'CISCO/ASA 방화벽' 카테고리의 글 목록

안녕하세요.

오늘은 cisco ASA에 Remote Access VPN User를 확인해보겠습니다.

show vpn-sessiondb anyconnect

ASAv# show vpn-sessiondb anyconnect

Session Type: AnyConnect

Username     : kevin                  Index        : 62470
Assigned IP  : 192.168.200.100        Public IP    : 192.168.10.102
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Premium
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)AES-GCM-256  DTLS-Tunnel: (1)AES256
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA384  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 58544                  Bytes Rx     : 54607
Group Policy : ANYCONNECT_POLICY      Tunnel Group : MY_TUNNEL
Login Time   : 12:24:54 UTC Sun Feb 2 2025
Duration     : 0h:12m:24s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 0a0101fe0f406000679f6416
Security Grp : none
ASAv#

아래 명령어를 통해서 라이센스 남은 갯수도 확인 가능 합니다.

ASAv# show vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                     Status : Capacity : Installed :  Limit
                                  -----------------------------------------
AnyConnect Premium               :  ENABLED :      250 :         2 :   NONE
AnyConnect Essentials            : DISABLED :      250 :         0 :   NONE
Other VPN (Available by Default) :  ENABLED :      250 :       250 :   NONE
Shared License Server            : DISABLED
Shared License Participant       : DISABLED
AnyConnect for Mobile            : DISABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment     : DISABLED(Requires Premium)
AnyConnect for Cisco VPN Phone   : DISABLED
VPN-3DES-AES                     :  ENABLED
VPN-DES                          :  ENABLED
---------------------------------------------------------------------------

---------------------------------------------------------------------------
VPN Licenses Usage Summary
---------------------------------------------------------------------------
                          Local : Shared :   All  :   Peak :  Eff.  :
                         In Use : In Use : In Use : In Use :  Limit : Usage
                       ----------------------------------------------------
AnyConnect Premium     :      1 :      0 :      1 :      2 :      2 :   50%
  AnyConnect Client    :                 :      1 :      1          :   50%
    AnyConnect Mobile  :                 :      0 :      0          :    0%
  Clientless VPN       :                 :      0 :      1          :    0%
  Generic IKEv2 Client :                 :      0 :      0          :    0%
Other VPN              :                 :      0 :      0 :    250 :    0%
  Cisco VPN Client     :                 :      0 :      0          :    0%
  L2TP Clients
  Site-to-Site VPN     :                 :      0 :      0          :    0%
---------------------------------------------------------------------------

ASAv#

anyconnect Permium 라이센스가 2개 이고, 현재 PC에서 접속 해서 한개를 사용하고 있고, Usage에 50% 표시 되었습니다.

ASAv# show version

Cisco Adaptive Security Appliance Software Version 9.8(1)
Firepower Extensible Operating System Version 2.2(1.47)
Device Manager Version 7.22(1)

Compiled on Wed 10-May-17 15:38 PDT by builders
System image file is "boot:/asa981-smp-k8.bin"
Config file at boot was "startup-config"

ASAv up 6 hours 21 mins

Hardware:   ASAv, 2048 MB RAM, CPU Xeon E5 series 2394 MHz,
Model Id:   ASAv10
Internal ATA Compact Flash, 8192MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB

0: Ext: Management0/0       : address is 50fd.e000.3500, irq 11
1: Ext: GigabitEthernet0/0  : address is 50fd.e000.3501, irq 11
2: Ext: GigabitEthernet0/1  : address is 50fd.e000.3502, irq 10
3: Ext: GigabitEthernet0/2  : address is 50fd.e000.3503, irq 10
4: Ext: GigabitEthernet0/3  : address is 50fd.e000.3504, irq 11
5: Ext: GigabitEthernet0/4  : address is 50fd.e000.3505, irq 11
6: Ext: GigabitEthernet0/5  : address is 50fd.e000.3506, irq 10
7: Ext: GigabitEthernet0/6  : address is 50fd.e000.3507, irq 10

License mode: Smart Licensing
ASAv Platform License State: Unlicensed
No active entitlement: no feature tier and no throughput level configured
*Memory resource allocation is more than the permitted limit.

