配置如下 :3 E) d$ Z) d9 K& o& U) @
' o. L' W. a. b; t9 v
: Saved1 n# e: L4 A. r* T& S
:
8 i( D' S0 x7 S, W, h( W4 qASA Version 8.2(5) 8 d, U2 O( C9 C0 k6 v. q% z4 [
! ?! ~( L0 q. X! ?
hostname ciscoasa
! L/ p4 d* C4 E! Jenable password 8Ry2YjIyt7RRXU24 encrypted% K% ?& `, f8 _* ~( w# [# _- s
passwd 2KFQnbNIdI.2KYOU encrypted
5 ?( _ w J+ }' v4 gnames
0 j* N/ e; {. t! }4 P* Z! @!5 _. k" J# R. q" Q8 B C
interface GigabitEthernet0/0
# S+ B. B5 m. q* A8 ~' M: `7 ^ nameif outside
7 _- h& [, V) g# s% J* P: m security-level 0
. A: s$ H6 N+ { ip address 221.0.113.20 255.255.255.240
6 c6 J, y/ I! l v; e: O0 \$ b0 W: F) D!
3 e% ?3 C5 d5 @& H& |% i9 u- Sinterface GigabitEthernet0/13 U6 A0 }. K3 C) v ?* N
nameif inside
2 K% y/ w$ q, D security-level 100% `( X2 w" H( k# z! A
ip address 192.168.1.1 255.255.255.0
3 T0 L" q7 @/ {; z( O!
6 \8 h. q( k2 jinterface GigabitEthernet0/2# V1 o1 Y( o! Q! |
shutdown
5 z/ ^( Q2 ^, `. Q7 a3 F3 l no nameif' ^( S0 }5 ^# a5 y" X% i% C1 M R
no security-level
% [* ]0 s" q9 |5 @1 v% \ no ip address5 y$ N r# a E# e
!5 |2 X1 h# O! }( V% j" d9 S' s4 b
' d7 ~. e8 g; q" G4 M1 h+ C : [5 ~: @7 B: l
interface GigabitEthernet0/3" O& v# g$ a' h! t) S/ h
nameif dmz$ @& r# \; {8 |2 W- b8 v
security-level 0
1 H$ ]* e" G' \0 c% G ip address 192.168.2.1 255.255.255.0 9 m% |" h; y, T4 Y- v, R
!7 Q; P1 w0 e: P) l% Q# l
interface Management0/0' T; n# ~! v" ?% p U
shutdown
. e: e% m& Y! X nameif management
2 s& \ }: \- S# n security-level 100: ]9 J$ E" V) H, j2 A G0 s+ p2 P& V
ip address 192.168.100.1 255.255.255.0
- J+ H: t, {9 } management-only4 Z" ]4 _; V2 y; {' O
!. ?. Y( ]/ Z" g
ftp mode passive# d& P8 w. X: m# e
access-list 102 extended permit ip any any * Q7 N2 n6 `4 @/ m; n6 G! H* S+ n
access-list outdmz extended permit tcp any any : |5 W8 P& Q2 c* L0 v
access-list outdmz extended permit ip any any
3 r. }9 J6 b% d
: d/ o6 m# o" d" z. k0 [pager lines 24% |1 k. v* b; p0 w& ^
logging asdm informational, w/ f: W8 b! S) A
mtu outside 1500
' z4 _1 c; Z4 B3 e4 _9 g( [mtu inside 1500: i4 V0 N+ g# J- ^5 T" n
mtu dmz 1500+ {* K5 ~9 C& n5 l X- p
mtu management 1500 j ~, b' ` d5 j
no failover% S- W" ^; o+ b
icmp unreachable rate-limit 1 burst-size 12 B x B$ K8 k# k% l
no asdm history enable
+ X9 u9 M5 A' i
, P* o. O4 u2 @. K& P: E' C
$ `: a; i% ~" [0 g. Q) warp timeout 14400 L% S3 q# t5 c: {: t" E1 F
nat-control
% b6 V( E# Y- e! a0 Oglobal (outside) 1 interface
8 x2 _$ m# `4 z1 M. {' m! x; Pglobal (dmz) 1 interface
$ S, I) l; y7 c2 {! @nat (inside) 1 192.168.1.0 255.255.255.0
# x7 o9 n9 @2 `7 |+ Wnat (dmz) 1 192.168.2.0 255.255.255.0
9 q) {* B& J9 C1 f7 ostatic (dmz,outside) tcp interface 5000 192.168.2.2 5000 netmask 255.255.255.255
& P! B% I" V# N1 t( \0 Sstatic (dmz,outside) tcp interface 4500 192.168.2.2 4500 netmask 255.255.255.255 * u- z; t' X; @- i& \2 Q
static (dmz,outside) tcp interface https 192.168.2.2 https netmask 255.255.255.255
5 x3 M3 Z4 j+ t% o( D- [static (dmz,outside) tcp interface 1455 192.168.2.4 1455 netmask 255.255.255.255
+ M1 R7 z! F* E6 m( J" {! Istatic (dmz,outside) tcp interface 1433 192.168.2.3 1433 netmask 255.255.255.255 # h6 S: l/ e; l! A* f
static (dmz,outside) tcp interface 8001 192.168.2.5 8001 netmask 255.255.255.255
: ^/ c. ~. w4 K3 H( c; J0 dstatic (dmz,outside) tcp interface 8000 192.168.2.5 8000 netmask 255.255.255.255 . r" x* \: k* A6 O- x
access-group outdmz in interface outside
