Friday, February 22, 2013

Do port forwarding in Cisco ASA firewall

Port forwarding in Cisco ASA firewall:

access-list outside_access_in extended permit tcp any interface outside eq 2011
!eq 2011 is remote port to forward

static (inside,outside) tcp interface 2011 192.168.10.229 2011 netmask 255.255.255.255
!Do NAT between inside & outside with tcp port 2011 to local ip add 192.168.10.229

access-group outside_access_in in interface outside
!Apply access list access in from outside interface

Configure DHCP on a Cisco router or switch

Getting started

Let's look at how to configure basic DHCP on an IOS-based router. For this example, we'll start off with the default configuration on a Cisco 2611 router running IOS 12.2. (The configuration should be the same—or very similar—on all IOS-based routers).
To begin, connect the router's Ethernet port to a switch, and connect the switch to a laptop, which will serve as the DHCP client.
To configure Cisco IOS DHCP, follow these steps, which include sample commands:
  1. Configure an IP address on the router's Ethernet port, and bring up the interface. (On an existing router, you would have already done this.)
Router(config)# interface ethernet0/0
 Router(config-if)#ip address 1.1.1.1 255.0.0.0
 Router(config-if)# no shutdown
  1. Create a DHCP IP address pool for the IP addresses you want to use.
Router(config)# ip dhcp pool mypool
  1. Specify the network and subnet for the addresses you want to use from the pool.
Router(dhcp-config)# network 1.1.1.0 /8   
  1. Specify the DNS domain name for the clients.
Router(dhcp-config)#domain-name mydomain.com
  1. Specify the primary and secondary DNS servers.
Router(dhcp-config)#dns-server 1.1.1.10 1.1.1.11
  1. Specify the default router (i.e., default gateway).
Router(dhcp-config)#default-router 1.1.1.1
  1. Specify the lease duration for the addresses you're using from the pool.
Router(dhcp-config)#lease 7
  1. Exit Pool Configuration Mode.
Router(dhcp-config)#exit
This takes you back to the global configuration prompt. Next, exclude any addresses in the pool range that you don't want to hand out.
For example, let's say that you've decided that all IP addresses up to .100 will be for static IP devices such as servers and printers. All IP addresses above .100 will be available in the pool for DHCP clients.
Here's an example of how to exclude IP addresses .100 and below:

Router(config)#ip dhcp excluded-address 1.1.1.0 1.1.1.100
 
Next, enter the ipconfig /renew command on the laptop to receive an IP address. After you have the IP address, enter the ipconfig /all command. Listing A shows sample output from this command.

Configuring SSH Access on a Cisco ASA

Configuring SSH Access on a Cisco ASA 5510 Firewall

  • Enter configuration mode
fw> 
fw> enable
fw#
fw# config t
fw(config)#
  • You need to have an enable password to use ssh
fw(config)# enable password <your password>
  • User name and password to connect via ssh
fw(config)# username <your username> password <your password>
  • Configure Authentication Mode
fw(config)# aaa authentication ssh console LOCAL
  • Specify ssh protocol version
fw(config)# ssh version 2
  • Allow Access from a particular network over a particular interface ("inside" is the interface name)
fw(config)# ssh 192.168.0.0 255.255.255.0 inside
  • Generate a key pair
fw(config)# domain-name <your domain>
fw(config)# crypto key generate rsa modulus 1024
  • Exit configuration mode
fw(config)# exit
fw# 
fw# disable
fw>
 
That's it. You can now connect to your ASA 5510 Firewall via ssh on Port 22 from Network 192.168.0.0/255.255.255.0.

Simple Telnet & SSH on Cisco Router in Packet Tracer