Licensed features for this platform:
Maximum VLANs                     : 50
Inside Hosts                      : Unlimited
Failover                          : Active/Standby
Encryption-DES                    : Enabled
Encryption-3DES-AES               : Enabled
Security Contexts                 : 0
Carrier                           : Disabled
AnyConnect Premium Peers          : 2
AnyConnect Essentials             : Disabled
Other VPN Peers                   : 250
Total VPN Peers                   : 250

지금까지 [ASA #06] - Remote Access VPN current user check 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > ASA 방화벽' 카테고리의 다른 글

[ASA #05] - Remote Access VPN License (0)	2025.02.02
[ASA #04] - Remote Access VPN (0)	2025.02.02
[ASA #03] - ASDM Install (0)	2025.02.02
[ASA #02] - TFTP Install (0)	2025.02.02
[ASA #01] - Basic Config (0)	2025.02.02

안녕하세요.

오늘은 cisco asa remote access VPN license를 확인하는 방법에 대해서 알아보겠습니다.

아래처럼 shwo version을 입력하면 아래처럼 기본적으로 2개까지 제공되며, 추가적으로 사용시 License를 구매해야 합니다.

AnyConnect Premium Peers : 2

ASAv# show version

Cisco Adaptive Security Appliance Software Version 9.8(1)
Firepower Extensible Operating System Version 2.2(1.47)
Device Manager Version 7.22(1)

Compiled on Wed 10-May-17 15:38 PDT by builders
System image file is "boot:/asa981-smp-k8.bin"
Config file at boot was "startup-config"

ASAv up 6 hours 4 mins

Hardware:   ASAv, 2048 MB RAM, CPU Xeon E5 series 2394 MHz,
Model Id:   ASAv10
Internal ATA Compact Flash, 8192MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB

0: Ext: Management0/0       : address is 50fd.e000.3500, irq 11
1: Ext: GigabitEthernet0/0  : address is 50fd.e000.3501, irq 11
2: Ext: GigabitEthernet0/1  : address is 50fd.e000.3502, irq 10
3: Ext: GigabitEthernet0/2  : address is 50fd.e000.3503, irq 10
4: Ext: GigabitEthernet0/3  : address is 50fd.e000.3504, irq 11
5: Ext: GigabitEthernet0/4  : address is 50fd.e000.3505, irq 11
6: Ext: GigabitEthernet0/5  : address is 50fd.e000.3506, irq 10
7: Ext: GigabitEthernet0/6  : address is 50fd.e000.3507, irq 10

License mode: Smart Licensing
ASAv Platform License State: Unlicensed
No active entitlement: no feature tier and no throughput level configured
*Memory resource allocation is more than the permitted limit.

Licensed features for this platform:
Maximum VLANs                     : 50
Inside Hosts                      : Unlimited
Failover                          : Active/Standby
Encryption-DES                    : Enabled
Encryption-3DES-AES               : Enabled
Security Contexts                 : 0
Carrier                           : Disabled
AnyConnect Premium Peers          : 2
AnyConnect Essentials             : Disabled
Other VPN Peers                   : 250
Total VPN Peers                   : 250
AnyConnect for Mobile             : Disabled
AnyConnect for Cisco VPN Phone    : Disabled
Advanced Endpoint Assessment      : Disabled
Shared License                    : Disabled
Total TLS Proxy Sessions          : 2
Botnet Traffic Filter             : Enabled
Cluster                           : Disabled

Serial Number: 9A2U9VPUTQH

Image type          : Release
Key version         : A

Configuration last modified by enable_15 at 12:15:07.479 UTC Sun Feb 2 2025
ASAv#

ASAv# show vpn-sessiondb license-summary

ASAv는 Anyconnect Capacity는 250개 까지 가능하고 License 기본제공 2개 까지만 가능 합니다.

아래 정보를 보시면 현재 라이센스 사용수, 최대치 사용수까지 확인 가능 합니다.

