asa5520防火墙透明模式的配置例子.doc

上传人:11****ws 文档编号:3009063 上传时间:2019-05-17 格式:DOC 页数:3 大小:26.50KB
下载 相关 举报
asa5520防火墙透明模式的配置例子.doc_第1页
第1页 / 共3页
asa5520防火墙透明模式的配置例子.doc_第2页
第2页 / 共3页
asa5520防火墙透明模式的配置例子.doc_第3页
第3页 / 共3页
亲,该文档总共3页,全部预览完了,如果喜欢就下载吧!
资源描述

1、asa5520 防火墙透明模式的配置例子 ciscoasa# sh run : Saved : ASA Version 7.2(3) ! firewall transparent hostname ciscoasa domain-name default.domain.invalid enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface GigabitEthernet0/0 nameif outside security-level 0 ! interface GigabitEthernet0/1 nameif inside

2、security-level 100 ! interface GigabitEthernet0/2 shutdown no nameif no security-level ! interface GigabitEthernet0/3 shutdown no nameif no security-level ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! passwd 2KFQnbNIdI.2KYOU enc

3、rypted ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid access-list acl_inside extended permit ip any any access-list acl_inside extended permit icmp any any access-list acl_outside extended permit tcp any any eq 3306 access-list acl_outside extended permit tcp any any

4、 eq www access-list acl_outside extended permit tcp any any eq 8080 access-list acl_outside extended permit tcp any any eq https access-list acl_outside extended permit tcp any any eq sqlnet access-list acl_outside extended permit tcp any any eq ftp access-list acl_outside extended permit tcp any an

5、y eq 1433 access-list acl_outside extended permit esp any any access-list acl_outside extended permit udp any any eq isakmp access-list acl_outside extended permit tcp any any eq pop3 access-list acl_outside extended permit tcp any any eq smtp access-list acl_outside extended permit icmp any any pag

6、er lines 24 mtu outside 1500 mtu inside 1500 mtu management 1500 ip address 172.16.177.208 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/ASDM-523.BIN no asdm history enable arp timeout 14400 access-group acl_outside in interface outside access-group acl_insid

7、e in interface inside timeout xlate 3:00:00 timeout conn 0:20:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute

8、http server enable http 192.168.1.0 255.255.255.0 management http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 console timeout 0 ! class-map inspection_default match default

9、-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny in

10、spect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect pptp ! service-policy global_policy global username cisco password 3USUcOPFUiMCO4Jk encrypted prompt hostname context Cryptochecksum:4682fd668f251c28d32a0cb82a3ac5f3 : end ciscoasa# 注意点:语句 ip address 172.16.177.208 255.255.255.0 是在 interface GigabitEthernet0/0 下配的,自己跑到外面来了,如果不配这个,好像 ping 不通。

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 重点行业资料库 > 医药卫生

Copyright © 2018-2021 Wenke99.com All rights reserved

工信部备案号浙ICP备20026746号-2  

公安局备案号:浙公网安备33038302330469号

本站为C2C交文档易平台,即用户上传的文档直接卖给下载用户,本站只是网络服务中间平台,所有原创文档下载所得归上传人所有,若您发现上传作品侵犯了您的权利,请立刻联系网站客服并提供证据,平台将在3个工作日内予以改正。