Cisco ASA 5505 透明模式下完全配置-quanshengaa-ChinaUnix博客

qsh

首页　| 　博文目录　| 　关于我

quanshengaa

博客访问： 4006506
博文数量： 1015
博客积分： 15904
博客等级：上将
技术积分： 8572
用户组：普通用户
注册时间： 2008-07-04 19:16

文章分类

全部博文（1015）

中间件（1）
weblogic-java（7）
hacmp双机（8）
qos（1）
虚拟机（12）
健康（0）
防火墙（12）
数据中心（2）
主机（5）
网管监控（6）
职场（4）
交通（1）
解决问题（2）
cnd加速（0）
流媒体视频（3）
感悟（8）
解决方案（1）
策略路由与nat（17）
专线双出口ip-sla（21）
链路聚合（8）
DNS（4）
游戏-电影-体育（7）

视频软件（1）
开源（0）
ups（1）
VOIP（11）
云计算（1）
演讲（10）
SAN光交换机（21）
VPN（1）
技术共享（19）
Juniper（13）
Wireless（2）
抓包软件（17）
IBM（3）
HP（15）
AIX（67）
数据恢复（2）
存储（41）

vtl（6）
h3c（45）
网络管理和配置软（1）
锐捷（1）
linux unix（189）

性能分析（2）

系统制作和复制（5）
模拟器（12）
系统集成（50）

集群（2）

心跳线（4）

scsi raid（18）
人物传（6）
windows（27）
数据库（35）
英语（20）
工程文档（15）
网闸（2）
网络共享（14）
系统分析师（2）
负载均衡（28）
理财stock（24）
安全（1）
我的链接分类（2）

chinaunix（2）
nortel（0）
cisco（153）

带宽估算（6）
未分配的博文（34）

文章存档

2019年（1）

2017年（1）

2016年（19）

2015年（27）

2014年（30）

2013年（95）

2012年（199）

2011年（72）

2010年（109）

2009年（166）

2008年（296）

我的朋友

相关博文

Cisco ASA 5505 透明模式下完全配置

分类：网络与安全

2012-10-14 20:14:00

Cisco ASA 5505 透明模式下完全配置
文章来源：不详作者：佚名

--------------------------------------------------------------------------------

该文章讲述了Cisco ASA 5505 透明模式下完全配置.

ciscoasa# show run
: Saved
:
ASA Version 7.2(3)
!
firewall transparent
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
nameif inside
security-level 100
!
interface Vlan2
nameif outside
security-level 0
!
interface Ethernet0/0
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
switchport access vlan 2
!
interface Ethernet0/5
switchport access vlan 2
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list 111 extended permit tcp any any eq ftp-data
access-list 111 extended permit tcp any any eq ssh
access-list 111 extended permit tcp any any eq www
access-list 111 extended permit tcp any any eq 8080
access-list 111 extended permit tcp any any eq 6600
access-list 111 extended permit tcp any any eq 7877
access-list 111 extended permit tcp any any range 2020 2121
access-list 111 extended permit tcp any any range 6800 6900
access-list 111 extended permit tcp any any range 5200 5400
access-list 111 extended permit icmp any any
pager lines 24
mtu inside 1500
mtu outside 1500
ip address 192.168.100.100 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
access-group 111 in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:871ee08b54631ff021ad0c4a1a3db59d
: end
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# show ver
ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders
System image file is "disk0:/asa723-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 5 mins 34 secs

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001e.4a39.b59d, irq 11
1: Ext: Ethernet0/0 : address is 001e.4a39.b595, irq 255
2: Ext: Ethernet0/1 : address is 001e.4a39.b596, irq 255
3: Ext: Ethernet0/2 : address is 001e.4a39.b597, irq 255
4: Ext: Ethernet0/3 : address is 001e.4a39.b598, irq 255
5: Ext: Ethernet0/4 : address is 001e.4a39.b599, irq 255
6: Ext: Ethernet0/5 : address is 001e.4a39.b59a, irq 255
7: Ext: Ethernet0/6 : address is 001e.4a39.b59b, irq 255
8: Ext: Ethernet0/7 : address is 001e.4a39.b59c, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0

This platform has a Base license.

Serial Number: JMX1145Z03D
Running Activation Key: 0x33184371 0x3cfb93d2 0xbc80d584 0x8efca824 0xcb0aadac
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa#
ciscoasa#
ciscoasa#
ciscoasa# show in
ciscoasa# show interface
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001e.4a39.b59d, MTU 1500
IP address 1.1.1.1, subnet mask 255.255.255.255
Traffic Statistics for "inside":
48 packets input, 3275 bytes
68 packets output, 3206 bytes
3 packets dropped
1 minute input rate 0 pkts/sec, 5 bytes/sec
1 minute output rate 0 pkts/sec, 15 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 10 bytes/sec
5 minute output rate 0 pkts/sec, 9 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001e.4a39.b59e, MTU 1500
IP address 1.1.1.1, subnet mask 255.255.255.255
Traffic Statistics for "outside":
113 packets input, 6686 bytes
13 packets output, 855 bytes
60 packets dropped
1 minute input rate 0 pkts/sec, 26 bytes/sec
1 minute output rate 0 pkts/sec, 5 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 18 bytes/sec
5 minute output rate 0 pkts/sec, 2 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001e.4a39.b595, MTU not set
IP address unassigned
25 packets input, 2547 bytes, 0 no buffer
Received 4 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
112 packets output, 7756 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/1 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001e.4a39.b596, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/2 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001e.4a39.b597, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/3 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001e.4a39.b598, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001e.4a39.b599, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/5 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001e.4a39.b59a, MTU not set
IP address unassigned
113 packets input, 8726 bytes, 0 no buffer
Received 97 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
13 packets output, 1089 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001e.4a39.b59b, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/7 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001e.4a39.b59c, MTU not set
IP address unassigned
47 packets input, 3554 bytes, 0 no buffer
Received 30 broadcasts, 0 runts, 0 giants
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
12 packets output, 1458 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
ciscoasa#
ciscoasa#
ciscoasa#
开

启web管理
asdm image disk0:/asdm-523.bin
http server enable
http 192.168.100.0 255.255.255.0 inside
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15

配置透明模式的时候,一定要配置管理地址,不然是不会通的!
本文来自: 高校自动化网() 详细出处参考(转载请保留本链接)：

阅读(2651) | 评论(0) | 转发(0) |

上一篇：ASA 同端口级别如何互访

下一篇：今天和大家分享一本好书：深入Linux设备驱动程序内核机制

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6