Network Object Group : Intro to ASA Firewalls : Cisco Training Videos
HTML-код
- Опубликовано: 5 фев 2025
- Hello! Welcome to my Intro to Firewalls training series. This video will help you develop and understanding of network object groups on the CLI of the Cisco ASA Firewall.
Enjoy!
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
Thank you for your video. That really give me fully understand about object network group in cisco ASA.
I am glad it could help you. Object-groups are fun!
This is my first time of watching a video on cisco and understanding how object group network works and I just grasp how it went down
The only guy who make sense and focus to the point.....! Cant be more accurate than this dude. This is what we do at job daily bases if anyone knows all these commands consider that they know half of trouble shooting and networking.....Thanks a world dude...
+Haroon Haiderzad Glad to help!!
Fantastic description. That is the best description I have ever seen for object-groups.
Thank you. I just spent the last 24 hours re-reading my learning material scratching my head trying to understand how object-groups work. Now it makes sense and can move on with my studying for finals next week.
very excited to hear this helped you
Thank you very much, I had someone try to explain this to me a while ago and it didn’t make sense. I think see a real-world example helped, I get it now.
The best thing in your videos is that they are so simple and clear. you don't talk about shit which is not truly related to the topic in any way. What I hate the most is when someone start talking about any specific topic, they forget it in the middle and go to some other topics and then come back to original topic in last few minutes.
These are very informative, and you should be sure we all are enjoying it :)
Keep it bro, Thanks.
I am very excited to hear your feedback. Thank you! That's the business model: short videos with highly specific content. Glad you are enjoying them Abdul!
TrevorTraining Hello brother, I just started learning ASA. Could you please suggest me any COMPLETE training? I searched everywhere but all I found were different topics related to ASA. What I want is complete training step by step from start to end.
Thanks
Abdul Samad Absolutely. All of Cisco's training is free and on their site.ENOJY!! Here is a
1,280 page document on Cisco ASA 8.x
code:www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd.pdf
.Here is a 2,158 page document on ASA 9.x
code:www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config.pdf
Thanks man, But I am looking for Video training :)
Great video. I have no idea how you have learned so much and seem so fluid. The Cisco equipment seems to use its own odd language vs something like HP equipment that seems very straight forward.
Lots of experience and studying! Glad to help! Let me know if you have any other questions
OMG so good! still works the same now in 2020, well done!
Outstanding video. Appreciate your effort on this. You made it as clear as a bell.
Thanks
That was really help full. I fully understood and was able to simulate in GNS3, great job bro
i'm glad to help!
you saved my live man Ty. It is easier than i thougth
sooo clear... like the re-enactment of the sound.
ITsupportian Very glad to help!
Really informative video of your above series, it solves many real time exposure :)
Cisco2Junos Thank you for the feedback. I am looking forward to making more firewall videos. I have lots of great plans. One of the plans being a 40 hour series on VPNs. Keep in touch!
As always "awesome and comprehensive"
Very glad to hear you're learning so much on these videos!
I have a few questions:
- Why did you need to block specific SSH addresses at all? Wouldn't they hit the implicit deny?
- Couldn't you have just made on access list blocking the 1.1.1.0 subnet in just one access-list
Awesome Video..Very informative :-)
Narendra Varma Thank you Narendra. Let me know if you have any other questions
Excellent video. Thanks.
I'm glad you liked it! Let me know if you have any topics you would like me to cover!
Great video.
pretty straight forward, didn't even get lost.
Great to hear!
Is there a video that shows how to setup Object Network Groups, ACL's and NAT to get an ASA setup using the newest IOS 9.1(4) and 7.1? I can't seem to get my ASA to allow traffic from my inside network. I have an ASA5510 ---->2811 Router---->2970 Switch------>Laptops, PC's, Servers Etc. I have 3 VLANs 1(192.168.1.0/24), 10(172.16.10.0/24) and 20(172.16.20.0/24). I am so lost and I can't seem to find a video that explains how to setup all the necessary components to get to the internet!
I haven't made videos on that yet sorry man! But since you're on the new ASA code, remember that the NATting syntax changed. you'll need to set up auto nats on your firewall for 1 to 1 translation.
Here is an example:
object network DB-SVR
host 192.168.100.25
nat (inside,outside) static x.x.x.x
also make sure you check the obvious stuff, are your interfaces configured correctly?
when you issue a show ip int brief do you see the line protocol up?
can you ping the public IP address of your firewall? What access-lists do you have configured, is the access-group set properly?
That's exactly how my boss sounds too XD
Thank you ❤️
Nice Video. It helps.
Awesome! I am happy to help
Damn good teacher, Thanks Trevor
Why cant we use a wild card mask to block the set of IP as before
Does ASA support wild card mask
+Abdull Imran ASA and ASAX use the regular netmask for convenience purposes
good video bro
totally awesome!
yeah i use them all the time, glad to help!!
If it's possible, could you please provide full tutorial link.
what about going from DMZ to Outside.... do i do a access-group 101 out interface outside ?
Trendnet18 If you would like to do that you would need:
access-list 99 extended permit
access-list 99 extended deny ip object-group DMZ-SEGMENT object-group INSIDE-SEGMENT
access-list 99 extended permit ip any any
TrevorTraining Hi, Currently have in notepad will this work ? :
access-list dmz extended permit ip object-group IP_CAMERA any
access-group dmz in interface dmz(already inside the asa)
This config is basically to view CCTV in another country so I set static IP on the PC to access it.
Q2) I am unable to launch asdm I enter the login details and it goes black I tried java 6 update 17 and java 6 update 37. using asdm 5.0(8) as the ASA is at 7.0 version
Trendnet18 Hi, I would recommend not using asdm and just use the cli.
If you need to give outbound access to local ip addresses on your DMZ, what you have will work depending on the contents of your object-group IP_CAMERA. That is defining that only the contents of the object-group can access the internet. Everything else will be dropped. If traffic is coming the other way, you will need to make an acl applied to the outside interface. If you are over 8.3 code version, the inspection provess for packets changes, and the destination hosts will need to be private addresses in the outside acl.
I am using 7.0... IP_CAMERA just has 5 Ip addresses placed on the DMZ...
Trendnet18 so your acl will allow those 5 ip address to initiate connections outbound on the internet. You got it
Thank you sir.
good one .thanks
+Chetanamounika Machavarapu glad to help!
Can some one help.. how to clear multiple host in one object grop by using one single command on cisco asa
I will usually just prep the syntax change in a text editor. put it in column mode, and put "no" in from of the host or network entries in the object-group
all the 350 host are in the 1.1.1.0 ntwk. cant we just deny them in a single line as a subnet instead of typing 350 lines for each host ?.. if its just to show us an example to teach then its alright. thank you.
the first 255 are in 1.1.1.0. The remaining 95 are in 1.1.2.0.
nice.
Sky Satshop Thank you have a great day!