sweet work. I like when you do the configurations and you add the step by step documents and packet tracer file, than the step by step documents and packet tracer file without you doing it. am new to this tho. Great work.
Prof Saleh, you don't need to reply my previous msg. I just found out that Packet Tracer can be very unstable. Thank you for your videos. After many tries, when I go back to my previous file, it just work without any changes. I also managed to get outside network to access to DMZ FTP & Web Servers. Thank You!
The best 👍🏻👏🏻 you make things easier tbh, thanks you so much Sir, i hope if you can make a video for the 3 zones INSIDE , OUTSIDE and DMZ with more than one ASA.
Prof Saleh, why is it that I added inspection icmp command to the global policy but my ping packets kept on stuck at ASA even though, the destination address at simulation event is directing to the PC? I checked every commands related to glabal policy, class mapping ...
Also, if we are matching default-inspection-traffic which seems to include well know port numbers, why do we still have to go an inspect (allow) each one?
What about in the case where the outside access list of of the firewall has three routers, VLANs together with classless sub networks? ie ciscoasa---->> R1 ---->> R2 ---->> R3 ---->>SW1 ---->> VLANs (classless sub-networks)?
thanks sir for that have you done but why do you not make a video on each suggestion like ( Configure Clientless, Cisco Anyconnect, and Site to Site VPN With ASA Firewall) ,ASA MPLS VPN, ASA redundancy , or ASA virtualization .
i can't ping anything outside the firewall despite that i followed your steps from A to Z including using the same ip addresses that you used here but yet i can't ping my router and server, i got all these (dns, http and icmp) in my server but yet i can i not ping server from inside pc . What should i do next
Hi Sir I have a problem when. I configure ASA 5506X interfaces and saving the configuration after closing packet tracer topology. When start again the topology firewall show its interfaces in down state.
I can't ping the dns icmp and http just like other problems that i read in the comment. does anyone tell me whats the problem? or maybe the version of his packet tracer is outdated? coz im using updated maybe thats the reason?
What gives? I did the same configuration in packet tracer and the pings would not go through. When i do a simulated ping, packet tracer says "The ASA does not allow any traffic from a lower security interface to a higher security interface unless it is explicitly permitted by an extended access list." Any ideas? object network LAN subnet 192.168.1.0 255.255.255.0 ! ! object network LAN nat (inside,outside) dynamic interface ! ! ! ! class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default inspect icmp ! service-policy global_policy interface outside
Hello Gregory, sorry for the late respond, but i will do a thorough lab with walk through documents with explanations, once again, sorry for being late.
I have been configured the same topology and I save the configuration but when I close the packet tracer and enter the file i find the DHCP works fine but the DNS in the PCs not configured and I can't access the web. any help? why the DNS becomes 0.0.0.0
Salam Anas, start over you work from scratch, and follow the walk through document, and to have further help, see one of my latest videos about ASA 5506.
@@MrSaleh970 it's from the scratch and i follow the steps , before i close the packet tracer file , everything works fine . the problem when i close it and reenter it the DNS change to zeros but the DHCP work fine
i tried two of your labs (the above one and the one where all configurations are there) but am not able to ping server in any case, after giving the exact comments in packet tracer, all your labs used to work for me but not for this asa configs.
Hello, did you follow the walk through documents? download both files, the P.T. and the word documents,and follow through, and when you are done with your configurations, try to run some show commands to make sure you did the right configurations.
thank you @karthik ramesh, it worked brother. i am going to ask you a small favor, i checked for packet tracer 6.2 from netacad but they have taken out it seems, i prefer to download directly from netacad website, anything you can suggest to get 6.2 version ?
Salam dear, make sure the ports are enabled, and that you configure the default route for outside on the ASA, if you still can't ping, please send me a message on Messenger, and will help you out, wishing you a blessed day. S.
@@MrSaleh970 Salam Sir. Thank you so much for your prompt reply. Yes the ports are all enabled, I been trying in and out but cannot get an idea why so this happens with all ASA labs. 8.8.8.1 gets pinged in all cases but not .8. Really need your help to get thru this. How to contact you on messenger ? Greetings and have a great day, Anand
I want to write to other people who will watch this tutorial, don’t watch it - it doesn’t work. This guy glued it together somewhere in the middle and everything works for him. All the other dudes who wrote here were either bought or bots. The real comments that are here also encountered a problem, in the end he sends them to the stolen manual. Conclusion - don't watch.
