Cisco ASA 5505 配置案例
cisco asa 5505详细配置实例外网地址10.132.1.41 255.255.0.0 网关10.132.255.254
内网地址192.168.0.0 255.255.255.0 网关192.168.0.1
服务器地址192.168.0.200
开通80、3389、icmp端口
wr er删除配置reload
Pre-configure Firewall now through interactive prompts ?
Firewall Mode :
Enable password [<use current password>]:cisco
Allow password recovery ?
Clock (UTC):
Year :
Month :
Day :
Time : 14:28:33
Inside IP address: 192.168.0.1
Inside network mask: 255.255.255.0
Host name: asa5505
Domain name:ciscoasa
IP address of host running Device Manager:
Use this configuration and write to flash?y
进入全局模式
asa5505> en
Password: *****
asa5505# conf t
配置vlan2
asa5505(config)# int vlan 2
asa5505(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
asa5505(config-if)# ip address 10.132.1.41 255.255.0.0
asa5505(config-if)# no shut
asa5505(config-if)# quit
添加端口
asa5505(config)# int e 0/0
asa5505(config-if)# switchport access vlan 2
asa5505(config-if)# no shut
配置路由
asa5505(config)#route outside 0.0.0.0 0.0.0.0 10.132.255.254
配置全局NAT
asa5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0
asa5505(config)# global (outside) 1 interface
INFO: outside interface address added to PAT pool
配置ACL
asa5505(config)# access-list 101 extended permit icmp any any
asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 80
asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 3389
asa5505(config)# access-group 101 in interface outside
配置映射
asa5505(config)# static (inside,outside) tcp interface 80 192.168.0.200 80 netmask 255.255.255.255
asa5505(config)# static (inside,outside) tcp interface 3389 192.168.0.200 3389 netmask 255.255.255.255
wr保存OK
支持一下:lol 男人与女人,终究也只是欲望的动物吧!真的可以因为爱而结合吗?对不起,我也不知道。。 下雨了,别忘了打伞,湿身是小,淋病就麻烦啦*^_^* 禽兽尚且有半点怜悯之心,而我一点也没有,所以我不是禽兽。 要是我灌水,就骂我“三个代表”没学好吧。 禽兽尚且有半点怜悯之心,而我一点也没有,所以我不是禽兽。
页:
[1]