• ASA虚墙配置


    asa配置
    ASA Version 8.0(2) <system>
    !
    hostname ASA5520
    enable password 2KFQnbNIdI.2KYOU encrypted
    no mac-address auto
    !
    interface Ethernet0/0
    !
    interface Ethernet0/0.1
     vlan 100
    !
    interface Ethernet0/0.2
     vlan 200
    !
    interface Ethernet0/0.3
     vlan 300
    !
    interface Ethernet0/1
    !
    interface Ethernet0/1.1
     vlan 10
    !
    interface Ethernet0/1.2
     vlan 20      
    !             
    interface Ethernet0/1.3
     vlan 30      
    !             
    interface Ethernet0/2
    !             
    interface Ethernet0/3
    !             
    interface Ethernet0/4
     shutdown     
    !             
    interface Ethernet0/5
     shutdown     
    !             
    class default
      limit-resource All 0
      limit-resource ASDM 5
      limit-resource SSH 5
      limit-resource Telnet 5
    !             
                  
    ftp mode passive
    pager lines 24
    no failover   
    no asdm history enable
    arp timeout 14400
    console timeout 0
                  
    admin-context admin
    context admin
      config-url disk0:/admin.cfg
    !             
                  
    context join  
      allocate-interface Ethernet0/0
      allocate-interface Ethernet0/1
      config-url disk0:/join.cfg
    !             
                  
    context networking
      allocate-interface Ethernet0/2
      allocate-interface Ethernet0/3
      config-url disk0:/networking.cfg
    !             
                  
    prompt hostname context
    Cryptochecksum:9cc1a45cf59984c4f1379b68f95b098a
    : end  

    asa/neworking配置

    : Saved
    :
    ASA Version 8.0(2) <context>
    !
    hostname networking
    enable password 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Ethernet0/2
     nameif outside
     security-level 0
     ip address dhcp
    !
    interface Ethernet0/3
     nameif inside
     security-level 100
     ip address 172.16.1.254 255.255.255.0
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    access-list out-to-in extended permit icmp any any echo
    access-list out-to-in extended permit icmp any any echo-reply
    access-list out-to-in extended permit tcp any host 10.0.0.110 eq ssh
    access-list out-to-in extended permit tcp any host 10.0.0.110 eq www
    access-list out-to-in extended permit tcp any host 10.0.0.110 eq ftp
    access-list out-to-in extended permit tcp any host 10.0.0.110 eq 8080
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 172.16.1.0 255.255.255.0
    static (inside,outside) tcp 10.0.0.110 ssh 172.16.1.1 ssh netmask 255.255.255.255
    static (inside,outside) tcp 10.0.0.110 www 172.16.1.1 www netmask 255.255.255.255
    static (inside,outside) tcp 10.0.0.110 ftp 172.16.1.1 ftp netmask 255.255.255.255
    static (inside,outside) tcp 10.0.0.110 8080 172.16.1.1 3128 netmask 255.255.255.255
    access-group out-to-in in interface outside
    route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    aaa authentication ssh console LOCAL
    no snmp-server location
    no snmp-server contact
    no crypto isakmp nat-traversal
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 30
    ssh version 2
    !             
    class-map inspection_default
     match default-inspection-traffic
    !             
    !             
    policy-map type inspect dns preset_dns_map
     parameters   
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny  
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip  
      inspect xdmcp
    !             
    service-policy global_policy global
    username networking password qN3BipPT/OszXPm3 encrypted privilege 15
    Cryptochecksum:430e91e467e74583910adccfabf80cec
    : end   

    asa/join配置

    ASA5520/join# sh running-config
    : Saved
    :
    ASA Version 8.0(2) <context>
    !
    hostname join
    enable password 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Ethernet0/0
     nameif outside
     security-level 0
     ip address dhcp
    !
    interface Ethernet0/1
     nameif inside
     security-level 100
     ip address 192.168.1.254 255.255.255.0
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    access-list out-to-in extended permit icmp any any echo
    access-list out-to-in extended permit icmp any any echo-reply
    access-list out-to-in extended permit tcp any host 10.0.0.100 eq 3389
    access-list out-to-in extended permit tcp any host 10.0.0.100 eq www
    access-list out-to-in extended permit tcp any host 10.0.0.100 eq ftp
    access-list out-to-in extended permit tcp any host 10.0.0.100 eq telnet
    pager lines 24
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 192.168.1.0 255.255.255.0
    static (inside,outside) tcp 10.0.0.100 3389 192.168.1.1 3389 netmask 255.255.255.255
    static (inside,outside) tcp 10.0.0.100 www 192.168.1.1 www netmask 255.255.255.255
    static (inside,outside) tcp 10.0.0.100 ftp 192.168.1.1 ftp netmask 255.255.255.255
    static (inside,outside) tcp 10.0.0.100 telnet 192.168.1.1 telnet netmask 255.255.255.255
    access-group out-to-in in interface outside
    route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    aaa authentication ssh console LOCAL
    no snmp-server location
    no snmp-server contact
    no crypto isakmp nat-traversal
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 30
    ssh version 2
    !             
    class-map inspection_default
     match default-inspection-traffic
    !             
    !             
    policy-map type inspect dns preset_dns_map
     parameters   
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny  
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip  
      inspect xdmcp
    !             
    service-policy global_policy global
    username join password p8h1Qs/3blqj2KNa encrypted privilege 15
    Cryptochecksum:3ece39ddf49bbe75af6c3688e1aebb4f
    : end         

  • 相关阅读:
    学习工具
    Qt 之 QApplication
    Qt中常用的类
    关于在Qt里让程序休眠一段时间的方法总结
    Qt setWindow setViewPort
    ajax回调数据 Structs has detected an unhandled exception 问题
    Struts2配置拦截器自定义栈时抛异常:Unable to load configuration.
    es6之map解构数组去重
    ES6之对象的方法
    ES6之genorator和yield使用(迭代器)
  • 原文地址:https://www.cnblogs.com/networking/p/4478125.html
Copyright © 2020-2023  润新知