Cisco ASA – simple 1 to 1 NAT and firewall policy setup

For those who had been working with Cisco routers, setting up a Cisco ASA stateful policy is as simple as setting up an ACL. ┬áBy default, ASA would drop any TCP connection that doesn’t have a session record created with a sync packet. In that case user doesn’t require to a setup ACL for return traffic like working with routers.

In this example, we have as the server in the DMZ and have the have NAT 1 to 1 incoming traffic mapping applied to allow internet user accessing the http service only.

The IP address of the firewall is, and we will assign the mapping of the server to another external IP address of

20161215-vasa-lab-nat Continue reading


Cisco ASA – routing sample

In this post, I will show you guys how to setup a Cisco ASA firewall serves as a layer 3 packet transfer device. The example will be demonstrate with machine accessing to via IPerf. There is only simple routing and has no NAT involve.

In this setup, the ASA is acting as the gateway between office network and the internet. The is the internal subnet and is the internet. There are couple areas we have to handle, and they are routing, and policy. Since ASA is a stateful device, we have to apply policy to allow internal network to access external network, but not vise versa.
Continue reading