Your task in this simulation is to use ASDM to enable t…

Scenario
Given the new additional connectivity requirements and the topology diagram, use
ASDM to accomplish the required ASA configurations to meet the requirements.
New additional connectivity requirements:
– Currently, the ASA configurations only allow on the Inside and DMZ networks to
access any hosts on the Outside. Your task is to use ASDM to configure the ASA to
also allow any host only on the Outside to HTTP to the DMZ server. The hosts on the
Outside will need to use the 209.165.201.30 public IP address when HTTPing to the
DMZ server.
– Currently, hosts on the ASA higher security level interfaces are not able to ping any
hosts on the lower security level interfaces. Your task in this simulation is to use
ASDM to enable the ASA to dynamically allow the echo-reply responses back through
the ASA.
Once the correct ASA configurations have been configured:
– You can test the connectivity tohttp://209.165.201,30from the Outside PC browser.
– You can test the pings to the Outside (www.cisco.com) by opening the inside PC
command prompt window. In this simulation, only testing pings to www.cisco.com
will work.
To access ASDM, click the ASA icon in the topology diagram.
To access the Firefox Browser on the Outside PC, click the Outside PC icon in the
topology diagram.
To access the Command prompt on the Inside PC, click the Inside PC icon in the
topology diagram.
Note:
After you make the configuration changes in ASDM, remember to click Apply to apply
the configuration changes.
Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try
to use different methods to configure the ASA to meet the requirements.
In this simulation, some of the ASDM screens may not look and function exactly like
the real ASDM.

Scenario
Given the new additional connectivity requirements and the topology diagram, use
ASDM to accomplish the required ASA configurations to meet the requirements.
New additional connectivity requirements:
– Currently, the ASA configurations only allow on the Inside and DMZ networks to
access any hosts on the Outside. Your task is to use ASDM to configure the ASA to
also allow any host only on the Outside to HTTP to the DMZ server. The hosts on the
Outside will need to use the 209.165.201.30 public IP address when HTTPing to the
DMZ server.
– Currently, hosts on the ASA higher security level interfaces are not able to ping any
hosts on the lower security level interfaces. Your task in this simulation is to use
ASDM to enable the ASA to dynamically allow the echo-reply responses back through
the ASA.
Once the correct ASA configurations have been configured:
– You can test the connectivity tohttp://209.165.201,30from the Outside PC browser.
– You can test the pings to the Outside (www.cisco.com) by opening the inside PC
command prompt window. In this simulation, only testing pings to www.cisco.com
will work.
To access ASDM, click the ASA icon in the topology diagram.
To access the Firefox Browser on the Outside PC, click the Outside PC icon in the
topology diagram.
To access the Command prompt on the Inside PC, click the Inside PC icon in the
topology diagram.
Note:
After you make the configuration changes in ASDM, remember to click Apply to apply
the configuration changes.
Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try
to use different methods to configure the ASA to meet the requirements.
In this simulation, some of the ASDM screens may not look and function exactly like
the real ASDM.

Answer: See the explanation

Explanation:
Step 1: Firewall, Configuration, NAT Rules, Name=WebSvr, IP version IPv4, IP
address=172.16.1.2 Static NAT=209.165.201.30

Step 2: Firewall, Config, Access Rules, Interface=Outside, Action=Permit, Source=any,
Destination=209.165.201.30, Service=tcp/http
Step 3: Firewall, Config, Service policy Rules, Click Global Policy and edit, Rule Action
tab, Click ICMP and apply
Step 4: Ping www.cisco.com from Inside PC
Step 5: Type http://209.165.201.30 in web browser in the Outside PC

First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it
can be given any name.
Then, create the firewall rules to allow the HTTP access:
You can verify using the outside PC to HTTP into 209.165.201.30.
For step two, to be able to ping hosts on the outside, we edit the last service policy
shown below:
And then check the ICMP box only as shown below, then hit Apply.
After that is done, we can ping www.cisco.com again to verify:

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *