Basic ASA Settings : NAT, CLASS-MAP, & POLICY-MAP

           No comments

Configure ASA Interfaces

!
interface GigabitEthernet0
nameif outside
security-level 0
ip address 209.165.100.226 255.255.255.248
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!

Configure Telnet Services

ASA1(config)# passwd password-telnet
ASA1(config)# telnet 192.168.1.0 255.255.255.0 inside
ASA1(config)# telnet timeout 10

Configure Default Gateway

ASA1(config)# route outside 0.0.0.0 0.0.0.0 209.165.100.225
Hasil :
ASA1(config)# show route

----cut----

Gateway of last resort is 209.165.100.225 to network 0.0.0.0

C    192.168.1.0 255.255.255.0 is directly connected, inside
C    209.165.100.224 255.255.255.248 is directly connected, outside

S*   0.0.0.0 0.0.0.0 [1/0] via 209.165.100.225, outside

Configure NAT

ASA1(config)# object network INTRA
ASA1(config-network-object)# subnet 192.168.1.0 255.255.255.0
ASA1(config-network-object)# nat (inside,outside) dynamic interface
Verifikasi :
ASA1# show run object
object network INTRA
 subnet 192.168.1.0 255.255.255.0
ASA1# show run nat
!
object network INTRA
 nat (inside,outside) dynamic interface
ASA1# show nat

Auto NAT Policies (Section 2)
1 (inside) to (outside) source dynamic INTRA interface

    translate_hits = 3, untranslate_hits = 96
ASA1# show xlate
0 in use, 2 most used
Testing ping dilakukan dari Klien A (SLAX-1)  menuju network lua, dan berikut adalah hasil capture packet dari link antara ASA1 dan router ISP.
Terlihat, NAT sudah beroperasi dengan baik, Tapi..
Ping dari sisi klien (SLAX-1) terlihat tidak berjalan
Karena alasan tertentu, trafik ping bisa keluar dari ASA menuju network luar tapi trafik tersebut tidak diijinkan masuk kembali (ke ASA).

Configure Policy

Buat class-map dan policy-map untuk meng-inspect trafik ICMP.
ASA1(config)# show run class-map
!
class-map inspection_default
 match default-inspection-traffic
!
ASA1(config)# show run policy-map
!
policy-map global_policy
 class inspection_default
  inspect icmp
!
ASA1(config)# show running-config service-policy
service-policy global_policy global
ASA1(config)# show run
------cut----------
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect icmp
!
service-policy global_policy global
------cut----------
Hasilnya
Share:
spacer

No comments:

Post a Comment