ASAv# show vpn-sessiondb license-summary
---------------------------------------------------------------------------
VPN Licenses and Configured Limits Summary
---------------------------------------------------------------------------
                                     Status : Capacity : Installed :  Limit
                                  -----------------------------------------
AnyConnect Premium               :  ENABLED :      250 :         2 :   NONE
AnyConnect Essentials            : DISABLED :      250 :         0 :   NONE
Other VPN (Available by Default) :  ENABLED :      250 :       250 :   NONE
Shared License Server            : DISABLED
Shared License Participant       : DISABLED
AnyConnect for Mobile            : DISABLED(Requires Premium or Essentials)
Advanced Endpoint Assessment     : DISABLED(Requires Premium)
AnyConnect for Cisco VPN Phone   : DISABLED
VPN-3DES-AES                     :  ENABLED
VPN-DES                          :  ENABLED
---------------------------------------------------------------------------

---------------------------------------------------------------------------
VPN Licenses Usage Summary
---------------------------------------------------------------------------
                          Local : Shared :   All  :   Peak :  Eff.  :
                         In Use : In Use : In Use : In Use :  Limit : Usage
                       ----------------------------------------------------
AnyConnect Premium     :      0 :      0 :      0 :      2 :      2 :    0%
  AnyConnect Client    :                 :      0 :      1          :    0%
    AnyConnect Mobile  :                 :      0 :      0          :    0%
  Clientless VPN       :                 :      0 :      1          :    0%
  Generic IKEv2 Client :                 :      0 :      0          :    0%
Other VPN              :                 :      0 :      0 :    250 :    0%
  Cisco VPN Client     :                 :      0 :      0          :    0%
  L2TP Clients
  Site-to-Site VPN     :                 :      0 :      0          :    0%
---------------------------------------------------------------------------

ASAv#

ASAv# show vpn-sessiondb
---------------------------------------------------------------------------
VPN Session Summary
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concur : Inactive
                             ----------------------------------------------
AnyConnect Client            :      0 :         17 :           1 :        0
  SSL/TLS/DTLS               :      0 :         17 :           1 :        0
Clientless VPN               :      0 :          2 :           1
  Browser                    :      0 :          2 :           1
---------------------------------------------------------------------------
Total Active and Inactive    :      0             Total Cumulative :     19
Device Total VPN Capacity    :    250
Device Load                  :     0%
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Tunnels Summary
---------------------------------------------------------------------------
                               Active : Cumulative : Peak Concurrent
                             ----------------------------------------------
Clientless                   :      0 :          2 :               1
AnyConnect-Parent            :      0 :         17 :               1
SSL-Tunnel                   :      0 :         17 :               1
DTLS-Tunnel                  :      0 :          5 :               1
---------------------------------------------------------------------------
Totals                       :      0 :         41
---------------------------------------------------------------------------

ASAv#

하드웨어적으로 최대 지원되는 Anyconnect 유저수

지금까지 [ASA #05] - Remote Access VPN License 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > ASA 방화벽' 카테고리의 다른 글

[ASA #06] - Remote Access VPN current user check (0)	2025.02.02
[ASA #04] - Remote Access VPN (0)	2025.02.02
[ASA #03] - ASDM Install (0)	2025.02.02
[ASA #02] - TFTP Install (0)	2025.02.02
[ASA #01] - Basic Config (0)	2025.02.02

안녕하세요.

오늘은 Cisco ASA Remote Acess VPN에 대해서 알아보겠습니다.

CLI 기준입니다.

1. Secure Client를 다운로드 받습니다. pkg 확장자입니다.

https://software.cisco.com/download/home/286330811/type/282364313/release/5.1.7.80

2. 다운로드 파일을 TFTP 폴더에 복사 합니다.

3. 이 파일을 cisco ASA에 업로드 합니다.

ASAv# copy tftp flash

Address or name of remote host []? 192.168.10.102

Source filename []? cisco-secure-client-win-5.1.7.80-webdeploy-k9.pkg

Destination filename [cisco-secure-client-win-5.1.7.80-webdeploy-k9.pkg]?

Accessing tftp://192.168.10.102/cisco-secure-client-win-5.1.7.80-webdeploy-k9.pkg...!!!

