DMZ configuration for the ASA

DMZ configuration for the ASA

Creating a DMZ with a Cisco ASA 5505

Creating a DMZ on an ASA is an easy way for small business clients to offer internet access to workers who sub lease office space from without granting access to the company server or other network resources.  One only needs to add a few lines to a standard configuration.

  1. Telnet into your ASA and enter the enable mode.
  2. Create a new VLAN. This articles assumes that the VLan 2 is facing the internet and Vlan 1 is the inside interface.

enter the configuration terminal by typing:

ASA#: conf t

create the vlan:

ASA(config)# int vlan3

turn off interface forwarding:

ASA(config-if)# no forward interface Vlan1

Name the vLan:

ASA(config-if)# nameif dmz

Set Security level:

ASA(config-if)#security-level 50

Give IP Address:

ASA(config-if)#ip address 192.168.xx.1 255.255.255.0

Exit vlan interface configuration:

ASA(config-if)#exit

  1. link port 7 of the firewall to the DMZ (note that by default it is linked to the inside interface)

conifigure the switch port:

ASA(config)# interface Ethernet0/7

link the switchport to the vlan

ASA(config-if)# switchport access vlan 3

ASA(config-if)# exit

  1. Set up DHCP and DNS:

ASA(config)# dhcpd address 192.168.60.100-192.168.60.150 dmz

ASA(config)# dhcpd dns 4.2.2.1 interface dmz

ASA(config)# dhcpd enable dmz

  1. Set up Network Address Translation:

ASA(config)# nat (dmz) 1 0.0.0.0 0.0.0.0

  1. Don’t forget to:

ASA# write

mm
Steve Boullianne, High school drop-out. College drop-out. A go-go dancer in Amsterdam. LOVED computers, programmed satellites for AT&T. Founded IPSOFACTO in 1996, Y2K boom, Dot-Com boom, 2.0 boom. Likes his smallish company and human relationships; not into big anonymous IT. Loves to tell jokes. Loves and Hates technology; pick up the phone, ok? Thinks on line hook up sites have saved the world from AIDS and DateRape. Thinks his kids are better collaborators and world leaders thanks to video games. Is still a hip-hop dancer; is NOT a Brony. Loves San Francisco; Hates the homeless crisis. Tells young people to buy real estate, as soon as possible. Don’t rent. Hopes his final years are spent handing out blankets, food, clothes, and medical supplies.