESM 6.11.0Upgrade ESM Express License to ESM 6.11.0
Upgrade ESM Express License to ESM 6.11.0Protect724migration
 
Rdo mitaka
Rdo mitakaRdo mitaka
Rdo mitakaNarasimha sreeram
 
Devstack
DevstackDevstack
DevstackNarasimha sreeram
 
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsEincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsNetwax Lab
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
Firewall
FirewallFirewall
FirewallNetwax Lab
 
1118174 asa config-dmz-00
1118174 asa config-dmz-001118174 asa config-dmz-00
1118174 asa config-dmz-00adrian quety
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
Load balancing in OSPF
Load balancing in OSPFLoad balancing in OSPF
Load balancing in OSPFArash Pourdamghani
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing projectvishal sharma
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
NAT in ASA Firewall
NAT in ASA Firewall NAT in ASA Firewall
NAT in ASA Firewall NetProtocol Xpert
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASARahul E
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPNNetProtocol Xpert
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Alphorm.com support de la formation-ccnp route examen 300-101-ss
Alphorm.com support de la formation-ccnp route examen 300-101-ssAlphorm.com support de la formation-ccnp route examen 300-101-ss
Alphorm.com support de la formation-ccnp route examen 300-101-ssAlphorm
 
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm
 
Service Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastService Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastSean Jain Ellis
 
Creating a cisco asa or pix firewall
Creating a cisco asa or pix firewallCreating a cisco asa or pix firewall
Creating a cisco asa or pix firewallIT Tech
 
Configuring cisco asa and pix firewalls part2
Configuring cisco asa and pix firewalls part2Configuring cisco asa and pix firewalls part2
Configuring cisco asa and pix firewalls part2IT Tech
 
Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3IT Tech
 

Contenu connexe

En vedette

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall NetProtocol Xpert
 
1118174 asa config-dmz-00
1118174 asa config-dmz-001118174 asa config-dmz-00
1118174 asa config-dmz-00adrian quety
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNetwax Lab
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing projectvishal sharma
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASARahul E
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Alphorm.com support de la formation-ccnp route examen 300-101-ss
Alphorm.com support de la formation-ccnp route examen 300-101-ssAlphorm.com support de la formation-ccnp route examen 300-101-ss
Alphorm.com support de la formation-ccnp route examen 300-101-ssAlphorm
 
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm
 
Service Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastService Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastSean Jain Ellis
 

En vedette (19)

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
 
Firewall
FirewallFirewall
Firewall
 
1118174 asa config-dmz-00
1118174 asa config-dmz-001118174 asa config-dmz-00
1118174 asa config-dmz-00
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
Load balancing in OSPF
Load balancing in OSPFLoad balancing in OSPF
Load balancing in OSPF
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security Context
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing project
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
NAT in ASA Firewall
NAT in ASA Firewall NAT in ASA Firewall
NAT in ASA Firewall
 
Site to Site VPN CISCO ASA
Site to Site VPN CISCO ASASite to Site VPN CISCO ASA
Site to Site VPN CISCO ASA
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Alphorm.com support de la formation-ccnp route examen 300-101-ss
Alphorm.com support de la formation-ccnp route examen 300-101-ssAlphorm.com support de la formation-ccnp route examen 300-101-ss
Alphorm.com support de la formation-ccnp route examen 300-101-ss
 
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
Alphorm.com Support de la Formation Cisco CCNP SWITCH (examen 300-115)
 
Service Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using AnycastService Redundancy and Traffic Balancing Using Anycast
Service Redundancy and Traffic Balancing Using Anycast
 

Similaire à Configuring NAT Rules on Cisco ASA Firewalls

Creating a cisco asa or pix firewall
Creating a cisco asa or pix firewallCreating a cisco asa or pix firewall
Creating a cisco asa or pix firewallIT Tech
 
Configuring cisco asa and pix firewalls part2
Configuring cisco asa and pix firewalls part2Configuring cisco asa and pix firewalls part2
Configuring cisco asa and pix firewalls part2IT Tech
 
Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3IT Tech
 
IBM Configuration Assistant for z/OS Communications Server update
IBM Configuration Assistant for z/OS Communications Server updateIBM Configuration Assistant for z/OS Communications Server update
IBM Configuration Assistant for z/OS Communications Server updatezOSCommserver
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesSarah Tao
 
Setting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntuSetting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntukesavan N B
 
Wi fi ruckus config
Wi fi ruckus configWi fi ruckus config
Wi fi ruckus configtmukumba
 
ESM 6.9.1c Patch1 Release Notes
ESM 6.9.1c Patch1 Release Notes ESM 6.9.1c Patch1 Release Notes
ESM 6.9.1c Patch1 Release Notes Protect724tk
 
Lab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfLab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfHaseebAli795005
 
installation and configuration of informatica server
installation and configuration of informatica serverinstallation and configuration of informatica server
installation and configuration of informatica serverketulp
 
manual vvtk camera_st7501
manual vvtk camera_st7501manual vvtk camera_st7501
manual vvtk camera_st7501TSOLUTIONS
 
Validating MSI Updates and Patches
Validating MSI Updates and PatchesValidating MSI Updates and Patches
Validating MSI Updates and PatchesFlexera
 
Oracle forms and reports 11g installation on linux
Oracle forms and reports 11g installation on linuxOracle forms and reports 11g installation on linux
Oracle forms and reports 11g installation on linuxVenu Palakolanu
 
Cisco Monitoring Standard Content Guide for ESM 6.8c
Cisco Monitoring Standard Content Guide for ESM 6.8cCisco Monitoring Standard Content Guide for ESM 6.8c
Cisco Monitoring Standard Content Guide for ESM 6.8cProtect724migration
 
CAHs Using Health Information Technology
CAHs Using Health Information TechnologyCAHs Using Health Information Technology
CAHs Using Health Information Technologywebhostingguy
 
Building A Simple Web Service With CXF
Building A Simple Web Service With CXFBuilding A Simple Web Service With CXF
Building A Simple Web Service With CXFCarl Lu
 

Similaire à Configuring NAT Rules on Cisco ASA Firewalls (20)

Creating a cisco asa or pix firewall
Creating a cisco asa or pix firewallCreating a cisco asa or pix firewall
Creating a cisco asa or pix firewall
 
Configuring cisco asa and pix firewalls part2
Configuring cisco asa and pix firewalls part2Configuring cisco asa and pix firewalls part2
Configuring cisco asa and pix firewalls part2
 
Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3Configuring cisco asa and pix firewalls part3
Configuring cisco asa and pix firewalls part3
 
IBM Configuration Assistant for z/OS Communications Server update
IBM Configuration Assistant for z/OS Communications Server updateIBM Configuration Assistant for z/OS Communications Server update
IBM Configuration Assistant for z/OS Communications Server update
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x series
 
Setting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntuSetting up the hyperledger composer in ubuntu
Setting up the hyperledger composer in ubuntu
 
Wi fi ruckus config
Wi fi ruckus configWi fi ruckus config
Wi fi ruckus config
 
ESM 6.9.1c Patch1 Release Notes
ESM 6.9.1c Patch1 Release Notes ESM 6.9.1c Patch1 Release Notes
ESM 6.9.1c Patch1 Release Notes
 
Lab1
Lab1Lab1
Lab1
 
Lab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdfLab 4 Configure End Devices.pdf
Lab 4 Configure End Devices.pdf
 
installation and configuration of informatica server
installation and configuration of informatica serverinstallation and configuration of informatica server
installation and configuration of informatica server
 
Neutron kilo
Neutron kiloNeutron kilo
Neutron kilo
 
Read me
Read meRead me
Read me
 
manual vvtk camera_st7501
manual vvtk camera_st7501manual vvtk camera_st7501
manual vvtk camera_st7501
 
INET for Starters
INET for StartersINET for Starters
INET for Starters
 
Validating MSI Updates and Patches
Validating MSI Updates and PatchesValidating MSI Updates and Patches
Validating MSI Updates and Patches
 
Oracle forms and reports 11g installation on linux
Oracle forms and reports 11g installation on linuxOracle forms and reports 11g installation on linux
Oracle forms and reports 11g installation on linux
 
Cisco Monitoring Standard Content Guide for ESM 6.8c
Cisco Monitoring Standard Content Guide for ESM 6.8cCisco Monitoring Standard Content Guide for ESM 6.8c
Cisco Monitoring Standard Content Guide for ESM 6.8c
 
