Cisco ASA 5505 Basit Yapılandırılması

Emre Emanet
2 min readOct 12, 2019

--

Topolojiyi oluşturduktan sonra ilk olarak ASA Firewall’ın varsayılan ayarlarını kapatıyoruz.

ciscoasa>enable
ciscoasa#configure terminal
ciscoasa#show running-config
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#no ip address
ciscoasa(config)#no dhcpd address 192.168.1.5–192.168.1.36 inside
ciscoasa(config)#end
ciscoasa# show running-config

Ardından VLAN oluşturuyoruz. Çünkü ASA 5505’de Firewall’ın çıkış portları Layer 2 switch gibidir. Interface’lerine IP verilemez. VLAN yapılandırılabilir.

ciscoasa#configure terminal
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#ip address 172.16.1.1 255.255.255.0
ciscoasa(config-if)#nameif inside
ciscoasa(config-if)#security-level 100
ciscoasa(config-if)#exit
ciscoasa(config)#interface ethernet 0/1
ciscoasa(config-if)#switchport access vlan 1
ciscoasa(config-if)#exit
ciscoasa(config)#interface vlan 2
ciscoasa(config-if)#ip address 203.1.1.2 255.255.255.0
ciscoasa(config-if)#nameif outside nameif’e istediğimiz ismi verebiliriz.
ciscoasa(config-if)#security-level 0 security leveli istediğimiz gibi ayarlanabilir
ciscoasa(config-if)#exit
ciscoasa(config)#interface ethernet 0/0
ciscoasa(config-if)#switchport access vlan 2
ciscoasa(config-if)#exit

DHCP ve DNS ayarlarını yapıyoruz.

ciscoasa(config)#dhcpd address 172.16.1.5–172.16.1.6 inside
ciscoasa(config)#dhcpd dns 8.8.8.8 interface inside

Son olarak NAT konfigürasyonu ve internete çıkış için kurallar yazıyoruz.

ciscoasa(config)#object network LAN
ciscoasa(config-network-object)#subnet 172.16.1.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface
ciscoasa(config-network-object)#exit
ciscoasa#configure terminal
ciscoasa(config)#access-list internet_icin_kural extended permit tcp any any
ciscoasa(config)#access-list internet_icin_kural extended permit icmp any any
ciscoasa(config)#access-group internet_icin_kural in interface outside
ciscoasa(config)#exit

Router’a yapılan yapılandırma interface’lerine IP vermek ve basit OSPF yapılandırmasından ibarettir.

Cisco 1841 Router Yapılandırması

Router>enable
Router#configure terminal
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 203.1.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#int fa0/1
Router(config-if)#ip address 8.8.8.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#router ospf 1
Router(config-router)#network 203.1.1.0 0.0.0.255 area 0
Router(config-router)#network 8.8.8.0 0.0.0.255 area 0
Router(config-router)#exit
Router#copy running-config startup-config

Cisco ASA 5505 Yapılandırma

ciscoasa>enable
ciscoasa#configure terminal
ciscoasa#show running-config
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#no ip address
ciscoasa(config)#no dhcpd address 192.168.1.5–192.168.1.36 inside
ciscoasa(config)#end
ciscoasa#show running-config
ciscoasa#configure terminal
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#ip address 172.16.1.1 255.255.255.0
ciscoasa(config-if)#nameif inside
ciscoasa(config-if)#security-level 100
ciscoasa(config-if)#exit
ciscoasa(config)#interface ethernet 0/1
ciscoasa(config-if)#switchport access vlan 1
ciscoasa(config-if)#exit
ciscoasa(config)#interface vlan 2
ciscoasa(config-if)#ip address 203.1.1.2 255.255.255.0
ciscoasa(config-if)#nameif outside
ciscoasa(config-if)#security-level 0
ciscoasa(config-if)#exit
ciscoasa(config)#interface ethernet 0/0
ciscoasa(config-if)#switchport access vlan 2
ciscoasa(config-if)#exit
ciscoasa(config)#dhcpd address 172.16.1.5–172.16.1.6 inside
ciscoasa(config)#dhcpd dns 8.8.8.8 interface inside
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 203.1.1.1
ciscoasa(config)#object network LAN
ciscoasa(config-network-object)#subnet 172.16.1.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface
ciscoasa(config-network-object)#exit
ciscoasa#configure terminal
ciscoasa(config)#access-list internet_icin_kural extended permit tcp any any
ciscoasa(config)#access-list internet_icin_kural extended permit icmp any any
ciscoasa(config)#access-group internet_icin_kural in interface outside
ciscoasa(config)#exit
ciscoasa#copy running-config startup-config

--

--