Summary
In this chapter, you used ASDM to configure the ASA/PIX Security Appliance to enable the users inside your business or enterprise to securely access the World Wide Web.
In this chapter, you did the following:
- Gained an understanding of basic networking terminology
- Defined a network topology
- Assigned IP addresses to the network devices
- Configured connectivity between the ASA/PIX Security Appliance and the PC running ASDM
- Used the ASDM Startup Wizard to configure your network
Table 5-2 provides a summary of the network terminology defined in this chapter.
Table 5-2 Network Terminology Summary
Terminology |
Definition |
Inside IP address |
The IP address of the inside interface of your firewall. |
Outside IP address |
The IP address of the outside interface of your firewall. This is provided by your service provider. |
Default gateway |
The next-hop IP address of your firewall outside interface. This is provided by your service provider. |
Domain name |
This is optional. If you are providing public services, you need to identify a domain name for those services. Either your ISP or a web registration service provides the domain name. |
Public services |
The public services include mail, web, or DNS servers. The intent of a public server is to share or exchange data with other Internet users. You may elect not to manage your own services and have your ISP manage the services for you. |
Network address translation |
This protocol enables you to use private addresses inside your network and still obtain Internet access. |
Access passwords |
These passwords allow privileged access to your firewall. |
Inside addressing options (DHCP) |
These are IP addresses that need to be assigned to devices on the inside of your firewall. |
Internet |
Several thousands of networks and hosts interconnected that reach all over the globe. |
Service provider |
The Internet service provider is a company that provides you with your access point into the Internet. |
You then defined a topology that described your Internet connection in relation to your firewall and your protected users. The firewall outside interface, Ethernet 0, was plugged into a network connection provided by your ISP. Your inside users were connected to the inside of your firewall on the interface Ethernet 1.
IP addresses were then defined for both the outside and the inside interfaces of the ASA/PIX Security Appliance.
You were then stepped through the following three-step process to connect your PC to your ASA/PIX Security Appliance using ASDM:
- You used the ASA/PIX Security Appliance console and a series of native commands to configure a security appliance interface port.
- You used the security appliance console and a series of native commands that allowed your PC to have ASDM access to the ASA/PIX Security Appliance.
- You upgraded the Java Runtime Environment on your PC so that it could run ASDM.
After connectivity was established between the ASA/PIX Security Appliance and your PC, you used the ASDM Startup Wizard to configure the ASA/PIX Security Appliance. The following parameters were configured during these steps:
- ASA/PIX Security Appliance host name—Device identification
- Domain name—Unique Internet suffix associated with all of your hosts
- Enable password—Allows privileged access to the ASA/PIX Security Appliance
- Outside interface—IP address, gateway address, and security level
- Inside interface addressing—DHCP addresses to be automatically given to hosts as they access the inside network
- Network address translation—Translates private inside addresses so that they can use the Internet
- Access filter for DNS—Allows DNS to go through the ASA/PIX Security Appliance so that inside users can resolve URLs
Now that you have finished this chapter, you have secure connectivity to the Internet. Traffic can be sourced only from the inside and sent to the Internet. Any traffic sourced from the Internet will be blocked by the firewall.
This chapter represents only step one in securing your network. The following chapters provide you with step-by-step instructions on how to fully integrate security into your network. If you have no plans to host public mail or web servers, you can skip Chapter 6 and proceed to Chapter 7.
- Chapter 6, "Deploying Web and Mail Services"
- Chapter 7, "Deploying Authentication"
- Chapter 8, "Deploying Perimeter Protection"
- Chapter 9, "Deploying Network Intrusion Prevention"
- Chapter 10, "Deploying Host Intrusion Prevention"
- Chapter 11, "Deploying VPNs"