Cisco ASA Firewall Lab Assignment (version 1.2) Using Cisco Packet Tracer, create a network comprising of one Cisco ASA 5505 firewall, one computer, and one web server. Connect the computer to interface Eth0/0 of the firewall. Connect the server to the interface Eth0/1 of the Cisco ASA firewall. Make sure that port labels are shown (via Options > Preferences > Always Show Port Labels) Static Nat Outside Zone 192.168.2.10 to 192.168.1.2 Inside Zone Fa0 PC-PT PC0 Et0/0 Et0/1 Fa0 192.168.2.1/24 vlan 2 5505 192.168.1.1/24 Server-PT ASA1 vlan 1 192.168.2.2/24 Server0 192.168.1.2/24 IP address of outside computer should be 192.168.2.2 with subnet mask 255.255.255.0 IP address of inside web server should be 192.168.1.2 with subnet mask 255.255.255.0 Eth0/0 interface of Cisco ASA 5505 firewall should be associated with a vlan that is configured with a low security level number in order that the firewall believes that this interface is connected to an untrusted outside network. Eth0/1 interface of Cisco ASA 5505 firewall should be associated with another vlan that is configured with a high security level number in order that the firewall believes that this interface is connected to a trusted inside network. Both inside (Eth0/1) and outside (Etho/0) interfaces of the firewall need to be assigned IP addresses and subnet mask as shown in above diagram. Outside computer and inside web server need to be configured with appropriate default gateway. Configure static NAT on the firewall to translate server traffic from IP 192.168.1.2 to 192.168.2.10 Configure an access list rule on the firewall to permit any computer from the outside to initiate web traffic to the inside server. Configure another rule for the same access list to deny all other traffic initiated from the outside network to the inside network. Apply access list to the outside interface in the appropriate direction. Generate various traffic (such as telnet, ssh, web) from the computer to the server by running a telnet/ssh client and web browser on computer. Submit a screenshot of the Packet Tracer network topology. Each network interface should be labelled with port number and IP address. Submit a copy of the entire Cisco ASA 5505 firewall configuration file (Export running config from GUI config settings tab or capture output of "show running-config" from enable mode of CLI) Submit outputs of "show switch vlan", "show nat", "show xlate", "show access-list" as evidence that firewall is properly configured and is blocking all traffic initiated from outside except for http traffic. Watch "Packet Tracer ASA" YouTube videos for assistance. Cisco ASA Firewall configuration guide available at http://cs3.calstatela.edu/~egean/cs5781/cisco-asa5505-firewall/