Nextelco:ASA

From its-wiki.no
Revision as of 18:23, 14 May 2014 by Igaritano (Talk | contribs)

Jump to: navigation, search

Cisco ASA 5505

Cisco ASA devices are security appliances which include the following features:

  • Firewall
  • IPsec VPN (Layer 3)
  • SSL VPN (Layer 6)
  • Intrusion Prevention System
  • Content Security Inspection
  • Voice & Video security services


Apart from described above, this kind of devices offer some services such as:

  • Access Control: dynamic and granular
  • Threat protection: DoS, protocol fuzzing…
  • Policy enforcement: Whitelists, Blacklists, SIP policies...
  • Service protection: ensure maximum uptime
  • Voice & Video encryption
  • Support for several Voice & Video protocols: SCCP, SIP, H.323, MGCP, RTP/RTCP, CTIQBE.
  • Protection of call control servers: control access to the servers in order to prevent malicious or unauthorized network connections that could impact performance or availability.
  • Remote-access security: SSL and IPsec VPN for remote users.
  • SIP trunk security
  • Trusted/Untrusted boundaries: prevent trusted devices from the impact of untrusted networks.
  • Proxy service: can be used to proxy traffic between voice and data VLANs.
  • DMZ architecture: secure an internal network against external access.


Cisco has several versions of the same type of device. Our version or part number is 47-18790-05 which refers to Firewall solution, version 11.

Based on that, I assume that ASA devices are used to improve the security of CNOC in terms of which nodes are able to contact it directly, avoiding those that are not ASA 1 or ASA 2.

According to Figure 1, ASA 1 is the one directly connected to Internet, therefore, it will prevent CNOC from Internet attacks. In the same way, ASA 1 will translate all 192.168.11.0 network addresses to public address.

ASA 2 is the firewall located between CNOC and end users. Its main purpose is to secure CNOC from the end user attacks and provide them by a private IP address together with IP address translation.

Configuration The ASA 5505 family devices have 8 ethernet ports located in the back part. Some of these ports have an especial purpose which is described below: Port 0: must be connected to the external network, the risky one, such as Internet or end users. Port 6 and 7: provide power over ethernet, they are supposed to connect IP telephones or devices that require energy from ethernet cable. Ports 1 - 5: normal ports, we should connect the CNOC to one of these ports.


After connecting all devices, it is necessary to provide ASA with the enough power.

ASA comes with the initial configuration which it is more than enough for most of the applications. However there is a special graphical tool, ASDM, which allows to configure ASA from any location with the usage of a web browser. These are the parameters that can be configured: Hostname Domain name Administrative passwords Interfaces IP addresses Static routes DHCP server Network Address Translation (NAT) rules

Retrieved from "https://its-wiki.no/index.php?title=Nextelco:ASA&oldid=20324"