**************************** Lab 1 - Configuring Web VPN **************************** ------ R1 ------ ip http server enable secret cisco ------ ASA ------ webvpn enable outside ! group-policy SALES internal group-policy SALES attributes vpn-tunnel-protocol ssl-clientless banner value "Authorized Users Only!!!!" ! username Sales1 password Cisco123 username Sales1 attribute vpn-group-policy SALES **************************************************** Lab 2 - Configuring ASDM Access on the ASA Firewall **************************************************** http server enable username admin password Cisco123 privilege 15 aaa authentication http console LOCAL http 10.10.10.0 255.255.255.0 inside **************************************************** Lab 3 - Configuring AnyConnect VPN using a Wizard **************************************************** -> Launch the Wizard [ Wizards -> VPN Wizards -> AnyConnect VPN Wizards ] Information: --------------- Connection Profile Name: AC-VPN VPN Access Interface: Outside Device Certificate: ------------------------ TrustPoint Name: ASA-TP Generate a Self-Signed Identity Certificate Client Image: ------------------------- Add the Windows Image Authentication Method: -------------------------- LOCAL Address Pool: -------------------------- Pool Name: VPN-POOL Start Address: 192.168.1.1 End Address: 192.168.1.254 Subnet Mask: 255.255.255.0 Notes: ------- By default all traffic coming thru the VPN terminated on the Firewall is allowed. This is due to the following default command: sysopt connection permit-vpn ***************************** 1. ESA ***************************** ================================== Overview of how E-mail works ================================== ---------------------------------- Client to the Local SMTP Server ---------------------------------- -> Client wants to send an e-mail to a friend [JohnB@ABC.com] -> Client will be configured with the IP Address/Hostname of the local SMTP Server. -> Client uses SMTP to send the e-mail to the Local SMTP Server. ---------------------------------- SMTP Server to DNS ---------------------------------- -> As @ABC.com is a domain, your SMTP server needs to know the actual SMTP Server on the remote domain. -> It sends a request for the MX record for ABC.com to the DNS Server for ABC.com -> The DNS server will respond back with the Hostname of the SMTP Server(s). -> The SMTP Server now knows the Hostname of the remote SMTP Server. -> It sends a Name resolution request to the DNS Server looking for the IP Address for the hostname. -> The DNS server responds with the IP Address of the SMTP Server. ---------------------------------- SMTP Server to SMTP Server ---------------------------------- -> The SMTP connects to the Remote SMTP Server to deliver the Mail. -> The Receiving SMTP Server takes the mail and delivers it to the mailbox of the User. -> The Mailbox can be on the same server or a different internal server. ---------------------------------- Client to SMTP Server ---------------------------------- -> Once the Mail is received in the Mail, the Client uses the either POP/IMAP/Web client to retrieve the mail from the Mailbox. ================================== Overview of ESA ================================== -> If you are using the ESA as a SMTP Server, you would need to configure the MX & A record on the public DNS Server to point to the ESA for the SMTP Server. -> The internal clients will also point to the ESA as the SMTP Server. -> All the outgoing and Incoming E-Mail is checked on the ESA before getting forwarded either to internal Mail Server [Inbound Mail] or towards the Remote SMTP Server [Outbound Mail]. Placement: -> It is recommended that you place the ESA on the DMZ Network. -> Allow access from the outside to the ESA thru your Firewall. -> You could use a single interface on the ESA to receive the traffic from the internet; Check it against the filters; If clean, forward it on the same interface towards the internal mail server on the Corporate network. -> You could also use a separate interface for forwarding the traffic towards the Internal Mailbox server by utilizing a separate link between the ESA and the FW ================================== Lab 1 - Initialize ESA - CLI ================================== -> Login using the CLI [ Username : admin / Password : ironport ] -> Interfaceconfig -> Edit -> 1 [Management Interface] -> Configure an IPv4 Address : Y -> Name of the Interface : Management -> IP Address : 192.168.101.25 -> Subnet Mask : 255.255.255.0 -> Interface Name: ESA.KBITS.IN -> sethostname ESA.KBITS.IN -> Commit ================================== Lab 2 - Initialize ESA - GUI ================================== -> Browse to https://192.168.101.25 and login using the default username and password. -> Username: admin Password: ironport -> Run the System Setup Wizard [ System Administration -> System Setup Wizard ] -> Specify the System Hostname : Default -> Alerts for both : Khawarb@kbits.in -> Change Password : Kbits@123 Routing -> Default Gateway : 192.168.1.10 -> DNS Server : 192.1.13.99 -> Configure Data1 to receive e-mail on behalf of kbits.live and forward the messages to 192.168.100.99 -> Take the defaults for the rest of the configuration -> Install it -> Skip the AD Wizard Note: At this time, the device is ready to receive E-mails. You just need to change the MX and A records on the DNS Server if you have changed your Translations. If you kept the same public IP for the ESA as your previous Mail Translations, you don't need to change the DNS Server. Outbound Relay Capability Mail Policies -> HAT -> Mail Flow Policies -> Add Policy -> Name : RELAYED -> Connection Behavior : Relay -> Take the defaults for the rest Submit Commit Changes Commit Changes Mail Policies -> HAT -> HAT Overview -> Add Sender Group Name: RELAYLIST Order : 1 Policy : RELAYED Submit and Add Senders Sender Type: IP Addresses Sender : 192.168.100.99 Submit Commit Changes Commit Changes ===================================== Lab 3 - Reconfigure the ASA Firewall ===================================== ASA no object network MAIl object network ESA host 192.168.1.25 nat (DMZ,Outside) static 192.1.11.25 ! access-list ACL-OUTSIDE permit tcp any host 192.168.1.25 eq 25 ! access-list ACL-DMZ permit ip host 192.168.1.25 any access-group ACL-DMZ in interface DMZ ================================== Lab 4 - Configure Policies ================================== Mail Policies -> Incoming Content Filters -> Add Filter Add Conditions and Actions Submit Commit Changes Commit Changes Mail Policies -> Incoming Mail Policies -> Add Policy Name : INCOMING KBITS Add User Any Sender / Any Recipient Submit INCOMING KBITS -> Content Filters -> Default -> Enable Content Filters -> Select the filters that were created earlier -> Submit Commit Changes ------------------------------ Clean message --------------------------------- Thu Oct 1 21:28:45 2020 Info: MID 3 Subject 'TEST ESA - IC # 1111111111111111111111111111111111111111111' Thu Oct 1 21:28:45 2020 Info: MID 3 SDR: Domains for which SDR is requested: reverse DNS host: Not Present, helo: SRV, env-from: abc.com, header-from: abc.com, reply-to: Not Present Thu Oct 1 21:28:45 2020 Info: MID 3 SDR: Message was not scanned for Sender Domain Reputation. Reason: Invalid