IMPLEMENT FIREWALL USING PACKET TRACER
Console cable is used to connect a computer directly to a device and manage the device.
8.8. 8.8 is the primary DNS server for Google DNS.
Goto terminal and click ok.. You will get the terminal to code
ciscoasa>en
Password:
ciscoasa#show running-config
Note: there is already some vlans and dhcpd with their configuration.. So remove them to set your own ip and configuration
ciscoasa#config t
ciscoasa(config)#int vlan 1
ciscoasa(config-if)#no ip address
ciscoasa(config-if)#exit
ciscoasa(config)#no dhcpd address 192.168.1.5-192.168.1.36 inside
ciscoasa#show running-config
Note: now there is no any configuration
ciscoasa#config t
ciscoasa(config)#int vlan 1
ciscoasa(config-if)#ip address 172.16.1.1 255.0.0.0
ciscoasa(config-if)#nameif inside
ciscoasa(config-if)#security-level 100
ciscoasa(config-if)#exit
ciscoasa(config)#int e0/1
ciscoasa(config-if)#switchport access vlan 1
ciscoasa(config-if)#exit
ciscoasa(config)#int vlan2
ciscoasa(config-if)#ip address 203.1.1.2 255.255.255.0
ciscoasa(config-if)#no shutdown
ciscoasa(config-if)#nameif outside
ciscoasa(config-if)#security-level 0
ciscoasa(config-if)#exit
ciscoasa(config)#int e0/0
ciscoasa(config-if)#switchport access vlan 2
CONFIGURE ROUTER
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host ISP
ISP(config)#int gig0/0/1
ISP(config-if)#ip address 203.1.1.1 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config-if)#int gig0/0/0
ISP(config-if)#ip address 8.8.8.1 255.255.255.0
ISP(config-if)#no shutdown
GOTO SERVER
Goto command prompt
Ping 8.8.8.1
Ping 203.1.1.1
CONFIGURE DHCP AND DNS SERVER in PC2
First goto pc0 and pc1 and select DHCP instead of static in ip configuration portion of desktop
GOTO PC2
GOTO TERMINAL
ciscoasa(config-if)#exit
ciscoasa(config)#dhcpd address 172.16.1.5-172.16.1.6 inside
ciscoasa(config)#dhcpd dns 8.8.8.8 interface inside
ciscoasa(config)#end
ciscoasa#show running-config
GOTO PC0
CONFIGURE THE DEFAULT AND DYNAMIC ROUTE ON ISP USING OSPF
GOTO PC2
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 203.1.1.1(ip of router)
Goto router
ISP>
ISP>en
ISP#config t
Enter configuration commands, one per line. End with CNTL/Z.
ISP(config)#router ospf 1
ISP(config-router)#network 8.0.0.0 0.255.255.255 area 0
ISP(config-router)#network 203.0.0.0 0.0.0.255 area 0
CANNOT PING FROM PC0 TO SERVER AS FIREWALL DOESNOT ALLOW
//OPTIONAL
CREATE OBJECT NETWORK AND ENABLE NAT ON ASA
// Objects are reusable components for use in your configuration. You can define and use them in Cisco ASA configurations in the place of inline IP addresses, services, names, and so on.
Goto pc2
Terminal
ciscoasa#config t
ciscoasa(config)#object network LAN
ciscoasa(config-network-object)#subnet 172.16.1.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface
ciscoasa(config-network-object)#exit
CREATE THE ACCESS LIST IN PC2 SO THAT WE CAN COMMUNICATE WITH SERVER
ciscoasa#config t
ciscoasa(config)#access-list OTI extended permit tcp any any
// OTI IS ANY NAME YOU CAN GIVE ANY=SOURCE ANY=DESTINATION
ciscoasa(config)#access-list OTI extended permit icmp any any
ciscoasa(config)#access-group OTI in interface outside
NOW PING FROM PC0 TO SERVER