Cisco ASA 5505 配置案例

 cisco asa 5505详细配置实例

 

外网地址10.132.1.41 255.255.0.0 网关10.132.255.254

内网地址192.168.0.0 255.255.255.0 网关192.168.0.1

服务器地址192.168.0.200

开通80、3389、icmp端口

 

 

wr er删除配置reload

 

Pre-configure Firewall now through interactive prompts [yes]?

Firewall Mode [Routed]:

 

Enable password [<use current password>]:cisco

Allow password recovery [yes]?

Clock (UTC):

  Year [2009]:

Month [Oct]:

Day [22]:

Time [21:38:57]: 14:28:33

Inside IP address: 192.168.0.1

Inside network mask: 255.255.255.0

Host name: asa5505

Domain name:ciscoasa

IP address of host running Device Manager:

Use this configuration and write to flash?y

 

进入全局模式

asa5505> en

Password: *****

asa5505# conf t

 

配置vlan2

asa5505(config)# int vlan 2

asa5505(config-if)# nameif outside

INFO: Security level for "outside" set to 0 by default.

asa5505(config-if)# ip address 10.132.1.41 255.255.0.0

asa5505(config-if)# no shut

asa5505(config-if)# quit

 

添加端口

asa5505(config)# int e 0/0

asa5505(config-if)# switchport access vlan 2

asa5505(config-if)# no shut

 

配置路由

asa5505(config)#route outside 0.0.0.0 0.0.0.0 10.132.255.254

 

配置全局NAT

asa5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

asa5505(config)# global (outside) 1 interface

INFO: outside interface address added to PAT pool

 

配置ACL

asa5505(config)# access-list 101 extended permit icmp any any

asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 80

asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 3389

asa5505(config)# access-group 101 in interface outside

 

配置映射

asa5505(config)# static (inside,outside) tcp interface 80 192.168.0.200 80 netmask 255.255.255.255

asa5505(config)# static (inside,outside) tcp interface 3389 192.168.0.200 3389 netmask 255.255.255.255

 

wr保存OK

本文出自 “家有啊准” 博客，谢绝转载！