asa配置
ASA Version 8.0(2) <system>
!
hostname ASA5520
enable password 2KFQnbNIdI.2KYOU encrypted
no mac-address auto
!
interface Ethernet0/0
!
interface Ethernet0/0.1
 vlan 100
!
interface Ethernet0/0.2
 vlan 200
!
interface Ethernet0/0.3
 vlan 300
!
interface Ethernet0/1
!
interface Ethernet0/1.1
 vlan 10
!
interface Ethernet0/1.2
 vlan 20      
!             
interface Ethernet0/1.3
 vlan 30      
!             
interface Ethernet0/2
!             
interface Ethernet0/3
!             
interface Ethernet0/4
 shutdown     
!             
interface Ethernet0/5
 shutdown     
!             
class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5
!             
              
ftp mode passive
pager lines 24
no failover   
no asdm history enable
arp timeout 14400
console timeout 0
              
admin-context admin
context admin
  config-url disk0:/admin.cfg
!             
              
context join  
  allocate-interface Ethernet0/0
  allocate-interface Ethernet0/1
  config-url disk0:/join.cfg
!             
              
context networking
  allocate-interface Ethernet0/2
  allocate-interface Ethernet0/3
  config-url disk0:/networking.cfg
!             
              
prompt hostname context
Cryptochecksum:9cc1a45cf59984c4f1379b68f95b098a
: end

asa/neworking配置

: Saved
:
ASA Version 8.0(2) <context>
!
hostname networking
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/2
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet0/3
 nameif inside
 security-level 100
 ip address 172.16.1.254 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list out-to-in extended permit tcp any host 10.0.0.110 eq ssh
access-list out-to-in extended permit tcp any host 10.0.0.110 eq www
access-list out-to-in extended permit tcp any host 10.0.0.110 eq ftp
access-list out-to-in extended permit tcp any host 10.0.0.110 eq 8080
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 172.16.1.0 255.255.255.0
static (inside,outside) tcp 10.0.0.110 ssh 172.16.1.1 ssh netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.110 www 172.16.1.1 www netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.110 ftp 172.16.1.1 ftp netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.110 8080 172.16.1.1 3128 netmask 255.255.255.255
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
no crypto isakmp nat-traversal
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
ssh version 2
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
username networking password qN3BipPT/OszXPm3 encrypted privilege 15
Cryptochecksum:430e91e467e74583910adccfabf80cec
: end

asa/join配置

ASA5520/join# sh running-config
: Saved
:
ASA Version 8.0(2) <context>
!
hostname join
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list out-to-in extended permit tcp any host 10.0.0.100 eq 3389
access-list out-to-in extended permit tcp any host 10.0.0.100 eq www
access-list out-to-in extended permit tcp any host 10.0.0.100 eq ftp
access-list out-to-in extended permit tcp any host 10.0.0.100 eq telnet
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) tcp 10.0.0.100 3389 192.168.1.1 3389 netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.100 www 192.168.1.1 www netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.100 ftp 192.168.1.1 ftp netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.100 telnet 192.168.1.1 telnet netmask 255.255.255.255
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
no crypto isakmp nat-traversal
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
ssh version 2
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
username join password p8h1Qs/3blqj2KNa encrypted privilege 15
Cryptochecksum:3ece39ddf49bbe75af6c3688e1aebb4f
: end

ASA虚墙配置的更多相关文章

  1. OSPF虚链路配置.示例2

    先看一个拓扑图 黄色区域是area0,即骨干区域,如果如图示RT1与RT6之间的链路断了,那么会出现骨干区域被“分裂”的情况,很明显骨干区域是不能被分割开的,出现这种状况的时候可能会影响到整个自制系统 ...

  2. linux虚机配置开发/Server环境全集

    linux虚机配置开发/Server环境全集 9. centos 升级githttp://www.cnblogs.com/grimm/p/5368777.htmla. 下载git2.2.1并将git添 ...

  3. CISCO ASA 5505 经典配置案例

    nterface Vlan2 nameif outside  ----------------------------------------对端口命名外端口  security-level 0 -- ...

