搜索
CiscoASA防火墙配置手册基本配置过程----------ConanZhongjm拓扑图1、配置主机名hostnameasa55202、配置密码Enablepasswordasa5520Passwdcisco3、配置接口ConftInterfaceethernet0/0NameifoutsideSecurity-level0Ipaddress210.10.10.2255.255.255.0NoshutdownExitInterfaceethernet0/1NameifinsideSecurity-level100Ipaddress192.168.201.1255.255.255.0NoshutdownExitInterfaceethernet0/2NameifdmzSecurity-level50Ipaddress192.168.202.1255.255.255.0NoshutdownExit4、配置路由Routeoutside0.0.0.00.0.0.0210.10.10.1EndShowroute5、配置网络地址转换Nat-controalNat(inside)100Global(outside)1interfaceGlobal(dmz)1192.168.202.100-192.168.202.110/////////////////////////////////////////////////////////////////////配置完以上就可以实现基本的防火墙上网功能/////////////////////////////////////////////////////////////////////6、配置远程登录(1)telnet登录Confttelnet192.168.201.0255.255.255.0insidetelnettimeout15(2)ssh登录Cryptokeygeneratersamodulus1024Ssh192.168.201.0255.255.255.0insideSsh00outsideSshtimeout30Sshversion2(3)asdm登录httpserverenable8000http192.168.201.0255.255.255.0insidehttp00outsidehttp00insideasdmimagedisk0:/asdm-615.binusernameconanpassword123456789privilege157、配置端口映射(1)创建映射Static(dmz,outside)210.10.10.2192.168.202.2(2)因为防火墙默认把禁止外网访问DMZ区,所以要创建访问控制列表Access-listout_to_dmzpermittcpanyhost210.10.10.2eq80Access-groupout_to_dmzininterfaceoutside