Monday 6 July 2015

Basic ASA VIRL Lab

Today I tried out the ASA - and it worked pretty well. It doesn't support context switching, which is a bit sad - but other than that, it seemed to do everything else I tried.

I figured, from now on I'll share my VIRL file and if people are really interested they can download and try it out themselves. Maybe I'll even write a blog post on how to open a virl file, but it's pretty easy.

Basic ASA Configuration & Failover Lab

You know this is working when you can ping R6 Lo0 (1.1.1.6) from R4 - bring down ASA1 and it continues to work.
Click here to download VIRL file

In this lab I've configured standby and failover on the ASAs, ASA1 is the Primary, ASA2 is the Secondary. The VIRL lab looks like this:
But with the configuration of an inside and outside vlan on SW1, it looks logically like this:
When you load the VIRL file, the network is fully configured to work. To practice configuring the ASAs I recommend you open the console for both of the ASAs and run: "clear config all" (take a copy of the working running-config before doing this if you want)

Then the following steps should get the ASAs back to a working state:

  • Configure a hostname on ASA1
  • Configure the IP addresses on Gi0/0 and Gi0/1 as shown above, naming them outside and inside respectively. Configure a default route pointing at the R6 IP address.
  • Configure OSPF between ASA1 and R4
  • Configure NAT on the ASA
  • Configure ASA1 as a routed firewall
  • Configure ASA for active/standby failover
I should give more detail, but I'm new at this =P  I will admit that the majority of my working life as a network engineer I've used ASDM to configure firewalls (boo! hiss!) - this gave me an opportunity to run through the basics on the CLI.



4 comments: