고정 헤더 영역
상세 컨텐츠
본문
0. 네트워크 구성도 확인
1. ASA 설정
- asdm 설치 및 설정
!
interface Management0/0
nameif management
security-level 0
ip address 192.168.80.10 255.255.255.0
no shut
!
username admin password cisco
logging enable
!
http server enable
http 192.168.80.0 255.255.255.0 management
!
- IP 및 라우팅 설정
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 100.100.100.1 255.255.255.0
no shutdown
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.136.1 255.255.255.0
no shutdown
!
route outside 0.0.0.0 0.0.0.0 100.100.100.2
!
- OBJECT and NAT 생성
!
object network LAN
subnet 192.168.136.0 255.255.255.0
nat (inside,outside) dynamic interface
!
- 기타설정
!
policy-map global_policy
class inspection_default
inspect icmp
2. ASDM 설정
- Tools > Preferences에서 "Preview commands before sending them..." 체크하면 설정시 CLI 확인 가능
- Configuration > Firewall > Objects > Network Objects/Groups > +Add
- Configuration > Firewall > NAT Rules 에서 확인
3. LAN SW (insdie)에서 ISP (outside)로 ping 확인
✔ TIP
- ISP 설정
!
interface GigabitEthernet0/0
ip address 192.168.80.100 255.255.255.0
no shut
!
interface GigabitEthernet0/1
ip address 100.100.100.2 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.80.2 // 외부 통신을 위해 eve-ng 라우팅 추가
!
EVE-NG에서 gateway 확인
- LAN 설정
!
interface Vlan1
ip address 192.168.136.100 255.255.255.0
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.136.1
!
'보안' 카테고리의 다른 글
| [EVE-NG] ASA - Site to Site VPN between ASA and FTD (Using FMC) (0) | 2020.01.08 |
|---|---|
| [EVE-NG] ASA - FTD 기본 설정 및 Timezone (Using FMC) (0) | 2020.01.06 |
| [EVE-NG] ASA - Site to Site VPN between ASA and FTD (Using FDM) (1) | 2020.01.06 |
| [EVE-NG] ASA - Site to Site VPN between ASA (1부) (0) | 2019.12.24 |
| [EVE-NG] ASAv 및 ASDM 설치 (Level 4) (3) | 2019.07.15 |
