思科ASA5505如何配置才能访问?

发布网友发布时间：2022-04-28 20:46

共1个回答

热心网友时间：2022-06-23 03:35

interface Vlan2
nameif outside --------------------对端口命名外端口
security-level 0 --------------------设置端口等级
ip address X.X.X.X 255.255.255.224 --------------------调试*地址
!
interface Vlan3
nameif inside --------------------对端口命名内端口
security-level 100 --------------------调试*地址
ip address 192.168.1.1 255.255.255.0 --------------------设置端口等级
!
interface Ethernet0/0
switchport access vlan 2 --------------------设置端口VLAN与VLAN2绑定
!
interface Ethernet0/1
switchport access vlan 3 --------------------设置端口VLAN与VLAN3绑定
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 211.99.129.210
name-server 202.106.196.115
access-list 102 extended permit icmp any any ------------------设置ACL列表（允许ICMP全部通过）
access-list 102 extended permit ip any any ------------------设置ACL列表（允许所有IP全部通过）
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface ------------------设置NAT地址映射到*口
nat (inside) 1 0.0.0.0 0.0.0.0 ------------------NAT地址池（所有地址）
access-group 102 in interface outside ------------------设置ACL列表绑定到外端口
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 ------------------设置到*的默认路由
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside ------------------设置TELNET所有地址进入
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside ------------------设置SSH所有地址进入
ssh timeout 30
ssh version 2
console timeout 0
!
dhcpd address 192.168.1.100-192.168.1.199 inside ------------------设置DHCP服务器地址池
dhcpd dns 211.99.129.210 202.106.196.115 interface inside ------------------设置DNS服务器到内网端口
dhcpd enable inside ------------------设置DHCP应用到内网端口