ASAv# dir flash:

Directory of disk0:/

7      -rwx  0            11:39:22 May 21 2017  use_ttyS0
11     drwx  4096         03:12:34 Feb 02 2025  smart-log
8      drwx  4096         03:10:50 Feb 02 2025  log
12     drwx  4096         03:12:40 Feb 02 2025  coredumpinfo
84     -rwx  204561552    07:24:47 Feb 02 2025  asdm-openjre-7221.bin
85     -rwx  154655608    08:11:13 Feb 02 2025  cisco-secure-client-win-5.1.7.80-webdeploy-k9.pkg

8571076608 bytes total (8190124032 bytes free)

ASAv#

4. Cisco Remote Access VPN 설정값입니다.

4-1 Secure Client를 통해서 User가 ASA VPN에 연결 되면 IP주소는 192.168.200.100~ 192.168.200.200 사이에 IP주소를 할당 받습니다.

4-2 SPLIT_TUNNEL 10.1.1.0/24 대역 통신 할때는 VPN에 접속 합니다.

4-3 SSL_USER 계정은 VPN용으로만 사용 가능 합니다.

아래 처럼 그냥 COPY and PASTE하면 cisco ASA Remote Access VPN이 동작 합니다.

webvpn
anyconnect image flash:/cisco-secure-client-win-5.1.7.80-webdeploy-k9.pkg
enable outside
anyconnect enable
http redirect OUTSIDE 80
ip local pool VPN_POOL 192.168.200.100-192.168.200.200 mask 255.255.255.0
access-list SPLIT_TUNNEL standard permit 10.1.1.0 255.255.255.0
access-list SPLIT_TUNNEL standard permit 10.10.10.0 255.255.255.0

group-policy ANYCONNECT_POLICY internal
group-policy ANYCONNECT_POLICY attributes
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL
dns-server value 8.8.8.8
webvpn
anyconnect keep-installer installed
anyconnect ask none default anyconnect
anyconnect dpd-interval client 30
exit

tunnel-group MY_TUNNEL type remote-access
tunnel-group MY_TUNNEL general-attributes
default-group-policy ANYCONNECT_POLICY
address-pool VPN_POOL
exit

tunnel-group MY_TUNNEL webvpn-attributes
group-alias SSL_USERS enable

webvpn
tunnel-group-list enable

username SSL_USER password XXXXXXX

username SSL_USER attributes
service-type remote-access

5. https://192.168.10.78 접속 합니다

ASAv# show nameif
Interface                Name                     Security
GigabitEthernet0/0       outside                    0
GigabitEthernet0/1       inside                   100
Management0/0            MGMT                       0
ASAv# show int
ASAv# show interface ip brie
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         192.168.10.78   YES manual up                    up
GigabitEthernet0/1         10.1.1.254      YES manual up                    up
GigabitEthernet0/2         unassigned      YES unset  administratively down down
GigabitEthernet0/3         unassigned      YES unset  administratively down down
GigabitEthernet0/4         unassigned      YES unset  administratively down down
GigabitEthernet0/5         unassigned      YES unset  administratively down down
GigabitEthernet0/6         unassigned      YES unset  administratively down down
Management0/0              192.168.100.250 YES manual up                    up
ASAv#

6. Download가 완료되면 설치 합니다. 설치 과정은 생략 하겠습니다.

7. 설치가 완료되면 Cisco Secure Client를 실행해서 접속 합니다.

Connect Anyway를 클릭 합니다.

만약에 아래처럼 실행 오류가 나면 아래처럼 추가적으로 설정이 필요합니다.

ASDM 에 접속해서 아래처럼 접속합니다.

Remote-Access VPN -> Network Client Access -> Secure Client Profile -> Add

아래처럼 LocalUserOnly -> AllowRemoteUser로 수정 합니다.

다시 접속을 시도 합니다.

정상적으로 접속 되었습니다.

Remote Access User가 VPN통해서 내부에 있는 자원에 통신 할려고 방화벽 정책이 필요 합니다.

