拓扑如下:

ASA5520# show running-config
: Saved
:
ASA Version 8.0(2)
!
hostname ASA5520
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
no ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 10.0.0.1
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list out-to-in extended permit tcp any interface outside eq www
access-list out-to-in extended permit tcp any interface outside eq 3389
access-list out-to-in extended permit tcp any interface outside eq telnet
access-list out-to-in extended permit tcp any interface outside eq ftp
access-list out-to-in extended permit tcp any interface outside eq 3306
access-list out-to-in extended permit tcp any interface outside eq 2121
access-list out-to-in extended permit tcp any interface outside eq 3128
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) tcp interface www 192.168.1.2 www netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.1.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface telnet 192.168.1.1 telnet netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.1.1 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 3306 192.168.1.2 3306 netmask 255.255.255.255
static (inside,outside) tcp interface 2121 192.168.1.2 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 3128 192.168.1.2 3128 netmask 255.255.255.255
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 10
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
username cisco password 3USUcOPFUiMCO4Jk encrypted
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA基本配置的更多相关文章

  1. Cisco ASA 高级配置

    Cisco ASA 高级配置 一.防范IP分片攻击 1.Ip分片的原理: 2.Ip分片的安全问题: 3.防范Ip分片. 这三个问题在之前已经详细介绍过了,在此就不多介绍了.详细介绍请查看上一篇文章:I ...

  2. 思科ASA基本配置

    ------------恢复内容开始------------ ASA基本配置 ciscoasa#show running-config        //讲解已作的默认配置 ciscoasa#conf ...

  3. Cisco ASA 5505配置详解(v8.3之前版本)

    在配ASA 5505时用到的命令 2009-11-22 22:49 nat-control命令 在6.3的时候只要是穿越防火墙都需要创建转换项,比如:nat:static等等,没有转换项是不能穿越防火 ...

  4. ASA failover配置(A/S)

    环境描述 1. 两条公网出口,分别为移动,联通 2. 两台ASA做主备配置,实现出口故障转移 3. 内网两台核心做堆叠配置(由于模拟器无法实现堆叠,此处使用HSRP) 需求描述 1. 当一条公网链路故 ...

  5. ASA虚墙配置

    asa配置ASA Version 8.0(2) <system>!hostname ASA5520enable password 2KFQnbNIdI.2KYOU encryptedno ...

  6. 交换机 路由器 防火墙asa 安全访问、配置 方式

    这里交换机 路由器 暂时统称为  网络设备 我们一般管理网络设备采用的几种方法 一般来说,可以用5种方式来设置路由器: 1. Console口接终端或运行终端仿真软件的微机(第一次配置要使用此方式) ...

  7. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  8. ASA QOS限速

    cisco的Qos限速和H3C的有点区别,不过总体来说,H3C的比较渣,单位是不一样的,H3C 的CAR单位的是kpbs,而cisco police限速时的单位是Bits per seconds,H3 ...

  9. 思科ASA对象组NAT

    ACL对象组NAT配置 ciscoasa#conf t ciscoasa(config)#hostname ASA ASA(config)#domain-name asa.com ASA(config ...

随机推荐

  1. Ember.js - About

    Ember.js - About More Productive Out of the Box.   Write dramatically less code with Ember's Handleb ...

  2. Oracle 创建索引的基本规则总结

    1.  选择索引字段的原则: 在WHERE子句中最频繁使用的字段 联接语句中的联接字段 选择高选择性的字段(如果很少的字段拥有相同值,即有很多独特值,则选择性很好) Oracle在UNIQUE和主键字 ...

  3. Inverse Quadratic Interpolation (website)

    Inverse Quadratic Interpolation:  https://www.youtube.com/watch?v=0H7mVPTLF7Q : https://www.youtube. ...

  4. Ubuntu_文件夹名字转化成英文

    打开终端命令行输入: export LANG=en_US xdg-user-dirs-gtk-update 之后重启,就看到中文的文件夹变成英文的了 想要换回中文的输入: export LANG=zh ...

  5. 改变TPageControl的活动标签颜色

    设置PageControl的owndraw属性为TRUE. procedure TForm1.pgc1DrawTab(Control: TCustomTabControl; TabIndex: Int ...

  6. SpringMVC之Controller传递JSON数据到页面

    在Controller中,组装好JSON格式的数据,然后输入到页面,或者通过ajax请求在页面进行解析,都可以做到. 1.Controller /** * JSON DATA TO PAGE VEIW ...

  7. 四种方法解决DIV高度自适应问题

    本文和大家重点讨论一下解决DIV高度自适应的方法,这里主要从四个方面来向大家介绍,相信通过本文学习你对DIV高度自适应问题会有更加深刻的认识. DIV高度自适应 关于DIV高度的自适应,一直是个让人头 ...

  8. kgdb接收一个数据包详解

    0    kdb>kgdb  // 可进入kgdb 模式    if (dbg_kdb_mode) {             error = kdb_stub(ks);     } else ...

  9. OpenStack优先

    http://www.lagou.com/jobs/1623064.html http://www.lagou.com/jobs/1406144.html

  10. Delphi XE7 用indy开发微信公众平台所有功能(10篇博客)

    http://www.cnblogs.com/devinlee/p/4282498.html http://www.cnblogs.com/devinlee/p/4565933.html