配置如下 :# \- M/ C P$ c5 X( F5 b5 Q* P
6 e. L2 W& W! c3 B, n3 k4 @; l
: Saved
$ X6 Z( ]5 d! F' a$ }6 E0 p; B1 h- b:7 D; V% }% `! j9 h! `
ASA Version 8.2(5) - E, L4 X) d5 o( o$ V) G5 e
!
. q6 a. ~% b' e+ b( phostname ciscoasa
6 } u8 _0 h1 |& h( henable password 8Ry2YjIyt7RRXU24 encrypted
: U% F' o8 o8 p. j8 z: fpasswd 2KFQnbNIdI.2KYOU encrypted; W: m" V$ l( [7 u
names
) f" t5 {( T C: E- B& c; `9 N' c!
4 _9 A7 _9 U/ z; e, i& |, c' Einterface GigabitEthernet0/07 M4 u) O! _" u
nameif outside
. Q6 d& w& A) _ security-level 02 {3 d- I" y* ?- r7 ^1 h$ }2 E
ip address 221.0.113.20 255.255.255.240
6 i1 B3 q, k, j8 t9 M!) v( Y8 Q6 b& k, R2 j) C
interface GigabitEthernet0/1
4 n4 ?# V I0 j7 Z% x8 d: W nameif inside% I6 d( W% T* q: E
security-level 100, x6 S( Z0 M0 u( b$ j- N
ip address 192.168.1.1 255.255.255.0
( w1 T" e% G G$ \!
7 l9 G# v8 {( kinterface GigabitEthernet0/2; O* e# ^( Q9 P9 E% T
shutdown: D: A) D) n% }. J
no nameif
) V; h; \% t$ N3 o- T r: N6 U. y no security-level1 p: X; m* m# G, n$ V
no ip address
. @7 b9 f7 ^* d! ^ D! N!
|" }3 M* j/ v( W, e% N- A, C& [2 t$ i' I0 W/ l
7 D0 K) u2 N( h4 ^8 Hinterface GigabitEthernet0/3
7 u3 O6 R# _9 i7 R7 G nameif dmz
9 U1 D/ s7 p1 g9 K, l security-level 0
: N# w y6 p& T ip address 192.168.2.1 255.255.255.0
. U% E, F" o0 E7 G/ F!
$ b/ a J7 K [' F- ninterface Management0/0
0 u: ^& d, {0 W- I5 {3 j% v shutdown7 I2 u: p8 M" N j, X
nameif management: V8 J. {( V x) O' i6 r. ^6 `
security-level 100) _: E" U- U" w4 a; C4 k
ip address 192.168.100.1 255.255.255.0 7 q% M2 f) q- z
management-only
* N" S' b# H, J' k!
# N( A0 A3 L, _' l3 ]" e; [ftp mode passive
1 d- i) u% g/ v2 u; K! K, g/ naccess-list 102 extended permit ip any any
5 z8 v, ^/ {8 v& k( d) O2 f3 faccess-list outdmz extended permit tcp any any
, B7 I- w7 y/ J; d g3 J+ s0 ]access-list outdmz extended permit ip any any
% D4 p) T8 p% |1 U, P' V
2 ]& ^* D. ?. x; c) r5 T! ypager lines 24( ]- K" G( |* d0 ?. a
logging asdm informational
6 q, o& n" {7 t. gmtu outside 1500; w. z \( }& E) K4 E: m( _7 ~
mtu inside 1500$ Y+ @+ V% e- M+ A L; C: Z! m
mtu dmz 1500$ ~$ e( w6 v$ {4 @2 M* ?0 I0 A
mtu management 1500) l" P1 _0 n) a0 E
no failover' L3 \0 U1 z0 }6 {3 C
icmp unreachable rate-limit 1 burst-size 1
3 D0 k/ b% ?1 ]6 f6 _0 dno asdm history enable
' \; [: r2 w R: o6 k' @* G# D, z
4 e a5 S" g% P% |+ {
arp timeout 14400
7 h8 @7 }4 P/ B9 B. Knat-control
% h3 u. l3 \* y( P9 Gglobal (outside) 1 interface
: _- D' O' r' Z& H3 i: r2 t8 q) fglobal (dmz) 1 interface
' N) j# S5 r6 fnat (inside) 1 192.168.1.0 255.255.255.0
! o7 m9 _& ]1 e2 A. }nat (dmz) 1 192.168.2.0 255.255.255.04 t1 g2 w( Z) e+ _; q
static (dmz,outside) tcp interface 5000 192.168.2.2 5000 netmask 255.255.255.255
{: v* r2 W2 R7 P1 W0 t+ m: h7 ~static (dmz,outside) tcp interface 4500 192.168.2.2 4500 netmask 255.255.255.255
& |) V9 V' X8 w9 l. q& {6 f3 W- Ystatic (dmz,outside) tcp interface https 192.168.2.2 https netmask 255.255.255.255
5 M6 L p, a: ~2 V4 K& {/ _1 l7 |. ], nstatic (dmz,outside) tcp interface 1455 192.168.2.4 1455 netmask 255.255.255.255 2 o) |% [1 ~* c7 L
static (dmz,outside) tcp interface 1433 192.168.2.3 1433 netmask 255.255.255.255 2 z+ D, p, M9 d( O0 ?2 B( W$ A/ |
static (dmz,outside) tcp interface 8001 192.168.2.5 8001 netmask 255.255.255.255
# s% p8 O5 Y% l( o, z) x) Vstatic (dmz,outside) tcp interface 8000 192.168.2.5 8000 netmask 255.255.255.255 8 |. [- P' o$ U
access-group outdmz in interface outside
) R! u4 B, G$ @route outside 0.0.0.0 0.0.0.0 221.0.113.17 1$ _0 K/ O2 p* ?