Explained in a concise manner, and the accent, pronunciation and enunciation should be the goal of everyone wishing to do a tech video. Excellent!
Thanks, Saleh. My first security lab practice. It worked very well.
Thank you so much Saleh, this video is amazing , helpful and great for me as a beginner. Thanks again and God bless.
Worked like a charm. Thank you!
Thanks always Saleh, welcome back Sir
thanks for this video, it short with great meaning and impacts
I had configured inside and outside address opposite. Thank you it worked
Good work as usual.
I have no words to thanks you but thank you sir
Thank you , saved my day
Thank you for sharing your knowledge Sir.
Thank you sir for your explanation. It really helped me
sweet work. I like when you do the configurations and you add the step by step documents and packet tracer file, than the step by step documents and packet tracer file without you doing it. am new to this tho. Great work.
Thank you bro Ramesh, it worked, great, thanks alot
Prof Saleh, you don't need to reply my previous msg. I just found out that Packet Tracer can be very unstable. Thank you for your videos. After many tries, when I go back to my previous file, it just work without any changes. I also managed to get outside network to access to DMZ FTP & Web Servers.
Thank You!
Thank you, valuable lab
The best 👍🏻👏🏻 you make things easier tbh, thanks you so much Sir, i hope if you can make a video for the 3 zones INSIDE , OUTSIDE and DMZ with more than one ASA.
Yes This is a Good one If you can do
great job
thanks , easy to understand
Sir, your videos are Awesome. however Little bit more explanation will be expected for some commands. your Lab manuals and Files are great helpful
Merci beaucoup monsieur salah
Thank you sir, very helpful
Thank you sir !!!
Thank you so much Saleh for a great video. Can you please make a video for three zones INSIDE, OUTSIDE AND DMZ PLEASE. Thanks brother
I am CCNA completed. I want to learn Firewall.
Your vedeo is Great, and easy to uderstand.
Thank you so much
thanks a lot
Thank you Sir
Prof Saleh, why is it that I added inspection icmp command to the global policy but my ping packets kept on stuck at ASA even though, the destination address at simulation event is directing to the PC?
I checked every commands related to glabal policy, class mapping ...
Also, if we are matching default-inspection-traffic which seems to include well know port numbers, why do we still have to go an inspect (allow) each one?
thhhhhhaaannnnk you so much
Thanks Saleh
super
What about in the case where the outside access list of of the firewall has three routers, VLANs together with classless sub networks?
ie ciscoasa---->> R1 ---->> R2 ---->> R3 ---->>SW1 ---->> VLANs (classless sub-networks)?
Hi
I have à question what i have to do yo ping my router and asa outside from gns3 ?
Great stuff wish there was more context around the syntax tho, I don't follow the "inspect" logic. Why is it not just "permit"?
Great tutorial. question how about the ip address for the switch
thanks sir for that have you done but why do you not make a video on each suggestion like ( Configure Clientless, Cisco Anyconnect, and Site to Site VPN With ASA Firewall) ,ASA MPLS VPN, ASA redundancy , or ASA virtualization .
i can't ping anything outside the firewall despite that i followed your steps from A to Z including using the same ip addresses that you used here but yet i can't ping my router and server, i got all these (dns, http and icmp) in my server but yet i can i not ping server from inside pc . What should i do next
Hi Sir
I have a problem when. I configure ASA 5506X interfaces and saving the configuration after closing packet tracer topology.
When start again the topology firewall show its interfaces in down state.
What command would you do to inspect all service protocols by default rather then creating individual entries to inspect dns, http, icmp?
each one is policy based
use these commands
policy-map global_policy
class inspection_default
inspect
then the ASA will inspect common protocols by default.
👍
I can't ping the dns icmp and http just like other problems that i read in the comment. does anyone tell me whats the problem? or maybe the version of his packet tracer is outdated? coz im using updated maybe thats the reason?
