Nextelco:ASA

From its-wiki.no
Revision as of 12:05, 15 May 2014 by Igaritano (Talk | contribs)

Jump to: navigation, search

Cisco ASA 5505

General description

Cisco ASA devices are security appliances which include the following features:

  • Firewall
  • IPsec VPN (Layer 3)
  • SSL VPN (Layer 6)
  • Intrusion Prevention System
  • Content Security Inspection
  • Voice & Video security services


Apart from described above, this kind of devices offer some services such as:

  • Access Control: dynamic and granular
  • Threat protection: DoS, protocol fuzzing…
  • Policy enforcement: Whitelists, Blacklists, SIP policies...
  • Service protection: ensure maximum uptime
  • Voice & Video encryption
  • Support for several Voice & Video protocols: SCCP, SIP, H.323, MGCP, RTP/RTCP, CTIQBE.
  • Protection of call control servers: control access to the servers in order to prevent malicious or unauthorized network connections that could impact performance or availability.
  • Remote-access security: SSL and IPsec VPN for remote users.
  • SIP trunk security
  • Trusted/Untrusted boundaries: prevent trusted devices from the impact of untrusted networks.
  • Proxy service: can be used to proxy traffic between voice and data VLANs.
  • DMZ architecture: secure an internal network against external access.


Special version

Cisco offers several versions of ASA 5505 series. The version which corresponds with part number 47-18790-05 refers to Firewall solution, version 11. This type of devices are able to protect all devices located behind them as well as they can be used to create VPN connections with other networks.


Configuration

The ASA 5505 family devices have 8 ethernet ports located in the back part. Some of these ports have an especial purpose which is described below:

  • Port 0: must be connected to the external network, the risky one, such as Internet or end users.
  • Port 6 and 7: provide power over ethernet, they are supposed to connect IP telephones or devices that require energy from ethernet cable.
  • Ports 1 - 5: normal ports, we should connect the CNOC to one of these ports.
ASA backside

After connecting all devices, it is necessary to provide ASA with the enough power.

ASA comes with the initial configuration which it is more than enough for most of the applications. However there is a special graphical tool, ASDM, which allows to configure ASA from any location with the usage of a web browser. These are the parameters that can be configured:

  • Hostname
  • Domain name
  • Administrative passwords
  • Interfaces
  • IP addresses
  • Static routes
  • DHCP server
  • Network Address Translation (NAT) rules


Return to Technology description.

Retrieved from "https://its-wiki.no/index.php?title=Nextelco:ASA&oldid=20361"