timeout xlate 3:00:00
- x, b; j0 a/ h0 G- Z& t( u! G9 Stimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
1 M# P4 t/ y0 ?) xtimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00. \& |) K) t, L1 F
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00! p0 o. ?+ J' t# X+ @
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
; p2 @1 i# X5 a( vtimeout tcp-proxy-reassembly 0:01:00
& Z. |1 P8 b3 n" ]% \timeout floating-conn 0:00:00
. _3 T4 h% y! B- Idynamic-access-policy-record DfltAccessPolicy& @* _, I1 f3 v( K( C" n
http server enable
. W) O7 l/ O: v# k2 phttp 0.0.0.0 0.0.0.0 inside
# U" b# ?8 m% @! _+ B( Dhttp 0.0.0.0 0.0.0.0 dmz$ n' x% t I7 g; \: {5 J* B9 @( X
no snmp-server location) f. J1 ~/ T* J( Z/ [* k4 B
no snmp-server contact
2 `, `2 C( y' Qsnmp-server enable traps snmp authentication linkup linkdown coldstart
$ H! u: `' ]$ B- m2 Q) C jcrypto ipsec security-association lifetime seconds 28800
# `) a6 E0 r" c2 j9 O3 {. [crypto ipsec security-association lifetime kilobytes 4608000
6 z4 l c' B9 H* P* Ctelnet timeout 5
9 m% Z) P5 m1 Ussh timeout 59 z6 k/ E- K, \8 q* ?& i
console timeout 0
J( e0 \+ L4 Rdhcpd address 192.168.1.12-192.168.1.254 inside! Z7 ~, c6 @! J. W _2 [8 A* e
dhcpd dns 202.102.152.3 202.102.154.3 interface inside
- E& s7 G7 F& D. xdhcpd enable inside
9 I. `' `* i4 U# |) x; }!0 D) Z, C# H+ q U4 l9 \# x+ b9 [
threat-detection basic-threat
$ _: w) K+ Y4 ?6 Bthreat-detection statistics access-list" V) w, {0 ^ x: _6 c7 ^- w
no threat-detection statistics tcp-intercept
/ `. c4 [3 j a g: w+ I2 Dwebvpn% G3 Z6 h* R, Y5 P' l1 D' G# y; l
!! i7 D' l% r% @( W6 G
class-map inspection_default
+ P8 W; y1 X8 H6 w match default-inspection-traffic
4 y, U$ u# E% G- e: K- l8 `!7 z# b1 k; p, o* l: h1 P
!
4 c" Q6 g: B! ^. K Npolicy-map type inspect dns preset_dns_map4 b. P. a3 K- I3 u0 v4 {( c& K6 p
parameters
, _7 x* ?- b! h2 J+ T; O2 I' n* s8 _# U3 v/ L/ t- x, T
) O O& y: ]. q6 b% R5 u0 {
message-length maximum client auto
$ B; c9 t3 S2 J! z9 X9 e9 R message-length maximum 512
- X1 |% v3 L/ k1 Wpolicy-map global_policy# i! O1 ]. G0 ^5 |+ W
class inspection_default* Y7 _& d+ C1 T' T/ F2 v1 X7 H
inspect dns preset_dns_map l6 j: N; p9 _( x. t h: i
inspect ftp
- w* c( ^2 q; C: |4 |4 v7 c$ p inspect h323 h225
8 h0 `+ R7 ^7 E% F inspect h323 ras * a; y( P. ~. C
inspect rsh
* t# D* }: J" m3 D: I inspect rtsp
W# q' O; f* S8 G5 |6 G# U inspect esmtp
; j; k- B% d& l$ a inspect sqlnet
; u) q4 b2 v1 O4 ?8 N inspect skinny 6 J' p* Y# |2 i/ N' z
inspect sunrpc ( c2 d# l; @! M2 W9 O! y! z1 h( F/ [
inspect xdmcp 1 [; O, Z( g( @. D3 [- O. G
inspect sip
% B5 N+ ]+ x# L3 z! h w- s inspect netbios 7 V8 t9 C# r0 v& z/ `
inspect tftp 5 y9 S4 U( k: B4 }. D
inspect ip-options ) [" R4 ^& H2 O
!6 K% y3 G+ M9 T2 n6 a# D
service-policy global_policy global1 S7 D. e2 A: I5 q! o5 V6 X
prompt hostname context
0 h7 N$ H# V8 ?no call-home reporting anonymous6 V) _8 H* h& H% Q5 ~
Cryptochecksum:e52e38192b87c938f3ac973b748bd896
+ |7 x O# d, i5 o
6 p5 Z) a8 E& S- n( d W- _* I . h* u% c9 p! Q# T* Q' Q* C" t6 q
: end5 z2 t3 @$ {! u( b& }
: q- b2 I- \% j, j: K
ciscoasa(config)# # }& [" Z6 r$ Z; f, m
0 a5 K3 J9 ?$ d5 u* n3 a8 e什么都做好了 但是就是2.0段的DMZ 连接的终端不能上网 7 [$ r. u: p# g2 i) x' [9 H. X- H0 i) n
2 g7 W! ?8 f9 K, D) k* B" I) m" G& e+ U如何配置DMZ 2.0段的也通过一个公网IP上网 谢谢 救急!!!! |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
