国产激情久久久久影院小草_国产91高跟丝袜_99精品视频99_三级真人片在线观看

思科ASA防火墻基本配置

時(shí)間:2024-08-18 22:14:11 網(wǎng)絡(luò)技術(shù) 我要投稿
  • 相關(guān)推薦

思科ASA防火墻基本配置

  Fire Wall 防火墻,它是一種位于內(nèi)部網(wǎng)絡(luò)與外部網(wǎng)絡(luò)之間的網(wǎng)絡(luò)安全系統(tǒng),當(dāng)然,防火墻也分軟件防火墻與硬件防火墻。

  硬件防火墻又分為:基于PC架構(gòu)與基于ASIC芯片

  今天來聊一聊思科的硬件防火墻 Cisco ASA

  Cisco ASA 防火墻產(chǎn)品線挺多:Cisco ASA5505 Cisco ASA5510 Cisco ASA5520 Cisco ASA5540 Cisco ASA5550 等等

  ASA 的基本配置步驟如下:

  配置主機(jī)名、域名

  hostname [hostname]

  domain-name xx.xx

  hostname Cisco-ASA 5520

  domain-name ciscosas.com.cn

  配置登陸用戶名密碼

  password [password]

  enable password [password]

  配置接口、路由

  interface interface_name

  nameif [name]

  name 有三種接口類型 insdie outside dmz

  security-level xx(數(shù)值)

  數(shù)值越大接口安全級(jí)別越高

  注:默認(rèn)inside 100 ,outside 0 ,dmz 介于二者之間

  靜態(tài)路由

  route interface_number network mask next-hop-address

  route outside 0.0.0.0 0.0.0.0 210.210.210.1

  配置遠(yuǎn)程管理接入

  Telnet

  telnet {network | ip-address } mask interface_name

  telnet 192.168.1.0 255.255.255.0 inside

  telnet 210.210.210.0 255.255.255.0 outside

  SSH

  crypto key generate rsa modulus {1024| 2048 }

  指定rsa系數(shù),思科推薦1024

  ssh timeout minutes

  ssh version version_number

  crypto key generate rsa modulus 1024

  ssh timeout 30

  ssh version 2

  配置 ASDM(自適應(yīng)安全設(shè)備管理器)接入

  http server enbale port 啟用功能

  http {networdk | ip_address } mask interface_name

  asdm image disk0:/asdm_file_name 指定文件位置

  username user password password privilege 15

  NAT

  nat-control

  nat interface_name nat_id local_ip mask

  global interface_name nat_id {global-ip [global-ip] |interface}

  nat-control

  nat inside 1 192.168.1.0 255.255.255.0

  global outside 1 interface

  global dmz 1 192.168.202.100-192.168.202.150

  ACL

  access-list list-name standad permit | deny ip mask

  access-list list-name extendad permit | deny protocol source-ip mask destnation-ip mask port

  access-group list-name in | out interface interface_name

  如果內(nèi)網(wǎng)服務(wù)器需要以布到公網(wǎng)上

  staic real-interface mapped-interface mapped-ip real-ip

  staic (dmz,outside) 210.210.202.100 192.168.202.1

  保存配置

  wirte memory

  清除配置

  clear configure (all)

【思科ASA防火墻基本配置】相關(guān)文章:

思科交換機(jī)的基本配置09-10

思科交換機(jī)基本配置命令大全06-10

關(guān)于思科路由器的基本配置命令大全10-27

2016思科交換機(jī)和路由器的基本配置01-21

思科配置命令詳細(xì)介紹01-23

思科交換機(jī)配置vlan09-02

思科路由器的安全配置06-03

思科路由器配置基礎(chǔ)08-13

思科交換機(jī)STP配置08-30

cisco思科交換機(jī)配置篇08-01