Table of Contents
A) Configuration of static router
B) Errors in the Network Configuration.
C) Default router
D) Subnet
E) Configuration of DMZ:
Configuration of DMZ:
Static routing tables are not flexible, but are manually configured and modified while updated by propagating information from other routers. The configuration of three networks with static router is given below:
For static routing table of R3, the following configuration is given.
R3# show ip route static begin Gateway
The output of the static routing table after removing all static routers is given as:
R3(config)# no ip route 172.16.1.0 255.255.255.0 s0/0/1
Three errors in the network configuration are:
The above-mentioned command will solve the Subnet Error Message
R3(config) #ip address 192.168.1.1. 255.255.2555.252
The above mentioned command will not show any error during command firting. (Solution)
The above command will show the “invalid gateway” or “invalid route exit interface” ----error message
R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.1
The above mentioned command won’t show any error as the right gateway is given ----Rectification
if there is no path is shown in the routing table ,then there is no route for destination or wrong IP address has been configured in the router interface.
Put the default route to the router:
The four subnets are:
The addresses of four subnets are:
192.168.200.0/30
192.168.200.4/30
192.168.200.8/30
192.168.200.12/30
As no details of customer network is given, so point to point subnet is selected.
Therefore there are two DMZ networks, one is inside the firewall another is outside and that extra DMZ make obstacle to hackers (wang, 2015).
Configuration of DMZ:
By using a typical home router, we can configure DMZ network. In the Advanced settings of (wang, 2015).
In CISCO ASA version 8.4(3)9: Setting up DMZ (configuring a host behind a firewall)
Let’s take an example there is a web server in the DMZ, therefore we poke a host to the firewall port 80 or port 443 traffic to be initiated from the internet coming to the D. So, ,the DMZ can initiate traffic on the internet, the office LAN can initiate traffic a DMZ or on the internet.
Rules for DMZ in Firewall:
Step 1: Assigning security level to DMZ on ASA Interface
The security levels of DMZ network are as: dmz1, dmz2, inside, outside
interface GigabitEthernet0/0
description to WAN
nameif outside
security-level 0
ip address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet0/1
description to LAN
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
description to DMZ1
nameif dmz1
security-level 50
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/3
description to DMZ2
nameif dmz2
security-level 20
ip address 192.168.2.1 255.255.255.0
Step 2: Configuring internet gateway at ASA interface
Network address Translation is configured to enable internet hosts. It will forward packets in traffic to the ISP (TCP/IP, 2020). From higher security like inside, dmz1, dmz2, all outbound traffic is traversing outside or lower security. The commands are:
The above configuration indicates that the source IP is translated by the traffic from security levels inside, dmz1, dmz3 to outside IP. It restricts the internal traffic by this.
Configuration of default gateway: ISP. 10.1.1.2 gateway all traffic is routed.
Configure “inspect icmp” under a global policy to permit ICMP packets to return traffic to allow the ASA when ping is initiated from the hosts inside.
Then ping the host with IP 10.1.1.200 on the Internet from subnet.
Step 3: Configuration of static NAT to grant access to web server.
There are two objectives:
Configuring NAT
Manual IP is configured
DMZ Segment builds a connection on TCP port when a host with IP address 192.168.1.10 on dmz1 is arrived from outside, then we translate that IP to be 10.1.1.10.
Step 4: Access control of Inter-Security segment
For our case study here:
ACLs can overwrite these default rules. For this case study, the guests in dmz2 are able to use the DNS servers in dmz1. Configuration of ACLs:.
! define network objects
object network INSIDE-NET
subnet 192.168.0.0 255.255.255.0
!
object network DMZ1-NET
subnet 192.168.1.0 255.255.255.0
!
! define DNS server object
object network DNS-SERVER
host 192.168.1.10
!
access-list DMZ2-ACL extended permit udp any object DNS-SERVER eq domain
access-list DMZ2-ACL extended deny ip any object INSIDE-NET
access-list DMZ2-ACL extended deny ip any object DMZ1-NET
access-list DMZ2-ACL extended permit ip any any
!
access-group DMZ2-ACL in interface dmz2
Step 5: Troubleshooting and Verification
Validation for configuration and identification of problems are necessary .
CMP Ping command is used for verification the connection(InformIT, 2014). By this command, then a packet can be tested whether the packet can reach a point A to a point B. In this study, the hosts are verified for subnet of DMZ segments like inside, dmz1 and dmz2.
ASA1# packet-tracer input dmz2 udp 192.168.2.10 1234 192.168.1.10 domain detailed
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fffd1a76710, priority=1, domain=permit, deny=false
hits=12, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=dmz2, output_ifc=any
Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.1.10 using egress ifc dmz1
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group DMZ2-ACL in interface dmz2
access-list DMZ2-ACL extended permit udp any object DNS-SERVER eq domain
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fffd1cdad10, priority=13, domain=permit, deny=false
hits=0, user_data=0x7fffd8eb9b80, cs_id=0x0, use_real_addr, flags=0x0, protocol=17
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=192.168.1.10, mask=255.255.255.255, port=53, tag=any, dscp=0x0
input_ifc=dmz2, output_ifc=any
output omitted for brevity
Result:
input-interface: dmz2
input-status: up
input-line-status: up
output-interface: dmz1
output-status: up
output-line-status: up
Action: allow
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Networking Assignment Help
1,212,718Orders
4.9/5Rating
5,063Experts
Turnitin Report
$10.00Proofreading and Editing
$9.00Per PageConsultation with Expert
$35.00Per HourLive Session 1-on-1
$40.00Per 30 min.Quality Check
$25.00Total
FreeGet
500 Words Free
on your assignment today
Doing your Assignment with our resources is simple, take Expert assistance to ensure HD Grades. Here you Go....