asa配置
ASA Version 8.0(2) <system>
!
hostname ASA5520
enable password 2KFQnbNIdI.2KYOU encrypted
no mac-address auto
!
interface Ethernet0/0
!
interface Ethernet0/0.1
 vlan 100
!
interface Ethernet0/0.2
 vlan 200
!
interface Ethernet0/0.3
 vlan 300
!
interface Ethernet0/1
!
interface Ethernet0/1.1
 vlan 10
!
interface Ethernet0/1.2
 vlan 20      
!             
interface Ethernet0/1.3
 vlan 30      
!             
interface Ethernet0/2
!             
interface Ethernet0/3
!             
interface Ethernet0/4
 shutdown     
!             
interface Ethernet0/5
 shutdown     
!             
class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5
!             
              
ftp mode passive
pager lines 24
no failover   
no asdm history enable
arp timeout 14400
console timeout 0
              
admin-context admin
context admin
  config-url disk0:/admin.cfg
!             
              
context join  
  allocate-interface Ethernet0/0
  allocate-interface Ethernet0/1
  config-url disk0:/join.cfg
!             
              
context networking
  allocate-interface Ethernet0/2
  allocate-interface Ethernet0/3
  config-url disk0:/networking.cfg
!             
              
prompt hostname context
Cryptochecksum:9cc1a45cf59984c4f1379b68f95b098a
: end

asa/neworking配置

: Saved
:
ASA Version 8.0(2) <context>
!
hostname networking
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/2
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet0/3
 nameif inside
 security-level 100
 ip address 172.16.1.254 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list out-to-in extended permit tcp any host 10.0.0.110 eq ssh
access-list out-to-in extended permit tcp any host 10.0.0.110 eq www
access-list out-to-in extended permit tcp any host 10.0.0.110 eq ftp
access-list out-to-in extended permit tcp any host 10.0.0.110 eq 8080
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 172.16.1.0 255.255.255.0
static (inside,outside) tcp 10.0.0.110 ssh 172.16.1.1 ssh netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.110 www 172.16.1.1 www netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.110 ftp 172.16.1.1 ftp netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.110 8080 172.16.1.1 3128 netmask 255.255.255.255
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
no crypto isakmp nat-traversal
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
ssh version 2
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
username networking password qN3BipPT/OszXPm3 encrypted privilege 15
Cryptochecksum:430e91e467e74583910adccfabf80cec
: end

asa/join配置

ASA5520/join# sh running-config
: Saved
:
ASA Version 8.0(2) <context>
!
hostname join
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list out-to-in extended permit tcp any host 10.0.0.100 eq 3389
access-list out-to-in extended permit tcp any host 10.0.0.100 eq www
access-list out-to-in extended permit tcp any host 10.0.0.100 eq ftp
access-list out-to-in extended permit tcp any host 10.0.0.100 eq telnet
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) tcp 10.0.0.100 3389 192.168.1.1 3389 netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.100 www 192.168.1.1 www netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.100 ftp 192.168.1.1 ftp netmask 255.255.255.255
static (inside,outside) tcp 10.0.0.100 telnet 192.168.1.1 telnet netmask 255.255.255.255
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
no crypto isakmp nat-traversal
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
ssh version 2
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
username join password p8h1Qs/3blqj2KNa encrypted privilege 15
Cryptochecksum:3ece39ddf49bbe75af6c3688e1aebb4f
: end

ASA虚墙配置的更多相关文章

  1. OSPF虚链路配置.示例2

    先看一个拓扑图 黄色区域是area0,即骨干区域,如果如图示RT1与RT6之间的链路断了,那么会出现骨干区域被“分裂”的情况,很明显骨干区域是不能被分割开的,出现这种状况的时候可能会影响到整个自制系统 ...

  2. linux虚机配置开发/Server环境全集

    linux虚机配置开发/Server环境全集 9. centos 升级githttp://www.cnblogs.com/grimm/p/5368777.htmla. 下载git2.2.1并将git添 ...

  3. CISCO ASA 5505 经典配置案例

    nterface Vlan2 nameif outside  ----------------------------------------对端口命名外端口  security-level 0 -- ...

  4. Hyper-V 手动导入虚机配置实例(转载)

    原文转载:http://blog.51cto.com/bobzy/980241 Hyper-V提供了很方便的虚机导入和导出功能.平时假如我们想导出虚机,先选中虚机,然后鼠标右键在出现菜单列表中选中“导 ...

  5. ESXi5.5下的Centos7虚机配置静态IP

    使用的是osboxes.org上下载的已安装centos7 image, 在启动后, ifconfig不能看到网卡, 需要关机后在ESXi客户端编辑虚机, 删除网卡, 保存, 添加网卡, 网卡类型选择 ...

  6. OSPF虚链路配置.示例1

      在OSPF 网络中,区域0为骨干区域,其它的为非骨干区域,非骨干区域必须与骨干区域直接相连. 根据拓扑图可看到区域1与骨干区域0直接相连而区域2与骨干区域没有直接相连,这种情况下我们可以创建一条虚 ...

  7. ASA IPSEC VPN配置

    ASA-1配置 : Saved:ASA Version 8.0(2) !hostname ASA-1enable password 8Ry2YjIyt7RRXU24 encryptednames!in ...

  8. Azure Linux 虚机上配置 RAID 的常见问题及解决方案

    简介 独立硬盘冗余阵列(RAID, Redundant Array of Independent Disks),简称磁盘阵列.能增强数据集成度,增强容错功能,增加处理量或容量.详情参见这篇文章. 配置 ...

  9. OPCDA通信--工作在透明模式下的CISCO ASA 5506-X防火墙配置

    尊重原创,转发请声名 inside OPCSERVER 一台 outside OPCCLIENT 一台 route模式 配置没成功,放弃,采用透明模式 !----进入全局配置-- configure ...

随机推荐

  1. 【HTTP】Fiddler(二) - 使用Fiddler做抓包分析

    上文( http://blog.csdn.net/ohmygirl/article/details/17846199 )中已经介绍了Fiddler的原理和软件界面.本文主要针对Fiddler的抓包处理 ...

  2. Androidclient与服务端(jsp)之间json的传输与解析【附效果图附源代码】

    近期有个项目须要用到json的传输,之前不是太了解,在网上找了些相关资料,写了一个小小的demo,能够实现基本功能:androidclient发送json到服务端,服务端使用jsp接收,解析后以jso ...

  3. URAL 1018 (金典树形DP)

    连接:1018. Binary Apple Tree Time limit: 1.0 second Memory limit: 64 MB Let's imagine how apple tree l ...

  4. Android之一个简单计算器源代码

    通过Android4.0 网格布局GridLayout来实现一个简单的计算器界面布局   源码如下(欢迎大家指导 批评 ) package com.android.xiong.gridlayoutTe ...

  5. 基于visual Studio2013解决面试题之0704判断牌是否顺子

     题目

  6. MapReduce整体架构分析

    继前段时间分析Redis源代码一段时间之后.我即将開始接下来的一段技术学习的征程.研究的技术就是当前很火热的Hadoop,可是一个Hadoop生态圈是很庞大的.所以首先我的打算是挑选当中的一部分模块, ...

  7. jsp和serverlet的差别

    開始找工作面试的第一家公司,爱思创新 面试题: 1.jsp和serverlet的差别 简单来说: jsp:是包括java程序片的html文件servlet:是包括html的java文件 事实上说白了J ...

  8. gbs remotebuild使用说明

    本文件从:https://source.tizen.org/documentation/articles/gbs-remotebuild翻译而来. 1 远程构建 使用remotebuild子指令将本地 ...

  9. fzu 1911 C. Construct a Matrix

    C. Construct a Matrix Time Limit: 1000ms Case Time Limit: 1000ms Memory Limit: 32768KB Special Judge ...

  10. hdu 4712 Hamming Distance bfs

    我的做法,多次宽搜,因为后面的搜索扩展的节点会比较少,所以复杂度还是不需要太悲观的,然后加上一开始对答案的估计,用估计值来剪枝,就可以ac了. #include <iostream> #i ...