  4. Hyper-V 手动导入虚机配置实例(转载)

    原文转载:http://blog.51cto.com/bobzy/980241 Hyper-V提供了很方便的虚机导入和导出功能.平时假如我们想导出虚机,先选中虚机,然后鼠标右键在出现菜单列表中选中“导 ...

  5. ESXi5.5下的Centos7虚机配置静态IP

    使用的是osboxes.org上下载的已安装centos7 image, 在启动后, ifconfig不能看到网卡, 需要关机后在ESXi客户端编辑虚机, 删除网卡, 保存, 添加网卡, 网卡类型选择 ...

  6. OSPF虚链路配置.示例1

      在OSPF 网络中,区域0为骨干区域,其它的为非骨干区域,非骨干区域必须与骨干区域直接相连. 根据拓扑图可看到区域1与骨干区域0直接相连而区域2与骨干区域没有直接相连,这种情况下我们可以创建一条虚 ...

  7. ASA IPSEC VPN配置

    ASA-1配置 : Saved:ASA Version 8.0(2) !hostname ASA-1enable password 8Ry2YjIyt7RRXU24 encryptednames!in ...

  8. Azure Linux 虚机上配置 RAID 的常见问题及解决方案

    简介 独立硬盘冗余阵列(RAID, Redundant Array of Independent Disks),简称磁盘阵列.能增强数据集成度,增强容错功能,增加处理量或容量.详情参见这篇文章. 配置 ...

  9. OPCDA通信--工作在透明模式下的CISCO ASA 5506-X防火墙配置

    尊重原创,转发请声名 inside OPCSERVER 一台 outside OPCCLIENT 一台 route模式 配置没成功,放弃,采用透明模式 !----进入全局配置-- configure ...

随机推荐

  1. MySQL推出Applier,可实时复制数据到Hadoop

    MySQL复制操作可以将数据从一个MySQL服务器(主)复制到其他的一个或多个MySQL服务器(从).试想一下,如果从服务器不再局限为一个MySQL服务器,而是其他任何数据库服务器或平台,并且复制事件 ...

  2. 基于visual Studio2013解决面试题之1409基数排序

     题目

  3. 基于visual Studio2013解决面试题之1307二分查找

     题目

  4. 《Swift Programming Language 》——Swift中怎样使用继承(Inheritance)

    一个类能够继承(inherit)还有一个类的方法(methods),属性(property)和其他特性.当一个类继承其他类时,继承类叫子类(subclass),被继承类叫超类(或父类,supercla ...

  5. EasyUI - DataGrid 组建 - [ 样式功能 ]

    效果显示: 同上次博文效果. html代码: 同上次博文代码. js代码: align: 'center',//标题和内容居中 resizable: false,//不允许改变大小 //hidden: ...

  6. (摘录)MSMQ的简单介绍

    MSMQ(MicroSoft  Message  Queue,微软消息队列)是在多个不同的应用之间实现相互通信的一种异步传输模式,相互通信的应用可以分布于同一台机器上,也可以分布于相连的网络空间中的任 ...

  7. Qt 智能指针学习

    原地址:http://blog.csdn.net/dbzhang800/article/details/6403285 从内存泄露开始? 很简单的入门程序,应该比较熟悉吧 ^_^ #include & ...

  8. Swift - 给表格添加移动单元格功能(拖动行)

    1,下面的样例是给表格UITableView添加单元格移动功能: (1)给表格添加长按功能,长按后表格进入编辑状态  (2)在编辑状态下,可以看到单元格后面出现拖动按钮  (3)鼠标按住拖动按钮,可以 ...

  9. Android的StrictMode

    转自:http://blog.csdn.net/tonyfield/article/details/8238251 Android 2.3提供一个称为严苛模式(StrictMode)的调试特性,Goo ...

  10. RMAN 备份

    backup database; --备份整库 backup database format '\xxxxxx\xxx_%U'; --备份整库到指定路劲 backup tablespace users ...