Scenario
Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the
required ASA configurations to meet the requirements.
New additional connectivity requirements:
Currently, the ASA configurations only allow on the Inside and DMZ networks to access any hosts on the
Outside. Your task is to use ASDM to configure the ASA to also allow any host only on the Outside to HTTP to
the DMZ server. The hosts on the Outside will need to use the 209.165.201.30 public IP address when
HTTPing to the DMZ server.
Currently, hosts on the ASA higher security level interfaces are not able to ping any hosts on the lower security
level interfaces. Your task in this simulation is to use ASDM to enable the ASA to dynamically allow the echoreply responses back through the ASA.
Once the correct ASA configurations have been configured:
You can test the connectivity to http://209.165.201.30 from the Outside PC browser.
You can test the pings to the Outside (www.cisco.com) by opening the inside PC command prompt window. In
this simulation, only testing pings towww.cisco.comwill work.
To access ASDM, click the ASA icon in the topology diagram.
To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram.
To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram.
Note:
After you make the configuration changes in ASDM, remember to click Apply to apply the configuration
changes.
Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods
to configure the ASA to meet the requirements.
In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM.
Answer: See the explanation
Explanation:
Follow the explanation part to get answer on this sim question.
First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it can be given any name.Then, create the firewall rules to allow the HTTP access:
You can verify using the outside PC to HTTP into 209.165.201.30.
===================================
For step two, to be able to ping hosts on the outside, we edit the last service policy shown below:And then check the ICMP box only as shown below, then hit Apply.
After that is done, we can ping www.cisco.com again to verify:
Is this the only lab in the exam?
Today I took my examn and that the lab that I was resolved.