G0/0 outside - ACL name - outsideacl

G0/1 inside - ACL name - insideacl

G0/2 DMZ - ACL name -dmzacl

ASAv# show interface ip  brie
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         192.168.10.78   YES manual up                    up
GigabitEthernet0/1         10.1.1.254      YES manual up                    up
GigabitEthernet0/2         10.10.10.254    YES manual up                    up
GigabitEthernet0/3         unassigned      YES unset  administratively down down
GigabitEthernet0/4         unassigned      YES unset  administratively down down
GigabitEthernet0/5         unassigned      YES unset  administratively down down
GigabitEthernet0/6         unassigned      YES unset  administratively down down
Management0/0              192.168.100.250 YES manual up                    up
ASAv#

SW 설정

interface GigabitEthernet0/1
no switchport
ip address 10.10.10.10 255.255.255.0
negotiation auto
ip route 0.0.0.0 0.0.0.0 10.10.10.254

방화벽 정책 설정

ASAv(config)# access-list outsideacl extended permit ip 192.168.200.0 255.255.255.0 10.10.10.0 255.255.255.0
ASAv(config)# access-group outsideacl in interface outside

Secure Client 접속후 Ping 10.10.10.10 하면 아래처럼 성공 합니다.

ASAv# show access-list
access-list cached ACL log flows: total 1, denied 1 (deny-flow-max 4096)
alert-interval 300
access-list SPLIT_TUNNEL; 2 elements; name hash: 0x63aa8f22
access-list SPLIT_TUNNEL line 1 standard permit 10.1.1.0 255.255.255.0 (hitcnt=0) 0x96d75e6a
access-list SPLIT_TUNNEL line 2 standard permit 10.10.10.0 255.255.255.0 (hitcnt=0) 0x23138585
access-list outsideacl; 1 elements; name hash: 0x945119d1
access-list outsideacl line 1 extended permit ip 192.168.200.0 255.255.255.0 10.10.10.0 255.255.255.0 (hitcnt=1) 0xb46d0730
ASAv#

만약에 Remote Access VPN USER들은 outbound access-list 없이 그냥 BYpass하고 싶으면 아래 명령어를 입력합니다.

ASA1(config)# sysopt connection permit-vpn

지금까지 [ASA #04] - Remote Access VPN 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > ASA 방화벽' 카테고리의 다른 글

[ASA #06] - Remote Access VPN current user check (0)	2025.02.02
[ASA #05] - Remote Access VPN License (0)	2025.02.02
[ASA #03] - ASDM Install (0)	2025.02.02
[ASA #02] - TFTP Install (0)	2025.02.02
[ASA #01] - Basic Config (0)	2025.02.02

안녕하세요.

오늘은 ASA에 ASDM file를 업로드 하고 PC에 ASDM 프로그램을 설치해보겠습니다.

1. 현재 asa에서 version를 확인 합니다.

ASAv# show version

Cisco Adaptive Security Appliance Software Version 9.8(1)
Firepower Extensible Operating System Version 2.2(1.47)
Device Manager Version 7.8(1)

Compiled on Wed 10-May-17 15:38 PDT by builders
System image file is "boot:/asa981-smp-k8.bin"
Config file at boot was "startup-config"

ASAv up 53 mins 52 secs

Hardware: ASAv, 2048 MB RAM, CPU Xeon E5 series 2394 MHz,
Model Id: ASAv10
Internal ATA Compact Flash, 8192MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB

9.8 버전을 사용중에 있습니다.

2. ASDM 사용하기 위해서는 ASA에 ASDM file이 Flash메모리에 저장되어야 합니다.

3. TFTP 설치 합니다. 이전 글에서 설치 하였습니다. 이번글에서는 설치 과정은 생략 합니다.

https://itblog-kr.tistory.com/185

[ASA #02] - TFTP Install

안녕하세요. ASDM를 설치 하기 위해서는 ASDM 파일에 cisco ASA flash 저장 되어져 있어야 합니다. TFTP통해서 asdm파일을 cisco asa에 업로드 해보겠습니다. 이번에는 TFTP 설치에 대해서 알아보겠습니

itblog-kr.tistory.com

4. C드라이브에 TFTP폴더를 만들고 ASDM 파일을 복사합니다.

5. TFTP를 실행합니다.

그리고 폴더 위치랑 IP주소를 수정 합니다.

6. 아래처럼 tftp서버 IP랑 asdm 파일 이름을 입력해서 asdm를 cisco asa 업로드 합니다.

ASAv# copy tftp: flash:

Address or name of remote host []? 192.168.10.102

Source filename []? asdm-openjre-7221.bin

Destination filename [asdm-openjre-7221.bin]?

Accessing tftp://192.168.10.102/asdm-openjre-7221.bin...!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verifying file disk0:/asdm-openjre-7221.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/asdm-openjre-7221.bin...

