Lab Configure Service Object Groups using ASDM

Similar documents
Lab Configure ACLs in the PIX Security Appliance using CLI

Lab Configure Object Groups

ASA 7.x/PIX 6.x and Above: Open/Block the Ports Configuration Example

Lab Configure Cisco IOS Firewall CBAC

Lab 3.4.6a Configure the PIX Security Appliance using Setup Mode and ASDM Startup Wizard

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

Lab 4.5.5a Configure a PIX Security Appliance Site-to-Site IPSec VPN Tunnel Using CLI

ASA 8.X and later: Add or Modify an Access List through the ASDM GUI Configuration Example

Firewall Policy. Edit Firewall Policy/ACL CHAPTER7. Configure a Firewall Before Using the Firewall Policy Feature

Lab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

Object Groups for ACLs

ASA Access Control. Section 3

Lab - Troubleshooting ACL Configuration and Placement Topology

Fundamentals of Network Security v1.1 Scope and Sequence

ASA/PIX Security Appliance

ASACAMP - ASA Lab Camp (5316)

Lab - Configure the Firewall in Windows 7 and Vista

Nested Class Map Support for Zone-Based Policy Firewall

Configuring IP Session Filtering (Reflexive Access Lists)

CCNA Access List Questions

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Object Groups for ACLs

Lab Configuring the PIX Security Appliance as a DHCP Server

PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands

Object Groups for ACLs

Lab 8: Firewalls ASA Firewall Device

Cisco ASA 5500 LAB Guide

Exam Name: Implementing Cisco Edge Network Security Solutions

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

On completion of this chapter, you will be able to perform the following tasks: Describe the PIX Device Manager (PDM) and its capabilities.

Configuring Logging for Access Lists

Configuring Traffic Policies

Configuring Group Policies

Lab Student Lab Orientation

Configuring Logging for Access Lists

Firewall Simulation COMP620

PIX/ASA 7.x ASDM: Restrict the Network Access of Remote Access VPN Users

CCNA Discovery 3 Chapter 8 Reading Organizer

Exam Actual. Higher Quality. Better Service! QUESTION & ANSWER

CCNA Course Access Control Lists

Adding an IPv6 Access List

Cisco CISCO Securing Networks with ASA Advanced. Practice Test. Version

DOWNLOAD PDF CISCO ASA 5505 CONFIGURATION GUIDE

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Web server Access Control Server

Object Groups for ACLs

Lab - Configure the Firewall in Windows 8

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Network Security Laboratory 23 rd May STATEFUL FIREWALL LAB

Firewall Stateful Inspection of ICMP

Access Control Lists and IP Fragments

In this lab you will explore the Windows Vista Firewall and configure some advanced settings.

CISCO EXAM QUESTIONS & ANSWERS

UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL

Application Rules - Allows the users to add or modify or remove Custom ruleset for firewall settings.

Lab Student Lab Orientation

Using CSC-SSM 6.2 with Trend Micro Damage Cleanup Services. Setup Guide

CCNA Security PT Practice SBA

Deploying Cisco ASA Firewall Features (FIREWALL) v1.0. Global Knowledge European Remote Labs Instructor Guide

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

Access Rules. Controlling Network Access

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

F5 WANJet 200. Quick Start Guide. Quick Start Overview

Study Guide. Using ACLs to Secure Networks

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

Configuring an IP ACL

PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)

Extended ACL Configuration Mode Commands

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

LAB6: UC520 MULTI-SITE SETUP

ASA/PIX: Remote VPN Server with Inbound NAT for VPN Client Traffic with CLI and ASDM Configuration Example

2002, Cisco Systems, Inc. All rights reserved.

GSS Administration and Troubleshooting

Table of Contents. Cisco IPSec Tunnel through a PIX Firewall (Version 7.0) with NAT Configuration Example

Configuring Management Access

Lab Configure Routing Authentication and Filtering

Lab Catalyst 2950 and 3550 Series Intra-VLAN Security

Internet Security Firewalls

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Wireless LANs (CO72047) Bill Buchanan, Reader, School of Computing.

