Cisco ASA 5505 防火墙怎么设置?
发布网友
发布时间:2024-01-09 23:26
我来回答
共4个回答
热心网友
时间:2024-03-09 04:20
1111、、、、IPSECIPSECIPSECIPSEC VPN VPN VPN VPN 基本配置基本配置基本配置基本配置 access-list no-nat extended permit ip 192.168.222.0 255.255.255.0 172.16.100.0 255.255.255.0 //定义VPN数据流 nat (inside) 0 access-list no-nat //设置IPSEC VPN数据不作nat
热心网友
时间:2024-03-09 04:20
interface Vlan2
nameif outside --------------------对端口命名外端口
security-level 0 --------------------设置端口等级
ip address X.X.X.X 255.255.255.224 --------------------调试*地址
!
interface Vlan3
nameif inside --------------------对端口命名内端口
security-level 100 --------------------调试*地址
ip address 192.168.1.1 255.255.255.0 --------------------设置端口等级
!
interface Ethernet0/0
switchport access vlan 2 --------------------设置端口VLAN与VLAN2绑定
!
interface Ethernet0/1
switchport access vlan 3 --------------------设置端口VLAN与VLAN3绑定
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 211.99.129.210
name-server 202.106.196.115
access-list 102 extended permit icmp any any ------------------设置ACL列表(允许ICMP全部通过)
access-list 102 extended permit ip any any ------------------设置ACL列表(允许所有IP全部通过)
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface ------------------设置NAT地址映射到*口
nat (inside) 1 0.0.0.0 0.0.0.0 ------------------NAT地址池(所有地址)
access-group 102 in interface outside ------------------设置ACL列表绑定到外端口
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 ------------------设置到*的默认路由
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside ------------------设置TELNET所有地址进入
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside ------------------设置SSH所有地址进入
ssh timeout 30
ssh version 2
console timeout 0
!
dhcpd address 192.168.1.100-192.168.1.199 inside ------------------设置DHCP服务器地址池
dhcpd dns 211.99.129.210 202.106.196.115 interface inside ------------------设置DNS服务器到内网端口
dhcpd enable inside ------------------设置DHCP应用到内网端口
!
前几天去客户那调试CISCO-ASA-5505设备,第一次摸,跟PIX一样,呵呵.没有技术含量,都是最基本的.其他业务配置暂时没配,会及时更新的.
热心网友
时间:2024-03-09 04:21
哇塞 有这么好的设备不会配...可惜
怎么配不是一两句话你就能明白的
配置是根据你需求来的, 都不知道你需求,谁会帮你配
热心网友
时间:2024-03-09 04:21
防火墙VPN体系和路由器体系一样,只是命令不一样而已。