How to Setup TWO DMZ Zones (DMZ1 and DMZ2) on the Cisco ASA 5506-X Firewall

Subject: How to Setup TWO DMZ Zones (DMZ1 and DMZ2) on the Cisco ASA 5506-X Firewall


Author: Mr. Turritopsis Dohrnii Teo En Ming (Targeted Individual)

Country: Singapore, Singapore, Singapore

Date: 11 August 2020 Tuesday Singapore Time

Type of Publication: Plain Text


Cisco ASA firewall appliances are based on open source software.


Reference Guide: Cisco ASA DMZ Configuration Example

Link: https://www.speaknetworks.com/cisco-asa-dmz-configuration-example/


Cisco ASA CLI commands:


interface GigabitEthernet1/6

description to DMZ1

nameif dmz1

security-level 50

ip address 192.168.1.1 255.255.255.0


interface GigabitEthernet1/7

description to DMZ2

nameif dmz2

security-level 50

ip address 192.168.2.1 255.255.255.0


nat (dmz1,outside) after-auto source dynamic any interface

nat (dmz2,outside) after-auto source dynamic any interface


object network DMZ1SERVER-EXT

host <public WAN IP address #1>


object network DMZ1SERVER-INT

host 192.168.1.10


nat (dmz1,outside) static DMZ1SERVER-EXT service tcp ssh ssh


access-list OUTSIDE extended permit tcp any object DMZ1SERVER-INT eq ssh


access-group OUTSIDE in interface outside


object network DMZ2SERVER-EXT

host <public WAN IP address #2>


object network DMZ2SERVER-INT

host 192.168.2.10


nat (dmz2,outside) static DMZ2SERVER-EXT service tcp ssh ssh


access-list OUTSIDE extended permit tcp any object DMZ2SERVER-INT eq ssh


access-group OUTSIDE in interface outside


copy run start


Additional Learning Material

============================


Reference Guide: Remote Access IPsec VPNs

Link: https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/vpn/asa-95-vpn-config/vpn-remote-access.html





REFERENCES

===========


[1] https://lkml.org/lkml/2020/8/11/438


[2] http://lkml.iu.edu/hypermail/linux/kernel/2008.1/02682.html


[3] https://marc.info/?l=linux-kernel&m=159715651214069&w=2


[4] https://lwn.net/ml/linux-kernel/5bbe3ed461b0f0da8a39a7eb5416749f%40teo-en-ming.com/


[5] http://lists.linuxfromscratch.org/pipermail/lfs-chat/2020-August/029143.html

Comments

Post a Comment

Popular posts from this blog

[24 Mar 2022 Thursday] Erectile Dysfunction and Viagra

Image
Subject: [24 Mar 2022 Thursday] Erectile Dysfunction and Viagra I have erectile dysfunction due to taking medications for mental illness (schizophrenia). Without Viagra, my penis is soft like jelly most of the time. There is no way I can penetrate a woman’s vagina due to erectile dysfunction. Today is the very 1st time I am taking Viagra. It allows my penis to remain hard and fully erected for 2 solid hours during sexual intercourse. Thanks Viagra! I can finally have sex! I am already 44 years old. What am I missing out in life?????? Do I still qualify to be a Japanese Adult Video (JAV) porn star actor???????? Link:  https://m.facebook.com/story.php?story_fbid=10158113552827735&id=646397734
Read more

Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem

Subject of Hint: Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem ORIGINAL AUTHOR: JIMMY ANDERSON ORIGINAL DATE: 2013-01-20 EDITED BY: TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE EDIT DATE: 15 MAR 2020 SUNDAY MANDATORY PREREQUISITES ======================= You *MUST* follow the guide/hint here first (COMPULSORY): http://lists.linuxfromscratch.org/pipermail/hints/2020-March/003334.html HINT ==== To obtain the aufs5 kernel patches, do the following:   $ sudo apt install git #------------ Cut and Paste start cd $LFS/sources git clone git://github.com/sfjro/aufs5-standalone.git \ aufs5-standalone.git cd aufs5-standalone.git git checkout -b origin/aufs5.5 cp aufs5-*.patch .. rm -f include/uapi/linux/Kbuild tar cvfz $LFS/sources/aufs5.tar.gz Documentation fs include cd .. rm -rf aufs5-standalone.git #------------ Cut and Paste end Rebuilding your kernel ======================    Follow the instructions in the LFS/BLFS book and build your LF
Read more