Reflexive Access List Commands

Introduction to Network Security Missouri S&T University CPE 5420 Network Access Control

Configure the ASA for Dual Internal Networks

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER

Lab Configure a Router with the IOS Intrusion Prevention System

Chapter 10 Lab B: Configuring ASA Basic Settings and Firewall Using ASDM

Summer Webinar Series

Implementing Traffic Filtering with ACLs

Configuring Virtual Servers

Configuration Examples

Chapter 2 VLANs. CHAPTER 2 VLANs

Introduction to Firewalls using IPTables

1.1 Configuring HQ Router as Remote Access Group VPN Server

Introduction p. 1 The Need for Security p. 2 Public Network Threats p. 2 Private Network Threats p. 4 The Role of Routers p. 5 Other Security Devices

Understanding Access Control Lists (ACLs) Semester 2 v3.1

Deploying Cisco ASA Firewall Solutions (FIREWALL) v2.0. Global Knowledge European Remote Labs Instructor Guide

Security Manager Policy Table Lookup from a MARS Event

Transcription:

Lab 9.2.3 Configure Service Object Groups using ASDM Objective Scenario In this lab, the students will complete the following tasks: Configure an inbound access control list (ACL) with object groups. Configure a service object group. Configure web and ICMP access to the inside host. Test and verify the inbound ACL. The XYZ Company has a PIX Security Appliance installed and operating on the network. The existing configuration on the PIX uses ACL statements for each individual service, such as HTTP or FTP. Using ASDM, configure a service object group to make the access rules more modular and scalable. PIX Firewall Version 6.2 and higher support four types of named object groups: host/network (network) protocol icmp-type service When configuring object groups with ASDM, use the following guidelines: Object Group Names The Name of any object group must be unique to all four types. For example, a service group and a network group may not share the same name. Host/Network and Service Types ASDM uses Host/Network and service type objects. You can add, edit or delete network type object groups in Configuration>Hosts/Networks>Group and service type object groups in Tools>Service Groups, Configuration>VPN, and Configuration>Access Rules. ICMP and Protocol Types The object group types icmp-type and protocol cannot be created in ASDM and, therefore, cannot be renamed in ASDM. However, ASDM does support editing and deleting object groups using Tools>Command Line Interface. Hierarchical/Nested Service Groups Manage Service Groups lets you associate multiple TCP or UDP services (ports) in a named group. You can also add service object groups to a service object group. You might find this useful when the use of groups is hierarchical or to reuse existing service groups. You can then use the nested service group like any other group in an access rule, a conduit, or for IPSec rules. Nested network groups are not supported by ASDM. 1-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

Topology This figure illustrates the lab network environment. Preparation Begin with the standard lab topology and verify the starting configuration on the pod PIX Security Appliance. Access the PIX Security Appliance console port using the terminal emulator on the student PC. If desired, save the PIX Security Appliance configuration to a text file for later analysis. Tools and resources In order to complete the lab, the following is required: Standard PIX Security Appliance lab topology Console cable HyperTerminal Additional materials Further information about the objectives covered in this lab can be found at: http://www.cisco.com/go/asdm 2-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

Step 1 Remove the Existing ACLs and using ASDM In this step, verify and then remove the existing ACLs. a. Log into ASDM. b. Click on the Configuration button c. Click on Security Policy in the Features panel. Verify that the Access Rules radio button is checked. d. From the Menu, go to Tools>Command Line Interface. e. Delete any existing ACL entries by entering the clear configure access-list command. f. Click the Send Button. g. Click the Close button to return to the Access Rules page in the Configuration. h. If the Confirm Configuration Refresh window appears, click the Yes button to refresh the configuration shown in the ASDM interface. i. There should only be 2 implicit rules remaining on the Access Rules page. 3-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

Step 2 Allow ICMP, HTTP and FTP from the Outside to the DMZ Complete the following steps to permit inbound web and ICMP traffic to the bastion host: a. From the Access Rules page, click on the Add New Rule icon or the Add button. b. Create an Access Rule which permits ICMP echo traffic from the outside to the Bastionhost. Click the OK button when finished. c. Click the Add New Rule icon. d. Create a permit statement to permit traffic with a source of outside (ANY) and the destination of DMZ (bastionhost) e. Click on the Manage Service Groups button. The Manage Service Groups window will appear. 4-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

f. Make sure the TCP radio button is checked. g. Click on the Add button. The Add Service Group window appears. h. Enter a Service group name of DMZ_SERVICES and a description of Web and FTP services. i. Add ftp and http to the Services list on the right by clicking on each Service and click on the Add button. j. Click the OK button, returning to the Manage Service Groups window 5-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

k. Click on the Apply button. l. If prompted by the Preview CLI Commands window, click on the Send button. m. The Add Access Rule window will become active. n. In the Destination Port field, click on the Service Group radio button. o. Choose DMZ_SERVICES in the drop down list. p. Enter a description at the bottom. Web and FTP access to the Bastionhost q. Click OK, returning to the Access Rules window. r. Click on the Apply button. s. If prompted by the Preview CLI Commands window, click on the Send button. Step 3 Verify the ACLs Verify the configuration: a. From the Menu, go to Tools>Command Line Interface b. View the ACL entries by entering the show access-list command. Click the Send Button. 6-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

c. Click the Close button when finished. d. Exit ASDM. 7-7 Network Security 1 v2.0 Lab 9.2.3 Copyright 2005, Cisco Systems, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback