Please enable JavaScript.

Coggle requires JavaScript to display documents.

:<3: ASA Firewall Configuration :<3:, image, image, image - Coggle…

- - - - Manually using the CLI
      - Interactively using the CLI Setup Initialization wizard
      - Using the ASDM Startup wizard
  - - - The ASA CLI is a proprietary operating system with an interface similar to Cisco's IOS router. It offers functionalities such as:
      - Abbreviation of commands and keywords.
      - Use of the Tab key for command auto-completion.
      - Use of "?" to view syntax options.
- - - - Each ASA interface has a security level from 0 (lowest) to 100 (highest). For example: Inside network: Level 100 (most secure), Outside network: Level 0 (least secure), DMZs: Intermediate levels. Interfaces can share the same security level. By default, traffic from higher to lower security levels is permitted; lower to higher is denied unless configured otherwise. Traffic between same-level interfaces is allowed if globally enabled. The outside interface can be configured with an IP manually or via ip address dhcp for ISPs using DHCP.
- - - - A network object identifying the pool of public IP addresses into which internal addresses are translated. These are identified using range or subnet network object commands.
      - The second network object identifies the internal addresses to be translated and then binds the two objects together. These are identified using the range or subnet network object commands.
  - - - Inside NAT - The typical NAT deployment method is when a host from a higher-security interface has traffic destined for a lower-security interface and the ASA translates the internal host address into a global address. The ASA then restores the original inside IP address for return traffic.
      - Outside NAT - This method is used when traffic from a lower-security interface that is destined for a host on the higher-security interface must be translated. This method may be useful to make an enterprise host located on the outside of the internal network appear as one from a known internal IP address.
      - Bidirectional NAT - Indicates that both inside NAT and outside NAT are used together.
- - - - AAA is conceptually similar to using a credit card, as shown in the figure. Authentication controls access by requiring valid user credentials, which are usually a username and password. The ASA can authenticate all administrative connections to the ASA, including Telnet, SSH, console, ASDM using HTTPS, and privileged EXEC.
        Authorization controls access, per user, after users are authenticated. Authorization controls the services and commands that are available to each authenticated user. Without authorization enabled, authentication alone would provide the same access to services for all authenticated users. The ASA can authorize management commands, network access, and VPN access.
- - - - Network objects can consist of the following:
      - host - a host address
      - fqdn - a fully-qualified domain name
      - range - a range of IP addresses
      - subnet - an entire IP network or subnet