In this task, we will enable Dynamic NAT for the traffic generating from INSIDE to OUTSIDE and for the traffic going from DMZ to OUTSIDE.Ĭonfiguring IP addresses on all routers and ASA. Three routers namely Router1 (IP address – 10.1.1.1/24), Router2 (IP address – 11.1.1.1/24) and Router3 (IP address – 101.1.1.1) are connected to ASA (IP address- 10.1.1.2/24, name – INSIDE and security level – 100 on Gi0/0, IP address – 11.1.1.2/24, name – DMZ and security level – 50 on Gi0/1, IP address – 101.1.1.2/24, name-OUTSIDE and security level – 0 on Gi0/2) as shown in the above figure. This step will specify the direction in which NAT should take place and on what IP address (Public IP address) the private IP address should be translated.įor example NAT (DMZ, OUTSIDE), Dynamic Private_hosts Public_pool: This states that the Dynamic NAT operation will take place when the traffic is going from DMZ to OUTSIDE and will translate the IP address (specified in the network object Private_hosts) to the available IP address of Pool (Public_pool). One will specify the hosts or subnet (private IP address) on which NAT should be applied and the other will the pool of public IP addresses.
This will state the host or subnet on which Dynamic NAT will be applied. The access-group command will be used to state the direction (out or in) in which the action (specified above) should be taken place.
In the networking and IT world in general, having accurate time settings on all the devices of the network is of paramount importance. Both an authenticated and non-authenticated NTP is supported:Ĭiscoasa(config)# ntp server source Ĭiscoasa(config)# ntp server 10.1.23.45 source insideĬiscoasa(config)# ntp authentication-key md5 Ĭiscoasa(config)# ntp trusted-key Ĭiscoasa(config)# ntp server key source Ĭiscoasa(config)# ntp authentication-key 32 md5 secretkey1234Ĭiscoasa(config)# ntp server 10.1.2.3 key 32source inside If there is an NTP server in the network that provides accurate clock settings, then you can configure the firewall to synchronize its time with the NTP server. To configure the time zone and the summer daylight saving time use the commands below:Ĭiscoasa(config)# clock timezone Ĭiscoasa(config)# clock summer-time recurring Ĭiscoasa(config)# clock summer-time MST recurring 1 Sunday April 2:00 last Sunday October 2:00 Configure Network Time Protocol (NTP): Configure Time Zone and Daylight Saving Time:
To verify the correct clock on the appliance, use the show clock command.