《CiscoASA5505防火墙常用配置案例》由会员分享,可在线阅读,更多相关《CiscoASA5505防火墙常用配置案例(11页珍藏版)》请在金锄头文库上搜索。
1、 .interface Vlan2nameif outside -对端口命名外端口 security-level 0 -设置端口等级ip address X.X.X.X 255.255.255.224 -调试外网地址!interface Vlan3nameif inside -对端口命名内端口 security-level 100 -调试外网地址ip address 192.168.1.1 255.255.255.0 -设置端口等级!interface Ethernet0/0switchport access vlan 2 -设置端口VLAN与VLAN2绑定!interface Etherne
2、t0/1switchport access vlan 3 -设置端口VLAN与VLAN3绑定!interface Ethernet0/2shutdown!interface Ethernet0/3shutdown!interface Ethernet0/4shutdown!interface Ethernet0/5shutdown!interface Ethernet0/6shutdown!interface Ethernet0/7shutdown!passwd 2KFQnbNIdI.2KYOU encryptedftp mode passivedns domain-lookup inside
3、dns server-group DefaultDNSname-server 211.99.129.210name-server 202.106.196.115access-list 102 extended permit icmp any any -设置ACL列表(允许ICMP全部通过)access-list 102 extended permit ip any any -设置ACL列表(允许所有IP全部通过)pager lines 24mtu outside 1500 mtu inside 1500icmp unreachable rate-limit 1 burst-size 1no a
4、sdm history enablearp timeout 14400global (outside) 1 interface -设置NAT地址映射到外网口nat (inside) 1 0.0.0.0 0.0.0.0 -NAT地址池(所有地址)access-group 102 in interface outside -设置ACL列表绑定到外端口route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 -设置到外网的默认路由timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 i
5、cmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout uauth 0:05:00 absoluteno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkd
6、own coldstarttelnet 0.0.0.0 0.0.0.0 inside -设置TELNET所有地址进入telnet timeout 5ssh 0.0.0.0 0.0.0.0 outside -设置SSH所有地址进入ssh timeout 30ssh version 2console timeout 0 !dhcpd address 192.168.1.100-192.168.1.199 inside -设置DHCP服务器地址池dhcpd dns 211.99.129.210 202.106.196.115 interface inside -设置DNS服务器到内网端口dhcpd
7、enable inside -设置DHCP应用到内网端口!前几天去客户那调试CISCO-ASA-5505设备,第一次摸,跟PIX一样,呵呵.没有技术含量,都是最基本的.其他业务配置暂时没配,会及时更新的.Cisco ASA5505配置cisco, config, telnet, 防火墙, Cisco1.配置防火墙名ciscoasa enable ciscoasa# configure terminal ciscoasa(config)# hostname asa5505 2.配置telnetasa5505(config)#telnet 192.168.1.0 255.255.255.0 ins
8、ide /允许内部接口192.168.1.0网段telnet防火墙 3.配置密码asa5505(config)# password cisco -远程密码 asa5505(config)# enable password cisco -特权模式密码 4.配置IP asa5505(config)# interface vlan 2 -进入vlan2 asa5505(config-if)# ip address 218.16.37.222 255.255.255.192 -vlan2配置IP asa5505(config)#show ip address vlan2 -验证配置 5.端口加入vla
9、n asa5505(config)# interface e0/3 -进入接口e0/3 asa5505(config-if)# switchport access vlan 3 -接口e0/3加入vlan3 asa5505(config)# interface vlan 3 -进入vlan3 asa5505(config-if)# ip address 10.10.10.36 255.255.255.224 -vlan3配置IP asa5505(config-if)# nameif dmz -vlan3名 asa5505(config-if)# no shutdown -开启 asa5505(
10、config-if)# show switch vlan -验证配置 6.最大传输单元MTUasa5505(config)#mtu inside 1500 -inside最大传输单元1500字节 asa5505(config)#mtu outside 1500 -outside最大传输单元1500字节 asa5505(config)#mtu dmz 1500 -dmz最大传输单元1500字节 7.配置arp表的超时时间asa5505(config)#arp timeout 14400 -arp表的超时时间14400秒 8.FTP模式asa5505(config)#ftp mode passiv
11、e -FTP被动模式 9.配置域名asa5505(config)#domain-name C 10.启动日志asa5505(config)#logging enable -启动日志 asa5505(config)#logging asdm informational -启动asdm报告日志 asa5505(config)#Show logging -验证配置 11.启用http服务asa5505(config)#http server enable -启动HTTP server,便于ASDM连接。 asa5505(config)#http 0.0.0.0 0.0.0.0 outside -对外
12、启用ASDM连接 asa5505(config)#http 0.0.0.0 0.0.0.0 inside -对内启用ASDM连接 12.控制列表access-list acl_out extended permit tcp any any eq www -允许tcp协议80端口入站 access-list acl_out extended permit tcp any any eq https -允许tcp协议443端口入站 access-list acl_out extended permit tcp any host 218.16.37.223 eq ftp /允许tcp协议21端口到218.16.37.
