Cisco Cisco IPS 4520 Sensor Libro bianco

Appendix B: Configuration Example

August 2012 Series

Appendix B:

Configuration Example

ASA Firewall 5545-X

ASA Version 8.6(1)1

terminal width 511

hostname IE-ASA5545X

domain-name cisco.local

enable password 2y4FIGBVVyBLau0Q encrypted

passwd 2y4FIGBVVyBLau0Q encrypted

names

interface GigabitEthernet0/0

no nameif

no security-level

no ip address

interface GigabitEthernet0/0.300

vlan 300

nameif inside

security-level 100

ip address 10.4.24.30 255.255.255.224 standby 10.4.24.29

interface GigabitEthernet0/1

no nameif

no security-level

no ip address

interface GigabitEthernet0/1.1116

description Web server DMZ connection on vlan 1116

vlan 1116

nameif dmz-web

security-level 50

ip address 192.168.16.1 255.255.255.0 standby 192.168.16.2

interface GigabitEthernet0/1.1117

description Email Security Appliance DMZ connection on VLAN 1117

vlan 1117

nameif dmz-mail

security-level 50

ip address 192.168.17.1 255.255.255.0 standby 192.168.17.2

interface GigabitEthernet0/1.1118

description DMVPN aggregation router connections on VLAN 1118

vlan 1118

nameif dmz-dmvpn

security-level 75

ip address 192.168.18.1 255.255.255.0

interface GigabitEthernet0/1.1119

vlan 1119

nameif dmz-wlc

security-level 50

ip address 192.168.19.1 255.255.255.0

interface GigabitEthernet0/1.1123

description Management DMZ connection on VLAN 1123

vlan 1123

nameif dmz-management

security-level 50

ip address 192.168.23.1 255.255.255.0 standby 192.168.23.2

interface GigabitEthernet0/1.1128

vlan 1128

nameif dmz-guests

security-level 10

ip address 192.168.28.1 255.255.252.0