Configure Cisco ASA 5506-X Firewall for M1 Leased Line
From: Turritopsis Dohrnii Teo En Ming
Date: Sun Oct 11 2020 - 07:59:51 EST
Subject: Configure Cisco ASA 5506-X Firewall for M1 Leased Line
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 11 October 2020 Sunday Singapore Time
Type of Publication: Plain Text
Document Version: 20201011.01
Cisco ASA Firewall CLI commands:
enable
conf t
interface GigabitEthernet1/8 (M1 Leased Line connected to Port 8)
no shut
ip address aaa.bbb.108.212 255.255.255.248
nameif M1-Leased-Line
security-level 50
route outside 0.0.0.0 0.0.0.0 aaa.bbb.ccc.121 5 track 1
route M1-Leased-Line aaa.bbb.108.0 255.255.255.0 aaa.bbb.108.209 1
object network Quantum
subnet aaa.bbb.108.0 255.255.255.0
same-security-traffic permit intra-interface
access-list nat_inside_quantum extended permit ip aaa.bbb.23.0
255.255.255.0 aaa.bbb.108.0 255.255.255.0
access-list nat_inside_quantum extended permit ip aaa.bbb.108.0
255.255.255.0 aaa.bbb.23.0 255.255.255.0
Teo En Ming’s Original NAT rule (partially correct only):
nat (inside,M1-Leased-Line) source static NETWORK_OBJ_aaa.bbb.23.0_24
NETWORK_OBJ_aaa.bbb.23.0_24 destination static Quantum Quantum
no-proxy-arp route-lookup
NAT rule corrected/fixed by boss (FINAL VERSION):
nat (inside,M1-Leased-Line) source static NETWORK_OBJ_aaa.bbb.23.0_24
interface destination static Quantum Quantum
Useful Troubleshooting Commands
===============================
show interface ip brief
show route | begin Gateway
show nat (Very Important Command to use)
packet-tracer input inside tcp aaa.bbb.23.10 12345 aaa.bbb.108.180 22
Quantum Linux Servers
=====================
aaa.bbb.108.180 (Primary Linux Server)
aaa.bbb.108.181 (Backup Linux Server)
aaa.bbb.108.182 (UAT Linux Virtual Machine)
aaa.bbb.108.183 (IDRAC of Primary Linux Server)
aaa.bbb.108.184 (IDRAC of Backup Linux Server)
Useful Reading Resources
========================
[1] Cisco ASA 5506-X | Leased Line w/DSL Failover | Default Route
Preference
https://www.reddit.com/r/networking/comments/fhff1m/cisco_asa_5506x_leased_line_wdsl_failover_default/
[2] ASA Dual ISP using IP SLA
https://integratingit.wordpress.com/2019/11/24/asa-dual-isp-using-ip-sla/
[3] Static route on inside interface of ASA does'nt work
https://community.cisco.com/t5/network-security/static-route-on-inside-interface-of-asa-does-nt-work/td-p/914826
[4] Cisco ASA 8.3 - No NAT / NAT Exemption
https://www.fir3net.com/Firewalls/Cisco/cisco-asa-83-no-nat-nat-exemption.html
[5] NAT: Untranslate_hits
https://community.cisco.com/t5/switching/nat-untranslate-hits/td-p/1056571
[6] Cisco ASA Firewall Packet Tracer
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html
[7] Cisco ASA NAT – Configuration Guide
https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/
--
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----