Skip to content

Latest commit

 

History

History
91 lines (57 loc) · 5.32 KB

11.Lab_Topologies.md

File metadata and controls

91 lines (57 loc) · 5.32 KB

Cisco ASA Firewall Training Labs

Welcome to the Cisco ASA Firewall Training Labs repository! This repository contains a series of hands-on labs designed to help you learn and practice various concepts related to Cisco ASA firewall configuration and management.

Introduction

Cisco ASA (Adaptive Security Appliance) is a security device that provides firewall, VPN, and other security services to protect networks and data. Understanding how to configure and manage Cisco ASA firewalls is essential for network administrators and security professionals.

In these labs, you will get hands-on experience with configuring Cisco ASA firewalls using real-world scenarios. Each lab is designed to cover specific topics, such as basic configuration, security policies, NAT, VPN, high availability, and more. By completing these labs, you will gain practical skills and knowledge that you can apply in real-world network environments.

Lab Topology

The lab topologies provided in this repository are designed to simulate typical network environments using EVE-NG (Emulated Virtual Environment - Next Generation). EVE-NG allows you to create and manage virtual networks using Cisco, Juniper, and other network devices in a virtualized environment.

How to Use

  1. Download Required Images and Licenses: Before you start, download the required Cisco ASA images and VMware licenses from the provided GitHub repositories:

  2. Set Up EVE-NG Environment: Install and configure EVE-NG on your system following the provided instructions.

  3. Import Lab Topologies: Import the lab topologies provided in this repository into your EVE-NG environment.

  4. Start Lab Exercises: Follow the lab instructions provided in each lab folder. You will be guided through the configuration steps for each lab topic.

  5. Practice and Experiment: Once you have completed the initial configurations, feel free to experiment with different settings and scenarios to further enhance your understanding.

Note

The exact solutions or configurations for the labs will be uploaded after some days. In the meantime, challenge yourself to think critically and apply your theoretical knowledge to complete the lab exercises. Remember, understanding the concepts and principles behind the configurations is key to becoming proficient with Cisco ASA firewalls.

Happy learning!


PROBLEM 1

Lab Topology: Cisco ASA High Availability (HA) Failover Configuration

Lab Topology

Download Lab Topology or click on image

Instructions

Objective

The objective of this lab is to configure High Availability (HA) failover between two Cisco ASA firewalls, ensuring redundancy and continuous availability of network services. The lab will include configuration of active and standby units with stateless and stateful failover, ACLs, ICMP inspection, routing, and interface settings.

Topology Overview

  • The lab topology consists of two Cisco ASA firewalls configured in an active/standby failover setup.
  • The Inside network (LAN) is assigned the IP address range 10.1.1.0/24.
  • The Outside network (Internet) is assigned the IP address range 11.1.1.0/24.
  • The Stateful link network is assigned the IP address range 10.3.3.0/24.
  • The Stateless LAN network is assigned the IP address range 10.2.2.0/24.
  • Each firewall has two interfaces: Inside and Outside.

Configuration Steps

  1. Basic Configuration:

    • Configure the hostname of the firewalls as "ASA-Active" and "ASA-Standby".
    • Set the Inside interface IP address to 10.1.1.1/24 on the active unit and 10.1.1.2/24 on the standby unit.
    • Set the Outside interface IP address to 11.1.1.1/24 on both units.

  2. Failover Configuration:

    • Enable failover and specify the failover and stateful link interfaces.
    • Configure the failover IP address and standby IP address.
    • Set the stateful link IP address to 10.3.3.1/24 on the active unit and 10.3.3.2/24 on the standby unit.

  3. ACL and ICMP Inspection:

    • Configure access control lists (ACLs) to permit/deny traffic as per requirements.
    • Enable ICMP inspection for ICMP traffic.

  4. Routing:

    • Configure static routes for routing traffic between networks and to the internet.
    • Verify routing table entries to ensure proper routing.

Verification

  • Verify failover status and synchronization between active and standby units using the show failover command.
  • Test failover functionality by disconnecting interfaces or shutting down the active unit to simulate failover.
  • Verify reachability of devices on the Inside, Outside, stateful link, and stateless LAN networks from both firewalls.

PROBLEM 2

coming soon....