204561552 bytes copied in 628.840 secs (325734 bytes/sec)
ASAv#

7. dir flash:를 통해서 asdm 이미지 파일을 확인 합니다.

ASAv# dir flash:

Directory of disk0:/

7      -rwx  0            11:39:22 May 21 2017  use_ttyS0
11     drwx  4096         03:12:34 Feb 02 2025  smart-log
8      drwx  4096         03:10:50 Feb 02 2025  log
12     drwx  4096         03:12:40 Feb 02 2025  coredumpinfo
84     -rwx  204561552    07:24:47 Feb 02 2025  asdm-openjre-7221.bin

8. ASDM를 사용하기 위해서 아래처럼 설정 합니다.

ASAv# conf t
ASAv(config)# asdm image disk0:/asdm-openjre-7221.bin
ASAv(config)# http server enable
ASAv(config)# http 0.0.0.0 0.0.0.0 inside
ASAv(config)# username kevin password XXXXXXX privilege 15
ASAv(config)#

9. inside interface는 Gi0/1이고 IP주소는 10.1.1.254입니다.

ASAv# show int ip brie
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         192.168.10.78   YES manual up                    up
GigabitEthernet0/1         10.1.1.254      YES manual up                    up
GigabitEthernet0/2         unassigned      YES unset  administratively down down
GigabitEthernet0/3         unassigned      YES unset  administratively down down
GigabitEthernet0/4         unassigned      YES unset  administratively down down
GigabitEthernet0/5         unassigned      YES unset  administratively down down
GigabitEthernet0/6         unassigned      YES unset  administratively down down
Management0/0              192.168.100.250 YES manual up                    up
ASAv#

ASAv# show nameif
Interface                Name                     Security
GigabitEthernet0/0       outside                    0
GigabitEthernet0/1       inside                   100
Management0/0            MGMT                       0
ASAv#

아래처럼 접속을 시도 합니다. 그리고 Install ASDM Launcher를 클릭 합니다.

로그인을 합니다.

로그인이 성공하면 아래처럼 파일이 다운로드 됩니다.

10. 실행해서 설치 합니다. Next를 클릭 합니다.

11. Next를 클릭 합니다.

12. Install클릭 합니다.

설치가 진행 됩니다.

13. ASDM이 설치가 완료 되었습니다. 바탕화면에 ASDM 아이콘이 생성 되었습니다.

14. 실행 했을때 아래처럼 에러 메시지가 발생하면 추가적으로 수정이 필요합니다.

경로값이를 아래처럼 수정 합니다.

C:\Windows\System32\wscript.exe invisible.vbs run.bat

접속을 시도 합니다.

100% 완료 될때까지 기다립니다.

접속이 완료 되었습니다.

지금까지 [ASA #03] - ASDM Install 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > ASA 방화벽' 카테고리의 다른 글

[ASA #06] - Remote Access VPN current user check (0)	2025.02.02
[ASA #05] - Remote Access VPN License (0)	2025.02.02
[ASA #04] - Remote Access VPN (0)	2025.02.02
[ASA #02] - TFTP Install (0)	2025.02.02
[ASA #01] - Basic Config (0)	2025.02.02

안녕하세요.

ASDM를 설치 하기 위해서는 ASDM 파일에 cisco ASA flash 저장 되어져 있어야 합니다.

TFTP통해서 asdm파일을 cisco asa에 업로드 해보겠습니다.

이번에는 TFTP 설치에 대해서 알아보겠습니다.

가장 많이 쓰는 Free TFTP 프로그램은

아래 링크를 통해서 다운로드 받습니다.

https://pjo2.github.io/tftpd64/

TFTPD64 : an opensource IPv6 ready TFTP server/service for windows : TFTP server

Tftpd64 The industry standardTFTP server Tftpd64 is a free, lightweight, opensource IPv6 ready application which includes DHCP, TFTP, DNS, SNTP and Syslog servers as well as a TFTP client. The TFTP client and server are fully compatible with TFTP option su

pjo2.github.io

2. Download Page를 클릭 합니다.

3. TFTPD64-4.64-setup.exe 파일을 클릭 합니다.

4. 파일을 클릭 해서 실행 합니다.

