asa…

security

some quick notes…

asa-sec(config)# sh ip add
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
GigabitEthernet0         outside                209.165.200.226 255.255.255.248 manual
GigabitEthernet1         inside                 192.168.1.1     255.255.255.0   manual
GigabitEthernet2         dmz                    192.168.2.1     255.255.255.0   manual
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
GigabitEthernet0         outside                209.165.200.226 255.255.255.248 manual
GigabitEthernet1         inside                 192.168.1.1     255.255.255.0   manual
GigabitEthernet2         dmz                    192.168.2.1     255.255.255.0   manual

remember when you configure the network object with nat you do them together… the show output splits them…

asa-sec(config)# object network dmz-server
asa-sec(config-network-object)# host 192.168.2.3
asa-sec(config-network-object)# nat (dmz,outside) static 209.165.200.227
asa-sec(config-network-object)#

 

asa-sec(config)# sh run object
object network inside-net
subnet 192.168.1.0 255.255.255.0
object network dmz-server
host 192.168.2.3

asa-sec(config)# sh run nat
!
object network inside-net
nat (inside,outside) dynamic interface
object network dmz-server
nat (dmz,outside) static 209.165.200.227

SSH

asa-sec(config)# ssh 172.16.3.3 255.25.255.255 outside

ssh_asa

access-list for dmz…

asa-sec(config)# sh run access-list
access-list OUTSIDE-DMZ extended permit ip any host 192.168.2.3
asa-sec(config)# sh run access-group
access-group OUTSIDE-DMZ in interface outside