Understand the 8 key commands on a Cisco ASA Security Solution

There are literally thousands of contracts and sub-commands available to configure a Cisco security solution. As you gain knowledge about the device, you can further orders. First, there are only a few commands to configure basic functions on the device. Basic functionality as for access to the interior welcomes guests defines the outside, but not access to the outside host guests inside. In addition, the administration should at least leave a host on the inside. Here are eight basic commands:

** ** The interface command identifies interface be configured with the hardware interface or VLAN interface. Once in configuration mode interface, you can assign physical interfaces switchport and allow them (activate) or you can assign names and security levels for the VLAN interfaces.

** ** nameif nameif command gives the interface a name and assigns a security level. Typical names are outside, inside, or DMZ ** ** Level security
security levels are used by the device to control the flow of traffic. The traffic is allowed, interfaces with higher security level interfaces to flow with low security, but not vice versa. use access lists so that traffic flow from lower security levels to higher security. Security levels off 0-100. The default security level for an interface to the outside is to be equal to 0. For an interface in the default security level 100th used
In the following example configuration, the command interface is first time to the VLAN interfaces with inside and outside, then the DMZ interface is named and a safety factor of 50. assigned
ciscoasa (config) # interface vlan1
ciscoasa (config-if) # nameif inside INFO
. The security level for “inside” set to 100 by default
ciscoasa (config-if) # interface VLAN 2
ciscoasa (config-if) # nameif outside INFO
. The security level for “outside” is set to 0 by default
ciscoasa (config-if) # interface VLAN3
ciscoasa (config-if) # nameif DMZ
ciscoasa (config-if) # security level / >
The IP address command an IP address to a VLAN interface either statically or via DHCP client. With modern versions of software security apparatus, it is not necessary to explicitly configure the default subnet mask. If you have non-standard masks, you must explicitly configure the mask, but otherwise it is not necessary.
In the example configuration below, an IP address assigned to VLAN 1, the internal interface.
ciscoasa (config-if) # interface vlan 1
ciscoasa (config-if) # ip address 192.168.1.1
** ** switchport access
The command switchport access ASA 5505 Security Appliance has a physical interface to a logical (VLAN) interface. In the following example, the command interface to the physical interfaces to identify, assign switch port on the device and let them (the rotation) through the use of “no stopping” explanation.
Ciscoasa (config-if) # interface ethernet 0 / 0
ciscoasa (config-if) # switchport access vlan 2
ciscoasa (config-if) # no shutdown
ciscoasa ( config-if) # interface ethernet 0 / 1
ciscoasa (config-if) # switchport access vlan 1
ciscoasa (config-if) # no shutdown

** ** nat command enables network address translation NAT on the specified interface for a given subnet.
In this example configuration, NAT is enabled on the inside interface for hosts on the subnet 192.168.1.0 / 24 The number “1″ is the inside diameter of the global NAT command to associate a global address list or pool of addresses used inside (Note: .. NAT 0 is the group address to be translated prevent specified.)
Ciscoasa (config) # nat (inside) 1 192.168.1.0 255.255.255.0 ** ** World

The global command is working tandem with the nat command. It identifies the interface (usually outside) through the flow of traffic from the host NAT (usually within hosts) must. There are also the global address list that you use NAT-hosts to connect with the outside world.
In the following example, the hosts associated with NAT ID 1 to use the global address 12.3.4.5 on the external interface. Ciscoasa
(config) # global (outside) is 1 12.3.4.5
In this further example of the use of “global” declaration interface firewall with NAT ID 1 assigned to the address assigned to hosts via DHCP world use on the external interface.
Ciscoasa (config) # global (outside) 1 />
The road link command in its simplest form, has a default route for traffic, usually a router, a ISP. It can also be used in conjunction with access lists to certain types of traffic to specific hosts to specific subnets.
This example configuration will use the route command to configure a default route on the ISP router to 12.3 4.6 .. The two zeroes before the ISP’s router address are shorthand for an IP address 0.0.0.0 and a mask of 0.0.0.0. The declaration recognizes the external interface, which is the traffic on the default route to reach.
Ciscoasa (config-if) # route outside 0 0 3.12 .4.6
The above commands create a very basic firewall, but frankly, with a sophisticated device like a Cisco PIX or ASA security appliances serve as a basic firewall is too high. The other commands are the hostname, the firewall, Telnet or SSH to identify, enable remote administration, assign commands DHCPD the firewall, IP addresses to hosts on the inside leave and to enable route static and access-list commands internal Hosts such as Web servers or DMZ DMZ mail server accessible to Internet hosts.