, s2 ^" X. A( X+ K' m& Mroute outside 0.0.0.0 0.0.0.0 221.0.113.17 14 T0 w j, H/ c+ y/ J- N
timeout xlate 3:00:00* W/ M8 Q3 p% R% B/ v
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
9 B5 m4 l1 \: v8 v/ ]timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
5 X2 ?3 X+ r% J2 ~& e4 Utimeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
1 m: ^* M7 v. v! z4 ?timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute& [; z) j! L n& K& ]
timeout tcp-proxy-reassembly 0:01:00
' ~) W! F. j5 E2 }1 Ytimeout floating-conn 0:00:00. i3 D- O& m0 o$ }, v
dynamic-access-policy-record DfltAccessPolicy$ f" x X2 j6 y: T9 y/ k
http server enable
2 n5 m9 R+ f* s, j |. { Thttp 0.0.0.0 0.0.0.0 inside/ W% Q4 A5 b: C0 w0 K+ J4 \* `
http 0.0.0.0 0.0.0.0 dmz
" Y, c# Y! U% u: Zno snmp-server location) a% F6 \. o% W M0 t
no snmp-server contact0 a% P2 n, ~0 ?' W1 Y' P
snmp-server enable traps snmp authentication linkup linkdown coldstart
) x% s; H# V" zcrypto ipsec security-association lifetime seconds 28800
8 P$ ?0 r8 r& Q Q8 k: d1 pcrypto ipsec security-association lifetime kilobytes 4608000: n* `* M, p0 ^# ?$ }7 J- y; L
telnet timeout 5
# O7 H8 E1 X$ C/ A' Qssh timeout 5& u* `& p6 `+ V4 u
console timeout 0# t8 [0 h0 r' _, x; u6 B9 m6 \% S
dhcpd address 192.168.1.12-192.168.1.254 inside
5 l) R* Q( s- Z8 Fdhcpd dns 202.102.152.3 202.102.154.3 interface inside/ f: u- j7 t+ J: C6 `3 w9 c
dhcpd enable inside" @$ d4 b8 L6 h2 C
!
; s/ k- ], H& ^$ b7 z2 ?5 ~threat-detection basic-threat) d+ ]" E- F9 y$ h5 z. v6 G
threat-detection statistics access-list
; l3 `" e( n* Z& o- h, A$ Y. v) _! F8 uno threat-detection statistics tcp-intercept7 {. e2 T7 t. \
webvpn
+ z3 W- J6 h! u, C) }3 l& Y!
5 e4 z/ o b7 \5 L( z K! n) Lclass-map inspection_default k; q9 P; r e, j; h6 @
match default-inspection-traffic: X6 ~- _- ?; E2 H! e- k7 A
!) E- ?0 A) z/ I# Y7 \( b
!& j& r) z+ V; B8 D, Y/ B: v: L3 ^
policy-map type inspect dns preset_dns_map
$ G/ N( y$ s* u5 X) @) Z. v, Q parameters
4 z4 _1 c9 O! H4 z& J7 L% U7 A+ u2 {/ _: ?# i* r, A/ a7 @
6 o( \0 _# Y8 Y2 f
message-length maximum client auto, C: i b. e1 g" Q3 [( h' m
message-length maximum 512
h/ R& S; V; ~1 @3 ypolicy-map global_policy4 i [, I+ N/ S& A
class inspection_default
4 l) G/ x+ x: J, {" M' l inspect dns preset_dns_map
& c# y8 G E" K4 H5 _ inspect ftp 3 G4 F% S. b8 q( j5 [* h* O
inspect h323 h225 + G2 k0 r3 n7 k! N4 ?7 R6 K' @
inspect h323 ras ! b. S5 ~. ]) Q% t& P# P& e& H
inspect rsh
0 d5 l6 [4 t; |* ?/ w* Z inspect rtsp
- y7 g/ \, j- D9 Z( M0 C inspect esmtp % |7 x8 x( M4 c
inspect sqlnet
4 P% Y) s+ Z* m G$ H inspect skinny
% d9 a$ k! G0 G M inspect sunrpc
. t9 c& @; O Q inspect xdmcp
3 M$ H' Q3 U2 u4 v9 O inspect sip
. e/ i* @, ?9 _: P( Z inspect netbios ) z4 I! q: \. z8 M4 y7 s f" N3 z$ z4 c
inspect tftp % b% n: O5 e$ v" h; l0 O
inspect ip-options 5 {9 r2 E$ {# g2 {9 B+ N
!9 u k( e6 a* x& D% B$ B0 r f
service-policy global_policy global/ o* }9 F% _' R+ o$ i7 v
prompt hostname context
\# p% y& ^7 r3 X! D: _2 {4 l( ano call-home reporting anonymous
6 C. F2 L# J. q0 A0 }& [Cryptochecksum:e52e38192b87c938f3ac973b748bd896" y+ q' \8 x9 ^1 G7 Z _7 _
7 s1 `0 I5 ^/ h+ y# p, X; j
! u% R; x$ y @
: end6 m7 G1 f, R7 z8 _& u5 ~
. Y. ?4 s+ L" p$ `' b+ S) w# L. {- |ciscoasa(config)#
. i+ r2 v. [$ E
, W1 ^( p: _- C8 O什么都做好了 但是就是2.0段的DMZ 连接的终端不能上网 8 K8 r' [# N8 I, V8 N5 I
/ q2 v/ W. w# I5 i如何配置DMZ 2.0段的也通过一个公网IP上网 谢谢 救急!!!! |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