Hi Sir if possible please make a detailed configuration video on Asa 5506 x complete video
My ASA seems to still be blocking the ICMP. After creating the class map I still connot ping 8.8.8.8 from either PC. Thoughts? the ports are enabled
also getting the warning WARNING: Policy map global_policy is already configured as a service policy
@@wadep you fix that buddy ?
@@nau_hazmi7425 did you find solution?
I can't do ping with dns.
PCB request timed out.
And doesn't appear the http ping
What gives? I did the same configuration in packet tracer and the pings would not go through. When i do a simulated ping, packet tracer says "The ASA does not allow any traffic from a lower security interface to a higher security interface unless it is explicitly permitted by an extended access list." Any ideas?
object network LAN
subnet 192.168.1.0 255.255.255.0
!
!
object network LAN
nat (inside,outside) dynamic interface
!
!
!
!
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect icmp
!
service-policy global_policy interface outside
Hello Gregory, sorry for the late respond, but i will do a thorough lab with walk through documents with explanations, once again, sorry for being late.
Wow
hi,does anyone know how to solve this issue:WARNING: Policy map global_policy is already configured as a service policy
hello sir, can make another video with inside outside and dmz, im struggling with asa pls help me
The network is /24 and /30 .. How can the network see each other ?
I have been configured the same topology and I save the configuration but when I close the packet tracer and enter the file i find the DHCP works fine but the DNS in the PCs not configured and I can't access the web. any help? why the DNS becomes 0.0.0.0
Salam Anas, start over you work from scratch, and follow the walk through document, and to have further help, see one of my latest videos about ASA 5506.
@@MrSaleh970 it's from the scratch and i follow the steps , before i close the packet tracer file , everything works fine .
the problem when i close it and reenter it the DNS change to zeros but the DHCP work fine
@@EviLno0osa77 did you save your work before you close packet tracer?
@@MrSaleh970 yes i did
@@EviLno0osa77 you must copy run start each device
i tried two of your labs (the above one and the one where all configurations are there) but am not able to ping server in any case, after giving the exact comments in packet tracer, all your labs used to work for me but not for this asa configs.
Hello, did you follow the walk through documents? download both files, the P.T. and the word documents,and follow through, and when you are done with your configurations, try to run some show commands to make sure you did the right configurations.
thank you @karthik ramesh, it worked brother. i am going to ask you a small favor, i checked for packet tracer 6.2 from netacad but they have taken out it seems, i prefer to download directly from netacad website, anything you can suggest to get 6.2 version ?
can you do a vpn connection configuration with ASA and other remote location ?
what is mean by security level (0,100,70) what was the use of that..? can anyone explain please
security level ranges from 0-100 ,100 is trusted; the lower level the security is
the less trusted zone it is.
You Mail addres ?
Sir i tried again on this again, but cannot ping 8.8.8.8 , what could be the reason ?
Salam dear, make sure the ports are enabled, and that you configure the default route for outside on the ASA, if you still can't ping, please send me a message on Messenger, and will help you out, wishing you a blessed day. S.
@@MrSaleh970 Salam Sir. Thank you so much for your prompt reply. Yes the ports are all enabled, I been trying in and out but cannot get an idea why so this happens with all ASA labs. 8.8.8.1 gets pinged in all cases but not .8. Really need your help to get thru this. How to contact you on messenger ? Greetings and have a great day, Anand
assign IP to DNS server statically 8.8.8.8 255.0.0.0 default gateway 8.8.8.1
i have issue that i can't ping 8.8.8.8 server though everything look fine
Hello sir please I needed your help because of project of end my engineering cycle
I work on ASA5505
How to ping from outside to inside it's not working please help me
Hello, Please follow the walk through documents, and check your work as you go.
I would like to watch configuration of DMZ
why dhcp option 3 IP command?
used for default-gateway whereas for dns is option 6.
it is not big deal just give the network with multiple vlans in multilayer switch them show the demo. unsatisfied
I want to write to other people who will watch this tutorial, don’t watch it - it doesn’t work. This guy glued it together somewhere in the middle and everything works for him. All the other dudes who wrote here were either bought or bots. The real comments that are here also encountered a problem, in the end he sends them to the stolen manual. Conclusion - don't watch.
Thank you so much