Configure Cisco ASA 5506-X Firewall for M1 Leased Line

From: Turritopsis Dohrnii Teo En Ming
Date: Sun Oct 11 2020 - 07:59:51 EST


Subject: Configure Cisco ASA 5506-X Firewall for M1 Leased Line

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 11 October 2020 Sunday Singapore Time

Type of Publication: Plain Text
Document Version: 20201011.01

Cisco ASA Firewall CLI commands:

enable
conf t
interface GigabitEthernet1/8 (M1 Leased Line connected to Port 8)
no shut
ip address aaa.bbb.108.212 255.255.255.248
nameif M1-Leased-Line
security-level 50

route outside 0.0.0.0 0.0.0.0 aaa.bbb.ccc.121 5 track 1
route M1-Leased-Line aaa.bbb.108.0 255.255.255.0 aaa.bbb.108.209 1

object network Quantum
subnet aaa.bbb.108.0 255.255.255.0

same-security-traffic permit intra-interface

access-list nat_inside_quantum extended permit ip aaa.bbb.23.0 255.255.255.0 aaa.bbb.108.0 255.255.255.0

access-list nat_inside_quantum extended permit ip aaa.bbb.108.0 255.255.255.0 aaa.bbb.23.0 255.255.255.0

Teo En Ming’s Original NAT rule (partially correct only):

nat (inside,M1-Leased-Line) source static NETWORK_OBJ_aaa.bbb.23.0_24 NETWORK_OBJ_aaa.bbb.23.0_24 destination static Quantum Quantum no-proxy-arp route-lookup

NAT rule corrected/fixed by boss (FINAL VERSION):

nat (inside,M1-Leased-Line) source static NETWORK_OBJ_aaa.bbb.23.0_24 interface destination static Quantum Quantum

Useful Troubleshooting Commands
===============================

show interface ip brief
show route | begin Gateway
show nat (Very Important Command to use)
packet-tracer input inside tcp aaa.bbb.23.10 12345 aaa.bbb.108.180 22

Quantum Linux Servers
=====================

aaa.bbb.108.180 (Primary Linux Server)
aaa.bbb.108.181 (Backup Linux Server)
aaa.bbb.108.182 (UAT Linux Virtual Machine)
aaa.bbb.108.183 (IDRAC of Primary Linux Server)
aaa.bbb.108.184 (IDRAC of Backup Linux Server)

Useful Reading Resources
========================

[1] Cisco ASA 5506-X | Leased Line w/DSL Failover | Default Route Preference

https://www.reddit.com/r/networking/comments/fhff1m/cisco_asa_5506x_leased_line_wdsl_failover_default/

[2] ASA Dual ISP using IP SLA

https://integratingit.wordpress.com/2019/11/24/asa-dual-isp-using-ip-sla/

[3] Static route on inside interface of ASA does'nt work

https://community.cisco.com/t5/network-security/static-route-on-inside-interface-of-asa-does-nt-work/td-p/914826

[4] Cisco ASA 8.3 - No NAT / NAT Exemption

https://www.fir3net.com/Firewalls/Cisco/cisco-asa-83-no-nat-nat-exemption.html

[5] NAT: Untranslate_hits

https://community.cisco.com/t5/switching/nat-untranslate-hits/td-p/1056571

[6] Cisco ASA Firewall Packet Tracer

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

[7] Cisco ASA NAT – Configuration Guide

https://www.practicalnetworking.net/stand-alone/cisco-asa-nat/







--
-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----