1、ASA5505透明模式下完全配置2008-08-01 13:04ciscoasa# show run: Saved:ASA Version 7.2(3) !firewall transparenthostname ciscoasadomain-name default.domain.invalidenable password 8Ry2YjIyt7RRXU24 encryptednames!interface Vlan1nameif insidesecurity-level 100!interface Vlan2nameif outsidesecurity-level 0!interface
2、Ethernet0/0!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3! interface Ethernet0/4switchport access vlan 2!interface Ethernet0/5switchport access vlan 2!interface Ethernet0/6!interface Ethernet0/7!passwd 2KFQnbNIdI.2KYOU encryptedftp mode passivedns server-group DefaultDNSdomain-na
3、me default.domain.invalidaccess-list 111 extended permit tcp any any eq ftp-data access-list 111 extended permit tcp any any eq ssh access-list 111 extended permit tcp any any eq www access-list 111 extended permit tcp any any eq 8080 access-list 111 extended permit tcp any any eq 6600 access-list 1
4、11 extended permit tcp any any eq 7877 access-list 111 extended permit tcp any any range 2020 2121 access-list 111 extended permit tcp any any range 6800 6900 access-list 111 extended permit tcp any any range 5200 5400 access-list 111 extended permit icmp any any pager lines 24mtu inside 1500mtu out
5、side 1500ip address 192.168.100.100 255.255.255.0icmp unreachable rate-limit 1 burst-size 1asdm image disk0:/asdm-523.binno asdm history enablearp timeout 14400access-group 111 in interface outsidetimeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:
6、10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout uauth 0:05:00 absolutehttp server enablehttp 0.0.0.0 0.0.0.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentica
7、tion linkup linkdown coldstarttelnet 0.0.0.0 0.0.0.0 insidetelnet timeout 5ssh timeout 5console timeout 0! class-map inspection_defaultmatch default-inspection-traffic!policy-map type inspect dns preset_dns_mapparametersmessage-length maximum 512policy-map global_policyclass inspection_defaultinspec
8、t dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy globalprompt hostname context Cryptochecksum:871ee08b54631ff02
9、1ad0c4a1a3db59d: endciscoasa# ciscoasa# ciscoasa# ciscoasa# ciscoasa# show verciscoasa# show version Cisco Adaptive Security Appliance Software Version 7.2(3) Device Manager Version 5.2(3)Compiled on Wed 15-Aug-07 16:08 by buildersSystem image file is “disk0:/asa723-k8.bin“Config file at boot was “s
10、tartup-config“ciscoasa up 5 mins 34 secsHardware: ASA5505, 256 MB RAM, CPU Geode 500 MHzInternal ATA Compact Flash, 128MBBIOS Flash M50FW080 0xffe00000, 1024KBEncryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)Boot microcode : CNlite-MC-Boot-Cisco-1.2SSL/IKE microcode: CN
11、lite-MC-IPSEC-Admin-3.03IPSec microcode : CNlite-MC-IPSECm-MAIN-2.040: Int: Internal-Data0/0 : address is 001e.4a39.b59d, irq 111: Ext: Ethernet0/0 : address is 001e.4a39.b595, irq 2552: Ext: Ethernet0/1 : address is 001e.4a39.b596, irq 2553: Ext: Ethernet0/2 : address is 001e.4a39.b597, irq 2554: E
12、xt: Ethernet0/3 : address is 001e.4a39.b598, irq 2555: Ext: Ethernet0/4 : address is 001e.4a39.b599, irq 2556: Ext: Ethernet0/5 : address is 001e.4a39.b59a, irq 2557: Ext: Ethernet0/6 : address is 001e.4a39.b59b, irq 2558: Ext: Ethernet0/7 : address is 001e.4a39.b59c, irq 2559: Int: Internal-Data0/1
13、 : address is 0000.0003.0002, irq 25510: Int: Not used : irq 25511: Int: Not used : irq 255Licensed features for this platform:Maximum Physical Interfaces : 8 VLANs : 3, DMZ RestrictedInside Hosts : 10 Failover : DisabledVPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 10 WebVPN Peers : 2 Dual I
14、SPs : Disabled VLAN Trunk Ports : 0 This platform has a Base license.Serial Number: JMX1145Z03DRunning Activation Key: 0x33184371 0x3cfb93d2 0xbc80d584 0x8efca824 0xcb0aadac Configuration register is 0x1Configuration has not been modified since last system restart.ciscoasa# ciscoasa# ciscoasa# cisco
15、asa# show inciscoasa# show interfaceInterface Vlan1 “inside“, is up, line protocol is upHardware is EtherSVIMAC address 001e.4a39.b59d, MTU 1500IP address 1.1.1.1, subnet mask 255.255.255.255Traffic Statistics for “inside“:48 packets input, 3275 bytes68 packets output, 3206 bytes3 packets dropped1 m
16、inute input rate 0 pkts/sec, 5 bytes/sec1 minute output rate 0 pkts/sec, 15 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 10 bytes/sec5 minute output rate 0 pkts/sec, 9 bytes/sec5 minute drop rate, 0 pkts/secInterface Vlan2 “outside“, is up, line protocol is upHardware is Et
17、herSVIMAC address 001e.4a39.b59e, MTU 1500IP address 1.1.1.1, subnet mask 255.255.255.255Traffic Statistics for “outside“:113 packets input, 6686 bytes13 packets output, 855 bytes60 packets dropped1 minute input rate 0 pkts/sec, 26 bytes/sec1 minute output rate 0 pkts/sec, 5 bytes/sec1 minute drop r
18、ate, 0 pkts/sec5 minute input rate 0 pkts/sec, 18 bytes/sec5 minute output rate 0 pkts/sec, 2 bytes/sec5 minute drop rate, 0 pkts/secInterface Ethernet0/0 “, is up, line protocol is upHardware is 88E6095, BW 100 MbpsAuto-Duplex(Full-duplex), Auto-Speed(100 Mbps)Available but not configured via namei
19、fMAC address 001e.4a39.b595, MTU not setIP address unassigned25 packets input, 2547 bytes, 0 no bufferReceived 4 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops112 packets output, 7756 bytes, 0 underruns0 output
20、 errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/1 “, is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via na
21、meifMAC address 001e.4a39.b596, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output error
22、s, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/2 “, is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMA
23、C address 001e.4a39.b597, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 c
24、ollisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/3 “, is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC addr
25、ess 001e.4a39.b598, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisi
26、ons, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/4 “, is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 00
27、1e.4a39.b599, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0
28、 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/5 “, is up, line protocol is upHardware is 88E6095, BW 100 MbpsAuto-Duplex(Full-duplex), Auto-Speed(100 Mbps)Available but not configured via nameifM
29、AC address 001e.4a39.b59a, MTU not setIP address unassigned113 packets input, 8726 bytes, 0 no bufferReceived 97 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops13 packets output, 1089 bytes, 0 underruns0 output
30、errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/6 “, is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nam
31、eifMAC address 001e.4a39.b59b, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors
32、, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/7 “, is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC
33、 address 001e.4a39.b59c, MTU not setIP address unassigned47 packets input, 3554 bytes, 0 no bufferReceived 30 broadcasts, 0 runts, 0 giants1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops12 packets output, 1458 bytes, 0 underruns0 output err
34、ors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsciscoasa# ciscoasa# ciscoasa# 开启 web管理asdm image disk0:/asdm-523.binhttp server enablehttp 192.168.100.0 255.255.255.0 insideusername cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15配置透明模式的时候,一定要配置管理地址,不然是不会通的!清空配置wr erase