cisco ASA 5505 配置实例

Five steps to configure SSH in Cisco ASA 5505版本
This is the steps.
1) username xxxx password xxxx
   username admin password cisco
 2) passwd xxxxx
   passwd cisco
 3) ssh x.x.x.x x.x.x.x {inside/outside}
   ssh 0.0.0.0 0.0.0.0 ouside
 4) crypto key generate rsa modulus {512/768/1024/2048}
   crypto key generate rsa modulus
 5) aaa authentication ssh console LOCAL
   aaa authentication ssh console LOCAL

 

cisco5505(config)# show run
: Saved
:
ASA Version 7.2(4)
!
hostname cisco5505
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd PwRXiZXvJx7d8M2t encrypted
names
!
interface Vlan1
 no nameif
 no security-level
 no ip address
!
interface Vlan2
 nameif ouside
 security-level 0
 ip address 125.65.95.59 255.255.255.192
!
interface Vlan3
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 3
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
same-security-traffic permit intra-interface ////内网用户可以通过外网IP或域名来访问内部服务器
access-list 101 extended permit tcp any host 125.65.95.59 eq www
access-list 101 extended permit tcp any host 125.65.95.59 eq ftp
access-list 101 extended permit tcp any host 125.65.95.59 eq 3389
pager lines 24
mtu ouside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (ouside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,ouside) tcp interface 3389 192.168.1.8 3389 netmask 255.255.255.255
static (inside,ouside) tcp interface ftp 192.168.1.8 ftp netmask 255.255.255.255
static (inside,ouside) tcp interface www 192.168.1.8 www netmask 255.255.255.255
static (inside,inside) 125.65.95.59 192.168.1.8 netmask 255.255.255.255  //内网用户可以通过外网IP或域名来访问内部服务器
access-group 101 in interface ouside
route ouside 0.0.0.0 0.0.0.0 125.65.95.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 ouside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 10
ssh 0.0.0.0 0.0.0.0 ouside
ssh timeout 10
console timeout 5

username hlzyly password eTKBZIe0PiPe/4JQ encrypted
username admin password YE2FV.4x2hjEDjup encrypted
username cisco password 3USUcOPFUiMCO4Jk encrypted
!
!
prompt hostname context
Cryptochecksum:9045c78625e072856c7d496b0d785b27
: end
cisco5505(config)#    

 

 

你可能感兴趣的:(其它)