Thank you for the tutorial. Just a tip if anyone has trouble in making it works. 10:58 in the newer version of packet tracer 8.2.2, the service-policy command is added already. Proceeding will cause a warning and prevent the policy working, delete it first by putting "no" keyword in the front.
Prof Saleh, you don't need to reply my previous msg. I just found out that Packet Tracer can be very unstable. Thank you for your videos. After many tries, when I go back to my previous file, it just work without any changes. I also managed to get outside network to access to DMZ FTP & Web Servers. Thank You!
The best 👍🏻👏🏻 you make things easier tbh, thanks you so much Sir, i hope if you can make a video for the 3 zones INSIDE , OUTSIDE and DMZ with more than one ASA.
sweet work. I like when you do the configurations and you add the step by step documents and packet tracer file, than the step by step documents and packet tracer file without you doing it. am new to this tho. Great work.
What about in the case where the outside access list of of the firewall has three routers, VLANs together with classless sub networks? ie ciscoasa---->> R1 ---->> R2 ---->> R3 ---->>SW1 ---->> VLANs (classless sub-networks)?
Prof Saleh, why is it that I added inspection icmp command to the global policy but my ping packets kept on stuck at ASA even though, the destination address at simulation event is directing to the PC? I checked every commands related to glabal policy, class mapping ...
Also, if we are matching default-inspection-traffic which seems to include well know port numbers, why do we still have to go an inspect (allow) each one?
Hi Sir I have a problem when. I configure ASA 5506X interfaces and saving the configuration after closing packet tracer topology. When start again the topology firewall show its interfaces in down state.
i can't ping anything outside the firewall despite that i followed your steps from A to Z including using the same ip addresses that you used here but yet i can't ping my router and server, i got all these (dns, http and icmp) in my server but yet i can i not ping server from inside pc . What should i do next
Salam dear, make sure the ports are enabled, and that you configure the default route for outside on the ASA, if you still can't ping, please send me a message on Messenger, and will help you out, wishing you a blessed day. S.
@@MrSaleh970 Salam Sir. Thank you so much for your prompt reply. Yes the ports are all enabled, I been trying in and out but cannot get an idea why so this happens with all ASA labs. 8.8.8.1 gets pinged in all cases but not .8. Really need your help to get thru this. How to contact you on messenger ? Greetings and have a great day, Anand
I can't ping the dns icmp and http just like other problems that i read in the comment. does anyone tell me whats the problem? or maybe the version of his packet tracer is outdated? coz im using updated maybe thats the reason?
thanks sir for that have you done but why do you not make a video on each suggestion like ( Configure Clientless, Cisco Anyconnect, and Site to Site VPN With ASA Firewall) ,ASA MPLS VPN, ASA redundancy , or ASA virtualization .
I have been configured the same topology and I save the configuration but when I close the packet tracer and enter the file i find the DHCP works fine but the DNS in the PCs not configured and I can't access the web. any help? why the DNS becomes 0.0.0.0
Salam Anas, start over you work from scratch, and follow the walk through document, and to have further help, see one of my latest videos about ASA 5506.
@@MrSaleh970 it's from the scratch and i follow the steps , before i close the packet tracer file , everything works fine . the problem when i close it and reenter it the DNS change to zeros but the DHCP work fine
i tried two of your labs (the above one and the one where all configurations are there) but am not able to ping server in any case, after giving the exact comments in packet tracer, all your labs used to work for me but not for this asa configs.
Hello, did you follow the walk through documents? download both files, the P.T. and the word documents,and follow through, and when you are done with your configurations, try to run some show commands to make sure you did the right configurations.
thank you @karthik ramesh, it worked brother. i am going to ask you a small favor, i checked for packet tracer 6.2 from netacad but they have taken out it seems, i prefer to download directly from netacad website, anything you can suggest to get 6.2 version ?
What gives? I did the same configuration in packet tracer and the pings would not go through. When i do a simulated ping, packet tracer says "The ASA does not allow any traffic from a lower security interface to a higher security interface unless it is explicitly permitted by an extended access list." Any ideas? object network LAN subnet 192.168.1.0 255.255.255.0 ! ! object network LAN nat (inside,outside) dynamic interface ! ! ! ! class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default inspect icmp ! service-policy global_policy interface outside
Hello Gregory, sorry for the late respond, but i will do a thorough lab with walk through documents with explanations, once again, sorry for being late.
