Cisco Statefull Firewalls – IOS – ASA In the previous section we discussed about some of the vendors offering the firewall services. Like we got Sonic Wall Watch card, palo Alto, Juniper, and here, our main focus will be on Cisco. Now, Cisco also offers the firewall services. Generally most of the firewall supports statefoot, typically referred as straightforward firewalls, but they may add some additional benefits depending upon the platforms, depending upon the additional modules, what you add, or adding some specific services into that. So we can use…

ZBF – Classify Traffic using Class-Maps Now, once we assign the interfaces to the secretary zones, like in the previous video, we have configured this interface as a land secretary zone and then this is like internet. Now we need to define what traffic you want to allow from land to Internet. So that is what classification. So classification is like we need to match a specific traffic which needs to be allowed or deny between the security zones. Of course, by default traffic is denied. So you may want…

IOS – Zone Based Firewall Now in this section our main focus will be on understanding the same firewall concepts on the Cisco iOS router. Now, there is something called zonebased firewall feature which can be implemented on a Cisco iOS router which is going to provide a firewall feature similar to ASAP. So just like ASAP, it also provides some deep spacket inspection. So if we get back to the previous concepts like the firewall, typically firewall, the basic definition is like it’s a system or a group of…

ASA Security Policies – Default Now the next thing we’ll see the ASAP basic 3D policies will verify here. So in the previous video I did the basic setup on the ASA with this configurations. So if I say show interface IP brief you can see the interface configurations and also on the router I do have the basic IP configuration. The router one is connecting on if zero resident interface is to ASA and I do have reachability between the router one and the ASA as well as from…

Manage Cisco CLI – ASA – GUI So managing the Cisco ASA. Now we can manage the Cisco ASA either by the command line, by using the command line just like we do it on the routers. So I can connect the console cable to the console port and we can manage it by a console. Or if we have some IP connectivity to the Ethernet port, we can still manage with either by using a tenant or SSH is mobile prefer way to do the remote access because it’s…

ACL Object Groups In object groups. Now object groups is a method of grouping similar items together to minimize the number of access control entries. Now in general in the previous example we have seen some ACLs like if you take an example you have a very big environment where you need to write down plenty of its access control rules. Now the number of access control entries you are going to write, it goes going to increase depending upon the number of servers we have, the number of source…

ASA ACls – Overview Now the next thing we’ll talk about access control list. At this point of time I expect you to have some basic understanding of the ACL topic which is generally covered in the CCA and audio switching. So I’ll quickly walk through with the overview of the ACLs and then we’ll see what are the differences between the ASA ACLs and the ACLs in the ACL, ACLs in the ASA as well as in the routers. What are the similarities and what are the other dissimilarities?…

Dynamic PAT – with Exit interface In here we’ll see the configuration on Nat. Sorry Pat Porter translation but this time we’ll be using exit interface. So if you try to verify what we did in the previous sessions, in the previous video I covered Pat by using a single public IP where I’m translating ten one dot subnet getting translated to one single public IP that is 51 one. So this was a configuration and then we’d test it out with some Cellnet and then show excellent commands. But…

PRivate IP – Public IP In this video we’ll see the difference between the private and the public IP addresses. Now, generally the public IP addresses are used on the internet. So if you want to send any traffic, any traffic going on the internet must have some registered public IP and this public IP is globally unique. So which means when you are sending any packet on the internet, because internet is a network where everyone is connected. So when the packet is going, it must be unique. So…

Create a Virtual NAT In this video, we’re going to talk about the concept of a net gateway. Net stands for Network Address Translation and is primarily used to provide outbound to Internet connectivity for virtual networks. So what this means is that you can have your virtual machines that have private IP addresses connect to the Internet over a known and predetermined IP address. So you could assign your virtual machines a public IP address, and that’s the IP it will use to communicate. You could put your VMs…