欢迎来到天天文库
浏览记录
ID:38210095
大小:32.50 KB
页数:4页
时间:2019-05-25
《CISCO+ASA+5520配置手册》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库。
1、CD-ASA5520#showrun:Saved:ASAVersion7.2(2)!hostnameCD-ASA5520 //给防火墙命名domain-namedefault.domain.invalid //定义工作域 enablepassword9jNfZuG3TC5tCVH0encrypted //进入特权模式的密码namesdns-guard!interfaceGigabitEthernet0/0 //内网接口:duplexfull //接口作工模式:全双工,半双,自适应
2、 nameifinside //为端口命名:内部接口insidesecurity-level100 //设置安全级别0~100值越大越安全ipaddress192.168.1.1255.255.255.0 //设置本端口的IP地址!interfaceGigabitEthernet0/1 //外网接口nameifoutside //为外部端口命名:外部接口outsidesecurity-level0ipaddress202.98.131.122255.255.255.0//IP地址
3、配置!interfaceGigabitEthernet0/2nameifdmzsecurity-level50ipaddress192.168.2.1255.255.255.0! interfaceGigabitEthernet0/3shutdownnonameifnosecurity-levelnoipaddress!interfaceManagement0/0 //防火墙管理地址shutdownnonameifnosecurity-levelnoipaddress!passwd2KFQnbNIdI.2KYOUencryptedftpmodepassive
4、 clocktimezoneCST8dnsserver-groupDefaultDNSdomain-namedefault.domain.invalidaccess-listoutside_permitextendedpermittcpanyinterfaceoutsideeq3389 //访问控制列表access-listoutside_permitextendedpermittcpanyinterfaceoutsiderange3000030010//允许外部任何用户可以访问outside接口的30000-30010的端口。pagerlines24loggingenable
5、 //启动日志功能loggingasdminformationalmtuinside1500 内部最大传输单元为1500字节mtuoutside1500mtudmz1500iplocalpoolvpnclient192.168.200.1-192.168.200.200mask255.255.255.0//定义一个命名为vpnclient的IP地址池,为remote用户分配IP地址nofailovericmpunreachablerate-limit1burst-size1asdmimagedisk0:/asdm-522.binnoasdmhistoryenab
6、learptimeout14400 //arp空闲时间为14400秒global(outside)1interface//由于没有配置NAT故这里是不允许内部用户上INTERNETstatic(dmz,outside)tcpinterface30000192.168.2.230000netmask255.255.255.255//端口映射可以解决内部要公布的服务太多,而申请公网IP少问题。static(dmz,outside)tcpinterface30001192.168.2.230001netmask255.255.255.255//把dmz区192.168.2.230002
7、映射给外部30002端口上。static(dmz,outside)tcpinterface30002192.168.2.230002netmask255.255.255.255static(dmz,outside)tcpinterface30003192.168.2.230003netmask255.255.255.255static(dmz,outside)tcpinterface30004192.168.2.2300
此文档下载收益归作者所有