Cisco ASA 5505 配置案例

cheng029

cisco asa 5505详细配置实例
外网地址10.132.1.41 255.255.0.0 网关10.132.255.254
内网地址192.168.0.0 255.255.255.0 网关192.168.0.1
服务器地址192.168.0.200
开通80、3389、icmp端口


wr er删除配置reload

Pre-configure Firewall now through interactive prompts [yes]?
Firewall Mode [Routed]:

Enable password [<use current password>]:cisco
Allow password recovery [yes]?
Clock (UTC):
  Year [2009]:
Month [Oct]:
Day [22]:
Time [21:38:57]: 14:28:33
Inside IP address: 192.168.0.1
Inside network mask: 255.255.255.0
Host name: asa5505
Domain name:ciscoasa
IP address of host running Device Manager:
Use this configuration and write to flash?y

进入全局模式
asa5505> en
Password: *****
asa5505# conf t

配置vlan2
asa5505(config)# int vlan 2
asa5505(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
asa5505(config-if)# ip address 10.132.1.41 255.255.0.0
asa5505(config-if)# no shut
asa5505(config-if)# quit

添加端口
asa5505(config)# int e 0/0
asa5505(config-if)# switchport access vlan 2
asa5505(config-if)# no shut

配置路由
asa5505(config)#route outside 0.0.0.0 0.0.0.0 10.132.255.254

配置全局NAT
asa5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0
asa5505(config)# global (outside) 1 interface
INFO: outside interface address added to PAT pool

配置ACL
asa5505(config)# access-list 101 extended permit icmp any any
asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 80
asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 3389
asa5505(config)# access-group 101 in interface outside

配置映射
asa5505(config)# static (inside,outside) tcp interface 80 192.168.0.200 80 netmask 255.255.255.255
asa5505(config)# static (inside,outside) tcp interface 3389 192.168.0.200 3389 netmask 255.255.255.255

wr保存OK

0

支持一下:lol

314598340

男人与女人,终究也只是欲望的动物吧!真的可以因为爱而结合吗?对不起,我也不知道。。

十二12

下雨了，别忘了打伞，湿身是小，淋病就麻烦啦*^_^*

lig

禽兽尚且有半点怜悯之心，而我一点也没有，所以我不是禽兽。

q968

要是我灌水，就骂我“三个代表”没学好吧。

haloi

禽兽尚且有半点怜悯之心，而我一点也没有，所以我不是禽兽。