Announcement

Collapse
No announcement yet.

I need help with creating a cisco ASA 5505 with 3 zones

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • I need help with creating a cisco ASA 5505 with 3 zones

    Hi
    This is my first post and I would like to say hi to everyone.
    I need help with a topology diagram and pseudo code rule set.

    • I need to create a firewall with 3 zones consisting of the Internet, DMZ and the intranet ( public, dmz, private)

    Implementation:
    • Public traffic can only access the DMZ
    • Public Content must contain SMTP, HTTP, HTTPS,Active FTP, Authenticated HTTP, DNZ, VPN access and three other protocols that one would feel necessary
    • All public facing servers should use a nat or natted address
    • All servers in the DMZ zone can reply to either the Internet or intranet zones, but cannot initiate traffic to those zones with the exception of SMTP
    • VPN access should be or make one part if the intranet zone
    • The intranet zone will have free access to the other 2 zones
    • All traffic should be logged






    If possible I would like the topology diagram to show direction of traffic as well as port numbers.

    Any and all help will be greatly as I need to set up a network for my wifes business.


    Thanks in advance
    [email protected]
    0
    -----------
    0%
    0
    -----------
    0%
    0
    -----------
    0%
    0

  • #2
    Re: I need help with creating a cisco ASA 5505 with 3 zones

    Firstly, It isn't usually good practice to write your email address on public forums.
    Secondly, you seem to have all of the info required to draw a diagram so why are you asking us to do it? If you don't have viso there are other open source or free alternatives (these can be googled).
    In regards to the code, give us some basic IP addresses and we can build something.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: I need help with creating a cisco ASA 5505 with 3 zones

      Hi,
      Thanks for the response Andy. The problem with the diagrams is that I have never done any of this before. I do believe I can Implement this infrastructure if I have some type of diagram. As far as the IP addresses for the psuedo code any generic ones should work like the internal network being 198.168.0.0/24. If anyone can help I appreciate it.
      Thanks
      desperate

      Comment


      • #4
        Re: I need help with creating a cisco ASA 5505 with 3 zones

        start out with paper, draw the boxes themselves and label them. show the physical connection and then start drawing in the feeds etc.
        Then you can look at making a diagram using visio etc If you spend the time doing it you will get a better idea of how it is setup for later.

        In regards to Implementation:
        Public traffic can only access the DMZ
        Public Content must contain SMTP, HTTP, HTTPS,Active FTP, Authenticated HTTP, DNZ, VPN access and three other protocols that one would feel necessary
        You need to stipulate what rules you want and to what servers, Static and access rules will do this.

        All public facing servers should use a nat or natted address

        All servers in the DMZ zone can reply to either the Internet or intranet zones, but cannot initiate traffic to those zones with the exception of SMTP
        Generally replies are allowed to traffic that is initiated so shouldn't require anything else setting up. SMTP to where?

        VPN access should be or make one part if the intranet zone
        VPNs can be setup, do you mean client to site?

        The intranet zone will have free access to the other 2 zones
        On the ASA high to low security is allowed assuming you have a path (nat etc)

        All traffic should be logged
        All traffic/?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment

        Working...
        X