CAHs Using Health Information Technology
CAHs Using Health Information TechnologyCAHs Using Health Information Technology
CAHs Using Health Information Technology
 
Building A Simple Web Service With CXF
Building A Simple Web Service With CXFBuilding A Simple Web Service With CXF
Building A Simple Web Service With CXF
 

Plus de IT Tech

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 

Plus de IT Tech (20)

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 

Dernier

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Dernier (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Configuring NAT Rules on Cisco ASA Firewalls

  • 1. Configuring Cisco ASA and PIX Firewalls-Part4 7. Configuring NAT Rules Now that the basic firewall rules are configured we need to define our NAT policy. Open the NAT object for editing by double-clicking on it in the object tree as shown in the diagram below. Figure 28. Open the NAT Object for Editing For this example we will create a single NAT rule that translates the source IP address of any traffic coming from the inside 10.10.10.0/24 network going to the Internet. The source IP should be translated to the IP address of the "outside" interface of the firewall. To edit NAT rules we use the same concepts used to edit the firewall Policy rules. Start by clicking the green icon at the top of the Rules panel to add a new NAT rule. Drag-and-drop the "Internal Network" object you created earlier to the Original Src column of the NAT rule. This identifies the traffic that will have its source IP address translated. Now, drag-and-drop the "outside" interface from the asa-1 firewall object to the Translated Src column of the rule. This field identifies the IP address that the traffic will be translated to. After you are done the NAT rule should like the diagram below. Figure 29. Completed NAT Rule That's it! Now we are ready to generate the configuration file and use the built-in installer to deploy it to the firewall. 8. Compile and Install In Firewall Builder the process of converting the rules from the Firewall Builder GUI syntax to the target device commands is called compiling the configuration.
  • 2. To compile, click on the Compile icon which looks like a hammer . If you haven’t saved your configuration file yet you will be asked to do so. After you save your file, a wizard will be displayed that lets you select which firewall(s) you want to compile. In this example we are going to compile the firewall called asa-1 configured with the rules above. If there aren’t any errors, you should see some messages scroll by in the main window and a message at the top left stating Success. To view the output of the compile, click on the button that says Inspect Generated Files. This will open the file that contains the commands in Cisco command format. Note that any line that starts with “!” is a comment. Figure 30. Example Compiler Output The output from the compiler is automatically saved in a file in the same directory as the data file that was used to create it. The generated files are named with the firewall name and a .fw extension. In our example the generated configuration file is called asa-1.fw. You can copy and copy and paste the commands from this file to your ASA or PIX firewall or you can use the built-in Firewall Builder installer. Installing Firewall Builder can install the generated configuration file for you using SSH and SCP. To use the installer we need to identify one of the router interfaces as the “Management Interface”. This tells Firewall Builder which IP address to connect to on the router.
  • 3. Do this by double-clicking the firewall object to expand it, and then double-clicking on the interface name that you want to assign as the management interface. In this example this is interface Ethernet0/1, the interface connected to the internal network. Figure 31. Setting the Managment Interface Note Any time you change access lists on your router you face the risk of locking yourself out of the device. Please be careful to always inspect your access lists closely and make sure that you will be able to access the ASA / PIX after the access list is installed. To install your access lists on the firewall, click on the install icon . This will bring up a wizard where you will select the firewall to install. Click Next > to install the selected firewall. Figure 32. Setting Compile and Install Actions Firewall Builder will compile your rules, converting them to Cisco access list command line format. After the compile completes successfully click Next>. Enter the firewall's username, password and enable password. Figure 33. Install Dialog
  • 4. After the access list configuration is installed you will see a message at the bottom of the main window and the status indicator in the upper left corner of the wizard will indicate if the installation was successful. Figure 34. Successful Install By default Firewall Builder uses SCP to copy the generated config file to the firewall. Once the file is copied to the firewall, Firewall Builder connects to it using SSH. It loads the transferred config file from memory using the "copy" command, merging the Firewall Builder generated command with the current running configuration. Firewall Builder requires SSH version 2 to be enabled on the firewall. More… Cisco Guide: Migration of Cisco PIX 500 Series to Cisco ASA 5500 Series Cisco PIX Firewall Basics