Chinaunix首页 | 论坛 | 博客

qsh

  • 博客访问: 4036847
  • 博文数量: 1015
  • 博客积分: 15904
  • 博客等级: 上将
  • 技术积分: 8572
  • 用 户 组: 普通用户
  • 注册时间: 2008-07-04 19:16
文章分类

全部博文(1015)

文章存档

2019年(1)

2017年(1)

2016年(19)

2015年(27)

2014年(30)

2013年(95)

2012年(199)

2011年(72)

2010年(109)

2009年(166)

2008年(296)

分类: 网络与安全

2012-10-14 20:14:00

Cisco ASA 5505 透明模式下完全配置
文章来源:不详 作者:佚名
--------------------------------------------------------------------------------
该文章讲述了Cisco ASA 5505 透明模式下完全配置.
 
ciscoasa# show run
 : Saved
 :
 ASA Version 7.2(3)
!
 firewall transparent
 hostname ciscoasa
 domain-name default.domain.invalid
 enable password 8Ry2YjIyt7RRXU24 encrypted
 names
 !
 interface Vlan1
 nameif inside
 security-level 100
 !
 interface Vlan2
 nameif outside
 security-level 0
 !
 interface Ethernet0/0
 !
 interface Ethernet0/1
 !
 interface Ethernet0/2
 !
 interface Ethernet0/3
 !
interface Ethernet0/4
 switchport access vlan 2
 !
 interface Ethernet0/5
 switchport access vlan 2
 !
 interface Ethernet0/6
 !
 interface Ethernet0/7
 !
 passwd 2KFQnbNIdI.2KYOU encrypted
 ftp mode passive
 dns server-group DefaultDNS
 domain-name default.domain.invalid
 access-list 111 extended permit tcp any any eq ftp-data
access-list 111 extended permit tcp any any eq ssh
access-list 111 extended permit tcp any any eq www
access-list 111 extended permit tcp any any eq 8080
access-list 111 extended permit tcp any any eq 6600
access-list 111 extended permit tcp any any eq 7877
access-list 111 extended permit tcp any any range 2020 2121
access-list 111 extended permit tcp any any range 6800 6900
access-list 111 extended permit tcp any any range 5200 5400
access-list 111 extended permit icmp any any
pager lines 24
 mtu inside 1500
 mtu outside 1500
 ip address 192.168.100.100 255.255.255.0
 icmp unreachable rate-limit 1 burst-size 1
 asdm image disk0:/asdm-523.bin
 no asdm history enable
 arp timeout 14400
 access-group 111 in interface outside
 timeout xlate 3:00:00
 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
 timeout uauth 0:05:00 absolute
 http server enable
 http 0.0.0.0 0.0.0.0 inside
 no snmp-server location
 no snmp-server contact
 snmp-server enable traps snmp authentication linkup linkdown coldstart
 telnet 0.0.0.0 0.0.0.0 inside
 telnet timeout 5
 ssh timeout 5
 console timeout 0
 !
class-map inspection_default
 match default-inspection-traffic
 !
 !
 policy-map type inspect dns preset_dns_map
 parameters
 message-length maximum 512
 policy-map global_policy
 class inspection_default
 inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
 prompt hostname context
Cryptochecksum:871ee08b54631ff021ad0c4a1a3db59d
 : end
 ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# show ver
 ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
 
Compiled on Wed 15-Aug-07 16:08 by builders
 System image file is "disk0:/asa723-k8.bin"
 Config file at boot was "startup-config"
 
ciscoasa up 5 mins 34 secs
 
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
 Internal ATA Compact Flash, 128MB
 BIOS Flash M50FW080 @ 0xffe00000, 1024KB
 
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
 Boot microcode : CNlite-MC-Boot-Cisco-1.2
 SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
 0: Int: Internal-Data0/0 : address is 001e.4a39.b59d, irq 11
 1: Ext: Ethernet0/0 : address is 001e.4a39.b595, irq 255
 2: Ext: Ethernet0/1 : address is 001e.4a39.b596, irq 255
 3: Ext: Ethernet0/2 : address is 001e.4a39.b597, irq 255
 4: Ext: Ethernet0/3 : address is 001e.4a39.b598, irq 255
 5: Ext: Ethernet0/4 : address is 001e.4a39.b599, irq 255
 6: Ext: Ethernet0/5 : address is 001e.4a39.b59a, irq 255
 7: Ext: Ethernet0/6 : address is 001e.4a39.b59b, irq 255
 8: Ext: Ethernet0/7 : address is 001e.4a39.b59c, irq 255
 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
 10: Int: Not used : irq 255
 11: Int: Not used : irq 255
 
