Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp475744pxa; Tue, 11 Aug 2020 07:39:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbKcLS9SpeGcn/jWL8MfrcLRq2sqrmgS/WVz2tc6fh9w11aFmNIC7DHTB1cnltJYi5xCfK X-Received: by 2002:a50:e109:: with SMTP id h9mr26547531edl.47.1597156747830; Tue, 11 Aug 2020 07:39:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597156747; cv=none; d=google.com; s=arc-20160816; b=0jdCI8TJ3arVJMbSgzDnUtKjhG5ZnYglFd1Lt54/X6ybqDzKwTW9r6K1aqoXda01Mo CYnzUNz1XbQN1Ejp9HN/y41mJcEwRRdhYUVTUjSko4UTVOCR5/nu1Y+3giCesGQXCfzv 8IBP+bMiT5Is4cfQE05KEAlT2xTu69yzWVx/DTSn8Zh/FjaEoOPElg4JJQbqRfF/aH3v mFEDfItJoGTKhtmHwFIKerqzSm/yh64LnD2V9U9+PvSDsKxmKAmdgSGAK38qQUfhXo83 Ej/nYIevr9LyOHv1Xk/6XLB14+MDQ1rnMOVrOU6AW3xc90v9xm6DM5czN2Si2AFd9E/d 623Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:user-agent :message-id:subject:cc:to:from:date:mime-version; bh=Pua0iF4MFosqZ7TeeXhY3fzrx1Iou+rcBs3TDRP8k9E=; b=KShOlECcK7zVFIt95P5p0NjgU5ZT8puA8sA1V3s25jPiMAGIAqHPu3zNcGAhHhBXnR 3sRILKReXgNctgYKZjcbCuZ6TPaHtpPEr/DNhHcGDizWQFTvrueKCFTY7OHkibwLcWKW eXU6y5X3q+WTOJBxh5Ru9YGTqaQNv4HsP7LrCTef1eRXSXUjWVBoBVxpuB7QExxGy2/P bPKCJyEIe4vCuMcieWx+n5YSVDcd3tZZKVhoKbciGo24nKHbUwc4BpTYHPNbc12FJj+v DSSiRccBdayV8EsvuGhrMx5c+93O3U0kVtTafa7hXLTcStm7M0RCQbTCpNEaA35AHIlm LJ/A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=teo-en-ming.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ca18si12108845edb.414.2020.08.11.07.38.43; Tue, 11 Aug 2020 07:39:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=teo-en-ming.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728844AbgHKOfL (ORCPT + 99 others); Tue, 11 Aug 2020 10:35:11 -0400 Received: from ec2-3-21-30-127.us-east-2.compute.amazonaws.com ([3.21.30.127]:49886 "EHLO www.teo-en-ming.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728781AbgHKOfK (ORCPT ); Tue, 11 Aug 2020 10:35:10 -0400 Received: from localhost (localhost [IPv6:::1]) by www.teo-en-ming.com (Postfix) with ESMTPA id B61C343A8BF; Tue, 11 Aug 2020 22:35:08 +0800 (+08) MIME-Version: 1.0 Date: Tue, 11 Aug 2020 22:35:08 +0800 From: Turritopsis Dohrnii Teo En Ming To: linux-kernel@vger.kernel.org Cc: ceo@teo-en-ming-corp.com Subject: How to Setup TWO DMZ Zones (DMZ1 and DMZ2) on the Cisco ASA 5506-X Firewall Message-ID: <5bbe3ed461b0f0da8a39a7eb5416749f@teo-en-ming.com> X-Sender: ceo@teo-en-ming.com User-Agent: Roundcube Webmail/1.2.3 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Subject: How to Setup TWO DMZ Zones (DMZ1 and DMZ2) on the Cisco ASA 5506-X Firewall Author: Mr. Turritopsis Dohrnii Teo En Ming (Targeted Individual) Country: Singapore, Singapore, Singapore Date: 11 August 2020 Tuesday Singapore Time Type of Publication: Plain Text Cisco ASA firewall appliances are based on open source software. Reference Guide: Cisco ASA DMZ Configuration Example Link: https://www.speaknetworks.com/cisco-asa-dmz-configuration-example/ Cisco ASA CLI commands: interface GigabitEthernet1/6 description to DMZ1 nameif dmz1 security-level 50 ip address 192.168.1.1 255.255.255.0 interface GigabitEthernet1/7 description to DMZ2 nameif dmz2 security-level 50 ip address 192.168.2.1 255.255.255.0 nat (dmz1,outside) after-auto source dynamic any interface nat (dmz2,outside) after-auto source dynamic any interface object network DMZ1SERVER-EXT host object network DMZ1SERVER-INT host 192.168.1.10 nat (dmz1,outside) static DMZ1SERVER-EXT service tcp ssh ssh access-list OUTSIDE extended permit tcp any object DMZ1SERVER-INT eq ssh access-group OUTSIDE in interface outside object network DMZ2SERVER-EXT host object network DMZ2SERVER-INT host 192.168.2.10 nat (dmz2,outside) static DMZ2SERVER-EXT service tcp ssh ssh access-list OUTSIDE extended permit tcp any object DMZ2SERVER-INT eq ssh access-group OUTSIDE in interface outside copy run start Additional Learning Material ============================ Reference Guide: Remote Access IPsec VPNs Link: https://www.cisco.com/c/en/us/td/docs/security/asa/asa95/configuration/vpn/asa-95-vpn-config/vpn-remote-access.html -- -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE-----