ASA基本配置
interface gigabitEthernet 0/0
nameif outside
security-level 0
ip address 172.16.1.1 255.255.255.252
no shutdown
二.設置外網路由
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1 track 1
route outside1 0.0.0.0 0.0.0.0 192.168.10.1 2 track 2
三.設置內網路由
route inside 192.168.0.0 255.255.255.0 172.16.1.6 1
四.設置DHCP和DNS服務器
dhcpd address 192.168.8.2-192.168.8.60 inside //DHCP地址池
dhcpd lease 864000 //設置租期時間,單位秒(10天)
dhcpd domain everrich.com //設置地址域
dhcpd enable inside //啟動DHCP,應用到inside口
dns name-server
五.設置ACL(外口)
access-list outside extended permit icmp any any
access-list outside extended permit ip any any
六.將ACL應用到接口
access-group outside in interface outside
七.設置端口映射
object network static-inside-address163
host 192.168.1.12
nat (inside,outside) static interface service tcp 8081 18081
八.設置PAT
object network inside-outside
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface
九.多線路PAT配置
object network inside-outside1
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface
object network inside-outside2
subnet 0.0.0.0 0.0.0.0
nat (inside,outside1) dynamic interface
十.配置SLA
1.配置檢測模塊(模塊編號123)
sla monitor 123
type echo protocol ipIcmpEcho 4.2.2.2 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
2.配置track關聯檢測模塊(track編號1)
track 1 rtr 123 reachability
3.應用track到路由上
route outside 0.0.0.0 0.0.0.0 203.0.113.2 1 track 1
十一.設置ASDM
http server enable
http 192.168.1.0 255.255.255.0 management
http 121.127.13.194 255.255.255.255 outside(允許某個IP可)
http 121.127.13.242 255.255.255.255 outside
十二.設置ssl
crypto key generate rsa modulus 1024 //指定rsa系數的大小,這個值越大,產生rsa的時間越長,cisco推薦使用1024
aaa authentication ssh console LOCAL
ssh IP mask outside
ssh IP mask inside
十三.設置telnet
aaa authentication telnet console LOCAL
telnet 0.0.0.0 0.0.0.0 inside
ASA基本配置