I want to write to other people who will watch this tutorial, don’t watch it - it doesn’t work. This guy glued it together somewhere in the middle and everything works for him. All the other dudes who wrote here were either bought or bots. The real comments that are here also encountered a problem, in the end he sends them to the stolen manual. Conclusion - don't watch.
Thank you for the tutorial. Just a tip if anyone has trouble in making it works. 10:58 in the newer version of packet tracer 8.2.2, the service-policy command is added already. Proceeding will cause a warning and prevent the policy working, delete it first by putting "no" keyword in the front.
"no service-policy global_policy global" 명령어 입력을 하여 이전에 적용되었던 명령을 삭제하고 다시 "service-policy global_policy global" 명령어를 입력하니 제대로 동작합니다.
how, I'm trying this its still not working?
Explained in a concise manner, and the accent, pronunciation and enunciation should be the goal of everyone wishing to do a tech video. Excellent!
Prof Saleh, you don't need to reply my previous msg. I just found out that Packet Tracer can be very unstable. Thank you for your videos. After many tries, when I go back to my previous file, it just work without any changes. I also managed to get outside network to access to DMZ FTP & Web Servers.
Thank You!
thanks for this video, it short with great meaning and impacts
Worked like a charm. Thank you!
I have no words to thanks you but thank you sir
I had configured inside and outside address opposite. Thank you it worked
Thanks, Saleh. My first security lab practice. It worked very well.
Thanks always Saleh, welcome back Sir
Thank you so much Saleh, this video is amazing , helpful and great for me as a beginner. Thanks again and God bless.
The best 👍🏻👏🏻 you make things easier tbh, thanks you so much Sir, i hope if you can make a video for the 3 zones INSIDE , OUTSIDE and DMZ with more than one ASA.
Yes This is a Good one If you can do
Thank you , saved my day
Thank you sir for your explanation. It really helped me
Thank you bro Ramesh, it worked, great, thanks alot
Merci beaucoup monsieur salah
Thank you, valuable lab
Thank you for sharing your knowledge Sir.
sweet work. I like when you do the configurations and you add the step by step documents and packet tracer file, than the step by step documents and packet tracer file without you doing it. am new to this tho. Great work.
Hi
I have à question what i have to do yo ping my router and asa outside from gns3 ?
Great tutorial. question how about the ip address for the switch
Thank you sir, very helpful
What about in the case where the outside access list of of the firewall has three routers, VLANs together with classless sub networks?
ie ciscoasa---->> R1 ---->> R2 ---->> R3 ---->>SW1 ---->> VLANs (classless sub-networks)?
Thank you so much Saleh for a great video. Can you please make a video for three zones INSIDE, OUTSIDE AND DMZ PLEASE. Thanks brother
Good work as usual.
thanks for this video
Prof Saleh, why is it that I added inspection icmp command to the global policy but my ping packets kept on stuck at ASA even though, the destination address at simulation event is directing to the PC?
I checked every commands related to glabal policy, class mapping ...
Great stuff wish there was more context around the syntax tho, I don't follow the "inspect" logic. Why is it not just "permit"?
The network is /24 and /30 .. How can the network see each other ?
great job
Also, if we are matching default-inspection-traffic which seems to include well know port numbers, why do we still have to go an inspect (allow) each one?
I use ciscoasa 5506 firewall devices the command all works well but when I try to ping the dns server it does not respond
why
Sir, your videos are Awesome. however Little bit more explanation will be expected for some commands. your Lab manuals and Files are great helpful
Hi Sir
I have a problem when. I configure ASA 5506X interfaces and saving the configuration after closing packet tracer topology.
When start again the topology firewall show its interfaces in down state.
i can't ping anything outside the firewall despite that i followed your steps from A to Z including using the same ip addresses that you used here but yet i can't ping my router and server, i got all these (dns, http and icmp) in my server but yet i can i not ping server from inside pc . What should i do next
Hi Sir if possible please make a detailed configuration video on Asa 5506 x complete video
I can't do ping with dns.
PCB request timed out.
And doesn't appear the http ping
Sir i tried again on this again, but cannot ping 8.8.8.8 , what could be the reason ?
Salam dear, make sure the ports are enabled, and that you configure the default route for outside on the ASA, if you still can't ping, please send me a message on Messenger, and will help you out, wishing you a blessed day. S.
