ASA防火牆之一配置案例
實驗目標:
1.配置靜態路由,實現全網互通。
2.R1能telnet到R3,R4,R3被拒絕ACL規則telnet到R4,R4無法telnet到R1和R3.
ASA
en
conft
inte0/1
nameifinside
security-level100
ipadd10.1.1.10255.255.255.0
nosh
inte0/2
nameifdmz
security-level50
ipaddress192.168.1.10255.255.255.0
nosh
inte0/3
nameifoutside
security-level0
ipadd172.16.1.10255.255.255.0
nosh
exit
routeoutside172.16.2.0255.255.255.0172.16.1.2
access-listr3-r4denyiphost192.168.1.2host172.16.2.2
access-groupr3-r4ininterfacedmz
R1
en
conft
hostnamerouter1
intf1/1
nosw
ipaddress10.1.1.2255.255.255.0
nosh
exit
iprouting
iproute172.16.1.0255.255.255.010.1.1.10
iproute172.16.2.0255.255.255.010.1.1.10
iproute192.168.1.0255.255.255.010.1.1.10
linevty04
password123456
login
exit
R2
en
conft
hostnamerouter2
intf1/0
nosw
ipaddress172.16.1.2255.255.255.0
nosh
intf1/1
nosw
ipaddress172.16.2.1255.255.255.0
nosh
exit
iproute192.168.1.0255.255.255.0172.16.1.10
iproute10.1.1.0255.255.255.0172.16.1.10
end
R3
en
conft
hostnamerouter3
intf1/0
nosw
ipaddress192.168.1.2255.255.255.0
nosh
exit
iproute172.16.1.0255.255.255.0192.168.1.10
iproute172.16.2.0255.255.255.0192.168.1.10
iproute10.1.1.0255.255.255.0192.168.1.10
linevty04
password123456
login
exit
R4
en
conft
hostnamerouter4
intf1/1
nosw
ipaddress172.16.2.2255.255.255.0
nosh
exit
iproute192.168.1.0255.255.255.0172.16.2.1
iproute10.1.1.0255.255.255.0172.16.2.1
iproute172.16.1.0255.255.255.0172.16.2.1
linevty04
password123456
login
exit
R1telnet到R3
2.R1 telnet 到 R4
3.R4無法telnet到R1,R3。
4.R3因為ACL被拒絕telnet到R4
5.檢視ASA防火牆的路由表。
6.show conn detail。
轉載於:https://blog.51cto.com/dragon123/1564556