Album Foto

Tetap Berjuang dan jangan menyerah !!! . Cobalah lakukan yang terbaik
Kita tidak wajib menjadi lebih baik dari orang lain, akan tetapi kita wajib menjadikan diri kita lebih baik dari hari ini, esok dan seterusnya
ini memang tidak mudah untuk di kerjakan (akan tetapi sulit bukan berarti tidak mungkin bisa di tuntaskan)
Bila kamu tidak mampu menahan susah nya belajar Maka kamu harus kuat menahan pedihnya kebodohan
Belajar itu memang pahit, tapi percayalah akhirnya akan berbuah manis.

Cisco ASA 5505 Firewall Security



pc Server

192.168.3.3

255.255.255.0

dns : 192.168.3.3 / smk-komam.com


pc 0

192.168.2.2

255.255.255.0

192.168.2.1

192.168.3.3


pc 1 (dhcp client)

cmd : ssh -l admin 192.168.1.1



Router

en

conf t

int fa0/0

ip add 100.200.10.2 255.0.0.0

no shu

exit


int fa0/1

ip add 192.168.2.1 255.255.255.0

no shu


====================================


cisco asa konfigurasi

ciscoasa>enable 

Password:(kosong tanpa password langusng enter) 

ciscoasa#conf t

ciscoasa(config)#enable password ciscoenpa55

ciscoasa(config)#interface vlan 1

ciscoasa(config-if)#nameif inside

ciscoasa(config-if)#ip address 192.168.1.1 255.255.255.0

ciscoasa(config-if)#security-level 100

ciscoasa(config-if)#exit


ciscoasa(config)#interface vlan 2

ciscoasa(config-if)#nameif outside

ciscoasa(config-if)#ip address 100.200.10.1 255.0.0.0

ciscoasa(config-if)#security-level 0


ciscoasa(config-if)#show interface ip brief

ciscoasa(config-if)#show ip address

ciscoasa(config-if)#show switch vlan

ciscoasa(config-if)#show run

ciscoasa(config-if)#exit


ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 100.200.10.2

ciscoasa(config)#show route

ciscoasa(config)#object network inside-net

ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0

ciscoasa(config-network-object)#nat (inside,outside) dynamic interface

ciscoasa(config-network-object)#end


ciscoasa#configure terminal 

ciscoasa(config)#class-map inspection_default

ciscoasa(config-cmap)#match default-inspection-traffic

ciscoasa(config-cmap)#exit

ciscoasa(config)#policy-map global_policy

ciscoasa(config-pmap)#class inspection_default

ciscoasa(config-pmap-c)#inspect icmp 

ciscoasa(config-pmap-c)#exit

ciscoasa(config)#service-policy global_policy global

ciscoasa(config)#dhcpd address 192.168.1.3-192.168.1.15 inside 

ciscoasa(config)#dhcpd dns 192.168.3.3 interface inside 

ciscoasa(config)#dhcpd enable inside 

ciscoasa(config)#username admin password adminpa55

ciscoasa(config)#aaa authentication ssh console LOCAL


ciscoasa(config)#crypto key generate rsa modulus 1024

WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.


Do you really want to replace them? [yes/no]: no

ERROR: Failed to create new RSA keys named <Default-RSA-Key>


ciscoasa(config)#ssh 192.168.1.0 255.255.255.0 inside 


ciscoasa(config)#ssh 192.168.2.3 255.255.255.255 outside 

ciscoasa(config)#ssh timeout 10


ciscoasa(config)#interface vlan 3

ciscoasa(config-if)#ip address 192.168.3.1 255.255.255.0

ciscoasa(config-if)#no forward interface vlan 1

ciscoasa(config-if)#nameif dmz

INFO: Security level for "dmz" set to 0 by default.


ciscoasa(config-if)#security-level 70

ciscoasa(config-if)#interface ethernet0/2

ciscoasa(config-if)#switchport access vlan 3


ciscoasa(config-if)# interface ethernet0/3

ciscoasa(config-if)#switchport access vlan 3


ciscoasa(config-if)#exit

ciscoasa(config)#object network dmz-server

ciscoasa(config-network-object)#host 192.168.3.3

ciscoasa(config-network-object)#nat (dmz,outside) static 100.200.10.3

ciscoasa(config-network-object)#exit

ciscoasa#configure terminal 

ciscoasa(config)#access-list OUTSIDE-DMZ permit icmp any host 192.168.3.3

ciscoasa(config)#access-list OUTSIDE-DMZ permit tcp any host 192.168.3.3 eq 80

ciscoasa(config)#access-group OUTSIDE-DMZ in interface outside






 

Posted by