@@MrSaleh970 Salam Sir. Thank you so much for your prompt reply. Yes the ports are all enabled, I been trying in and out but cannot get an idea why so this happens with all ASA labs. 8.8.8.1 gets pinged in all cases but not .8. Really need your help to get thru this. How to contact you on messenger ? Greetings and have a great day, Anand
assign IP to DNS server statically 8.8.8.8 255.0.0.0 default gateway 8.8.8.1
thanks , easy to understand
hi,does anyone know how to solve this issue:WARNING: Policy map global_policy is already configured as a service policy
What command would you do to inspect all service protocols by default rather then creating individual entries to inspect dns, http, icmp?
each one is policy based
use these commands
policy-map global_policy
class inspection_default
inspect
then the ASA will inspect common protocols by default.
You Mail addres ?
can you do a vpn connection configuration with ASA and other remote location ?
I am CCNA completed. I want to learn Firewall.
Your vedeo is Great, and easy to uderstand.
I would like to watch configuration of DMZ
Thank you so much
I can't ping the dns icmp and http just like other problems that i read in the comment. does anyone tell me whats the problem? or maybe the version of his packet tracer is outdated? coz im using updated maybe thats the reason?
thanks a lot
My ASA seems to still be blocking the ICMP. After creating the class map I still connot ping 8.8.8.8 from either PC. Thoughts? the ports are enabled
also getting the warning WARNING: Policy map global_policy is already configured as a service policy
@@wadep you fix that buddy ?
@@nau_hazmi7425 did you find solution?
Thank you sir !!!
thanks sir for that have you done but why do you not make a video on each suggestion like ( Configure Clientless, Cisco Anyconnect, and Site to Site VPN With ASA Firewall) ,ASA MPLS VPN, ASA redundancy , or ASA virtualization .
why dhcp option 3 IP command?
used for default-gateway whereas for dns is option 6.
what is mean by security level (0,100,70) what was the use of that..? can anyone explain please
security level ranges from 0-100 ,100 is trusted; the lower level the security is
the less trusted zone it is.
hello sir, can make another video with inside outside and dmz, im struggling with asa pls help me
I have been configured the same topology and I save the configuration but when I close the packet tracer and enter the file i find the DHCP works fine but the DNS in the PCs not configured and I can't access the web. any help? why the DNS becomes 0.0.0.0
Salam Anas, start over you work from scratch, and follow the walk through document, and to have further help, see one of my latest videos about ASA 5506.
@@MrSaleh970 it's from the scratch and i follow the steps , before i close the packet tracer file , everything works fine .
the problem when i close it and reenter it the DNS change to zeros but the DHCP work fine
@@anba9818 did you save your work before you close packet tracer?
@@MrSaleh970 yes i did
@@anba9818 you must copy run start each device
How to ping from outside to inside it's not working please help me
Hello, Please follow the walk through documents, and check your work as you go.
Hello sir please I needed your help because of project of end my engineering cycle
I work on ASA5505
i tried two of your labs (the above one and the one where all configurations are there) but am not able to ping server in any case, after giving the exact comments in packet tracer, all your labs used to work for me but not for this asa configs.
Hello, did you follow the walk through documents? download both files, the P.T. and the word documents,and follow through, and when you are done with your configurations, try to run some show commands to make sure you did the right configurations.
thank you @karthik ramesh, it worked brother. i am going to ask you a small favor, i checked for packet tracer 6.2 from netacad but they have taken out it seems, i prefer to download directly from netacad website, anything you can suggest to get 6.2 version ?
i have issue that i can't ping 8.8.8.8 server though everything look fine
What gives? I did the same configuration in packet tracer and the pings would not go through. When i do a simulated ping, packet tracer says "The ASA does not allow any traffic from a lower security interface to a higher security interface unless it is explicitly permitted by an extended access list." Any ideas?
object network LAN
subnet 192.168.1.0 255.255.255.0
!
!
object network LAN
nat (inside,outside) dynamic interface
!
!
!
!
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
inspect icmp
!
service-policy global_policy interface outside
Hello Gregory, sorry for the late respond, but i will do a thorough lab with walk through documents with explanations, once again, sorry for being late.
Thanks Saleh
Thank you Sir
thhhhhhaaannnnk you so much
super
I want to write to other people who will watch this tutorial, don’t watch it - it doesn’t work. This guy glued it together somewhere in the middle and everything works for him. All the other dudes who wrote here were either bought or bots. The real comments that are here also encountered a problem, in the end he sends them to the stolen manual. Conclusion - don't watch.
Not pinging dns
👍
Wow
it is not big deal just give the network with multiple vlans in multilayer switch them show the demo. unsatisfied
Thank you so much