Cisco ASA 5505 配置案例
cisco asa 5505详细配置实例外网地址10.132.1.41 255.255.0.0 网关10.132.255.254内网地址192.168.0.0 255.255.255.0 网关192.168.0.1服务器地址192.168.0.200开通80、3389、icmp端口wr er删除配置reload Pre-configure Firewall now through interactive prompts ?Firewall Mode : Enable password [<use current password>]:ciscoAllow password recovery ?Clock (UTC):Year :Month :Day :Time : 14:28:33Inside IP address: 192.168.0.1Inside network mask: 255.255.255.0Host name: asa5505Domain name:ciscoasaIP address of host running Device Manager:Use this configuration and write to flash?y 进入全局模式asa5505> enPassword: *****asa5505# conf t 配置vlan2asa5505(config)# int vlan 2asa5505(config-if)# nameif outsideINFO: Security level for "outside" set to 0 by default.asa5505(config-if)# ip address 10.132.1.41 255.255.0.0asa5505(config-if)# no shutasa5505(config-if)# quit 添加端口asa5505(config)# int e 0/0asa5505(config-if)# switchport access vlan 2asa5505(config-if)# no shut 配置路由asa5505(config)#route outside 0.0.0.0 0.0.0.0 10.132.255.254 配置全局NATasa5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0asa5505(config)# global (outside) 1 interfaceINFO: outside interface address added to PAT pool 配置ACLasa5505(config)# access-list 101 extended permit icmp any anyasa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 80asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 3389asa5505(config)# access-group 101 in interface outside 配置映射asa5505(config)# static (inside,outside) tcp interface 80 192.168.0.200 80 netmask 255.255.255.255asa5505(config)# static (inside,outside) tcp interface 3389 192.168.0.200 3389 netmask 255.255.255.255 wr保存OK
页:
[1]