host configured. Thu Oct 1 21:28:45 2020 Info: MID 3 SDR: Tracker Header : uo6xq8nr49sdOy0ep0vNmRPOjSJpukX5wWhyigpoWxHUzAjwVCQd0tWK8B+WXLgUZDmhRJF+wSS0bLRXfvtm0EkQsdJL8i2rzClAVGHjLPa9vObGXdFYh59vneSYT9ra70DI71Ewve6h6rZ7/7bqNiPwkpZ1tgq/tbaqaj7bIaOeaczGIdI3VgZw7tF1bJGW4utZevxh2yRaezeXv92Uegr4t8t6q1B/uje+hy7ZmMs1KaoY9vFuYeh/63spTtls16Z3kWshh6/g5cGpFHWCOMUsBjDlmS5l5iubbJYAJuU= Thu Oct 1 21:28:45 2020 Info: MID 3 ready 689 bytes from Thu Oct 1 21:28:45 2020 Info: MID 3 matched all recipients for per-recipient policy INCOMING-POLICY-KBITS in the inbound table Thu Oct 1 21:28:45 2020 Info: ICID 3 close Thu Oct 1 21:28:46 2020 Info: MID 3 interim verdict using engine: CASE spam negative Thu Oct 1 21:28:46 2020 Info: MID 3 using engine: CASE spam negative Thu Oct 1 21:28:46 2020 Info: MID 3 interim AV verdict using Sophos CLEAN Thu Oct 1 21:28:46 2020 Info: MID 3 antivirus negative Thu Oct 1 21:28:46 2020 Info: MID 3 AMP file reputation verdict : SKIPPED (no attachment in message) Thu Oct 1 21:28:46 2020 Info: MID 3 Outbreak Filters: verdict negative Thu Oct 1 21:28:46 2020 Info: MID 3 queued for delivery Thu Oct 1 21:28:46 2020 Info: New SMTP DCID 6 interface 192.168.2.25 address 192.168.100.25 port 25 Thu Oct 1 21:28:46 2020 Info: Delivery start DCID 6 MID 3 to RID [0] Thu Oct 1 21:28:56 2020 Warning: Received an invalid DNS Response: rcode=ServFail data="'\\xceT\\x81\\x82\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x0225\\x0220\\x011\\x03192\\x07in-addr\\x04arpa\\x00\\x00\\x0c\\x00\\x01'" to IP 192.1.13.99 looking up 25.20.1.192.in-addr.arpa Thu Oct 1 21:28:57 2020 Info: Message done DCID 6 MID 3 to RID [0] Thu Oct 1 21:28:57 2020 Info: MID 3 RID [0] Response 'Queued (11.372 seconds)' Thu Oct 1 21:28:57 2020 Info: Message finished MID 3 done ------------------------------ BOMB message --------------------------------- Thu Oct 1 21:29:01 2020 Info: Start MID 4 ICID 4 Thu Oct 1 21:29:01 2020 Info: MID 4 ICID 4 From: Thu Oct 1 21:29:01 2020 Info: MID 4 ICID 4 RID 0 To: Thu Oct 1 21:29:01 2020 Info: MID 4 Message-ID '' Thu Oct 1 21:29:01 2020 Info: MID 4 Subject 'TEST ESA IC # 22222222222222222222222222222222222' Thu Oct 1 21:29:01 2020 Info: MID 4 SDR: Domains for which SDR is requested: reverse DNS host: Not Present, helo: SRV, env-from: abc.com, header-from: abc.com, reply-to: Not Present Thu Oct 1 21:29:01 2020 Info: MID 4 SDR: Message was not scanned for Sender Domain Reputation. Reason: Invalid host configured. Thu Oct 1 21:29:01 2020 Info: MID 4 SDR: Tracker Header : xbOiEM5zkUfdyfZ43nUcLqX9xy/0tXm33SbewZWz8CpV9CjVwR+VMeE9x7BnqKTd9Hj2GYzgWbj0BmuehhX6cRzY/xNtP9delAcYxyh2ZB9MWqEwHdwP0y8Ayd9OxPsS6ozjLjvqKVwgreoCUWRm2QAtAsLM0VDv0oaUmH6yUbOjOP/KCqifWBK5Qqj5Lms30X4gDTwRNA1paaE4dOA9axyKTNy/hFPUAzzonR1LQqbWKa/MM0tj89lSMsxCqtxIjnlZ8C96hh+9aFEU3WTlFcjcbSYR62fxPB1aefh9TKo= Thu Oct 1 21:29:01 2020 Info: MID 4 ready 692 bytes from Thu Oct 1 21:29:01 2020 Info: MID 4 matched all recipients for per-recipient policy INCOMING-POLICY-KBITS in the inbound table Thu Oct 1 21:29:01 2020 Info: ICID 4 close Thu Oct 1 21:29:02 2020 Info: MID 4 interim verdict using engine: CASE spam negative Thu Oct 1 21:29:02 2020 Info: MID 4 using engine: CASE spam negative Thu Oct 1 21:29:02 2020 Info: MID 4 interim AV verdict using Sophos CLEAN Thu Oct 1 21:29:02 2020 Info: MID 4 antivirus negative Thu Oct 1 21:29:02 2020 Info: MID 4 AMP file reputation verdict : SKIPPED (no attachment in message) Thu Oct 1 21:29:02 2020 Info: Message aborted MID 4 Dropped by content filter 'CUSTOM-INBOUND-FILTER-WORDS' in the inbound table Thu Oct 1 21:29:02 2020 Info: Message finished MID 4 done Thu Oct 1 21:29:02 2020 Info: DCID 6 close