没有合适的资源?快使用搜索试试~ 我知道了~
思科防火墙asa5520配置
5星 · 超过95%的资源 需积分: 46 28 下载量 71 浏览量
2011-03-02
14:50:47
上传
评论 1
收藏 93KB DOC 举报
温馨提示
试读
19页
思科防火墙的详细配置资料,根据公司的需要为客户配置思科防火墙asa5520.
资源推荐
资源详情
资源评论
show run
: Saved
:
ASA Version 7.2(4)
!
hostname JLWEC-ASA5520
domain-name default.domain.invalid
enable password o0qbxm4Ac33CWgpq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 172.16.15.1 255.255.255.252
!
interface GigabitEthernet0/1
nameif outside-cnc
security-level 1
ip address 221.12.150.76 255.255.255.248
!
interface GigabitEthernet0/2
shutdown
no nameif
security-level 0
<--- More --->
no ip address
!
interface GigabitEthernet0/3
nameif outside-ctc
security-level 0
ip address 61.153.65.85 255.255.255.248
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa724-k8.bin
ftp mode passive
clock timezone PST 8
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside extended permit icmp any any
access-list outside extended permit tcp any host 221.12.150.77 eq telnet
access-list outside extended permit udp any host 221.12.150.77 eq snmp
access-list outside extended permit udp any host 221.12.150.77 eq snmptrap
access-list outside extended permit tcp any host 221.12.150.77 eq www
access-list vpn_acl extended permit ip 10.120.0.0 255.255.0.0 10.100.100.0 255.255.255.0
<--- More --->
access-list vpn_acl extended permit ip 10.10.200.0 255.255.255.0 10.100.100.0 255.255.255.
0
access-list vpn_acl extended permit ip 172.16.15.0 255.255.255.0 10.100.100.0 255.255.255.
0
access-list nonat extended permit ip 10.120.0.0 255.255.0.0 10.100.100.0 255.255.255.0
access-list nonat extended permit ip 10.10.200.0 255.255.255.0 10.100.100.0 255.255.255.0
access-list nonat extended permit ip 172.16.15.0 255.255.255.0 10.100.100.0 255.255.255.0
access-list nonat extended permit ip 10.100.100.0 255.255.255.0 10.100.100.0 255.255.255.
0
access-list outside_ctc extended permit tcp any host 61.153.65.86 eq www
pager lines 24
logging enable
logging timestamp
logging buffer-size 40960
logging buffered alerts
logging asdm critical
mtu inside 1500
mtu outside-cnc 1500
mtu outside-ctc 1500
mtu management 1500
ip local pool vpnpool 10.100.100.1-10.100.100.254 mask 255.255.255.0
ip verify reverse-path interface inside
ip verify reverse-path interface outside-cnc
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm506.bin
no asdm history enable
<--- More --->
arp timeout 14400
global (outside-cnc) 1 interface
global (outside-ctc) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside-cnc) tcp 221.12.150.77 telnet 10.10.200.1 telnet netmask 255.255.255.2
55
static (inside,outside-cnc) tcp 221.12.150.77 www 10.120.95.15 www netmask 255.255.255.25
5
static (inside,outside-cnc) udp 221.12.150.77 snmp 10.10.200.1 snmp netmask 255.255.255.2
55
static (inside,outside-cnc) udp 221.12.150.77 snmptrap 10.10.200.1 snmptrap netmask 255.25
5.255.255
access-group outside in interface outside-cnc
route inside 10.10.200.0 255.255.255.0 172.16.15.2 1
route inside 10.120.0.0 255.255.0.0 172.16.15.2 1
route inside 172.16.17.0 255.255.255.252 172.16.15.2 2
route inside 192.168.0.0 255.255.0.0 172.16.15.2 1
route outside-cnc 58.16.0.0 255.255.0.0 221.12.150.73 1
route outside-cnc 58.17.160.0 255.255.252.0 221.12.150.73 1
剩余18页未读,继续阅读
资源评论
- 瞬亡2012-09-11文档很不错,学了不少东西
- cmxcaoying5212012-09-06文章很不错,用处比较大,很感谢分享
ciscoh3clxp
- 粉丝: 0
- 资源: 3
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功