Licensed features for this platform:
 Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
 Inside Hosts : 10
Failover : Disabled
 VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
 
Serial Number: JMX1145Z03D
 Running Activation Key: 0x33184371 0x3cfb93d2 0xbc80d584 0x8efca824 0xcb0aadac
Configuration register is 0x1
 Configuration has not been modified since last system restart.
 ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# show in
 ciscoasa# show interface
 Interface Vlan1 "inside", is up, line protocol is up
 Hardware is EtherSVI
 MAC address 001e.4a39.b59d, MTU 1500
 IP address 1.1.1.1, subnet mask 255.255.255.255
 Traffic Statistics for "inside":
 48 packets input, 3275 bytes
 68 packets output, 3206 bytes
 3 packets dropped
 1 minute input rate 0 pkts/sec, 5 bytes/sec
 1 minute output rate 0 pkts/sec, 15 bytes/sec
 1 minute drop rate, 0 pkts/sec
 5 minute input rate 0 pkts/sec, 10 bytes/sec
 5 minute output rate 0 pkts/sec, 9 bytes/sec
 5 minute drop rate, 0 pkts/sec
 Interface Vlan2 "outside", is up, line protocol is up
 Hardware is EtherSVI
 MAC address 001e.4a39.b59e, MTU 1500
 IP address 1.1.1.1, subnet mask 255.255.255.255
 Traffic Statistics for "outside":
 113 packets input, 6686 bytes
 13 packets output, 855 bytes
 60 packets dropped
 1 minute input rate 0 pkts/sec, 26 bytes/sec
 1 minute output rate 0 pkts/sec, 5 bytes/sec
 1 minute drop rate, 0 pkts/sec
 5 minute input rate 0 pkts/sec, 18 bytes/sec
 5 minute output rate 0 pkts/sec, 2 bytes/sec
 5 minute drop rate, 0 pkts/sec
 Interface Ethernet0/0 "", is up, line protocol is up
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
 Available but not configured via nameif
 MAC address 001e.4a39.b595, MTU not set
 IP address unassigned
 25 packets input, 2547 bytes, 0 no buffer
 Received 4 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 112 packets output, 7756 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/1 "", is down, line protocol is down
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex, Auto-Speed
 Available but not configured via nameif
 MAC address 001e.4a39.b596, MTU not set
 IP address unassigned
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/2 "", is down, line protocol is down
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex, Auto-Speed
 Available but not configured via nameif
 MAC address 001e.4a39.b597, MTU not set
 IP address unassigned
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/3 "", is down, line protocol is down
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex, Auto-Speed
 Available but not configured via nameif
 MAC address 001e.4a39.b598, MTU not set
 IP address unassigned
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/4 "", is down, line protocol is down
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex, Auto-Speed
 Available but not configured via nameif
 MAC address 001e.4a39.b599, MTU not set
 IP address unassigned
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/5 "", is up, line protocol is up
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
 Available but not configured via nameif
 MAC address 001e.4a39.b59a, MTU not set
 IP address unassigned
 113 packets input, 8726 bytes, 0 no buffer
 Received 97 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 13 packets output, 1089 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/6 "", is down, line protocol is down
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex, Auto-Speed
 Available but not configured via nameif
 MAC address 001e.4a39.b59b, MTU not set
 IP address unassigned
 0 packets input, 0 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 0 packets output, 0 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 Interface Ethernet0/7 "", is down, line protocol is down
 Hardware is 88E6095, BW 100 Mbps
 Auto-Duplex, Auto-Speed
 Available but not configured via nameif
 MAC address 001e.4a39.b59c, MTU not set
 IP address unassigned
 47 packets input, 3554 bytes, 0 no buffer
 Received 30 broadcasts, 0 runts, 0 giants
 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 0 L2 decode drops
 0 switch ingress policy drops
 12 packets output, 1458 bytes, 0 underruns
 0 output errors, 0 collisions, 0 interface resets
 0 babbles, 0 late collisions, 0 deferred
 0 lost carrier, 0 no carrier
 0 rate limit drops
 0 switch egress policy drops
 ciscoasa#
ciscoasa#
ciscoasa#
 
 
启web管理
 asdm image disk0:/asdm-523.bin
 http server enable
 http 192.168.100.0 255.255.255.0 inside
 username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
 
配置透明模式的时候,一定要配置管理地址,不然是不会通的!
本文来自: 高校自动化网() 详细出处参考(转载请保留本链接):
阅读(2673) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~