5. I agree를 클릭 합니다.

6. Next버튼을 클릭 합니다.

7. Install 버튼을 클릭 합니다.

8. Close버튼을 클릭 합니다.

지금까지 [ASA #02] - TFTP Install 글을 읽어주셔서 감사합니다.

저작자표시

'CISCO > ASA 방화벽' 카테고리의 다른 글

[ASA #06] - Remote Access VPN current user check (0)	2025.02.02
[ASA #05] - Remote Access VPN License (0)	2025.02.02
[ASA #04] - Remote Access VPN (0)	2025.02.02
[ASA #03] - ASDM Install (0)	2025.02.02
[ASA #01] - Basic Config (0)	2025.02.02

안녕하세요.

이번에 고객사에서 사용중인 ASA Firewall를 FTD로 Migration를 해야하는데 CISCO ASA 방화벽을 너무 오랜간만에 다시 다루게 되어서 ASA Anyconnect - Remote Access VPN에 대해서 공부해 보겠습니다.

EVE-NG에서 아래처럼 구성도를 만들었습니다.

EVE-NG ASA 설치 과정은 아래 글을 확인 부탁드립니다.

https://itblog-kr.tistory.com/19#google_vignette

[2024][EVE-NG #9] ASAv 방화벽 설치하기

안녕하세요. 오늘은 [2024][EVE-NG #9] ASAv 방화벽 설치하기입니다. 1. 공식적인 사이트 링크는 아래와 같습니다. https://www.eve-ng.net/index.php/documentation/howtos/howto-add-cisco-asav/ Cisco ASAv -Versions this gui

itblog-kr.tistory.com

1. EVE-NG에서 토폴로지를 아래와 같이 만듭니다.

2. 기본설정을 합니다.

E0/0 - zone - outside - ip 192.168.10.77/24

E0/1 - zone - inside - ip 10.1.1.1/24

GW: 192.168.10.253

ciscoasa# conf t
ciscoasa# hostname asa
ASA#
ASA(config)# int e0
ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# ip add 192.168.10.77 255.255.255.0
ASA(config-if)# no sh
ASA(config)# int e1
ASA(config-if)# nameif inside
ASA(config-if)# ip add 10.1.1.254 255.255.255.0
ASA(config-if)# no sh
ASA(config-if)#

ASA(config)# route outside 0.0.0.0 0.0.0.0 192.168.10.253
ASA(config)#

Nameif 확인

ASAv# show nameif
Interface                Name                     Security
GigabitEthernet0/0       outside                    0
GigabitEthernet0/1       inside                   100
ASAv#

Interface 확인

ASAv# show interface ip brie
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         192.168.10.78   YES manual up                    up
GigabitEthernet0/1         10.1.1.254      YES manual up                    up
GigabitEthernet0/2         unassigned      YES unset  administratively down down
GigabitEthernet0/3         unassigned      YES unset  administratively down down
GigabitEthernet0/4         unassigned      YES unset  administratively down down
GigabitEthernet0/5         unassigned      YES unset  administratively down down
GigabitEthernet0/6         unassigned      YES unset  administratively down down
Management0/0              unassigned      YES unset  administratively down up
ASAv#

Default Gateway 확인

ASAv# show route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.10.253 to network 0.0.0.0

S*       0.0.0.0 0.0.0.0 [1/0] via 192.168.10.253, outside
C        10.1.1.0 255.255.255.0 is directly connected, inside
L        10.1.1.254 255.255.255.255 is directly connected, inside
C        192.168.10.0 255.255.255.0 is directly connected, outside
L        192.168.10.78 255.255.255.255 is directly connected, outside

2. PC에서 Ping 192.168.10.77

지금 까지 [ASA #01] - Basic Config 대해서 알아보았습니다.

다음글은 ASDM를 설치해서 cisco ASA 접속해보겠습니다.

저작자표시

'CISCO > ASA 방화벽' 카테고리의 다른 글

[ASA #06] - Remote Access VPN current user check (0)	2025.02.02
[ASA #05] - Remote Access VPN License (0)	2025.02.02
[ASA #04] - Remote Access VPN (0)	2025.02.02
[ASA #03] - ASDM Install (0)	2025.02.02
[ASA #02] - TFTP Install (0)	2025.02.02

IT BLOG(KR)