思科nat配置实例_Cisco ASA 5520(8.2.4)配置企业内网案例
思科防火墻ASA5520 外觀
網(wǎng)絡(luò)拓?fù)鋱D如下
內(nèi)網(wǎng) 網(wǎng)段 192.168.2.0/24
公網(wǎng)IP地址 118.25.235.100
公網(wǎng)IP地址網(wǎng)關(guān):118.25.235.1.1
防火墻內(nèi)網(wǎng)IP:192.168.2.1/24
配置步驟:
1、基本配置及配置內(nèi)外網(wǎng)接口
conf t
hostname ASAFW #設(shè)置主機(jī)名
enable secret pass123 #設(shè)置特權(quán)密碼
clock timezone GMT 8 #設(shè)置時(shí)區(qū)
dns domain-lookup inside
dns server-group DefaultDNS
name-server 114.114.114.114
name-server 223.5.5.5
name-server 223.6.6.6
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 118.25.235.100 255.255.255.0
#外網(wǎng)IP是118.25.235.100
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
#內(nèi)網(wǎng)網(wǎng)段是192.168.2.0/24
2、配置外網(wǎng)路由
#route outside 0.0.0.0 0.0.0.0 118.25.235.1 1
3、配置內(nèi)網(wǎng)NAT上網(wǎng)配置
nat-control
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0
4、配置DHCP服務(wù)器
dhcpd lease 14400
dhcpd address 192.168.2.2-192.168.2.254 inside
#設(shè)置DHCP的IP地址池
dhcpd dns 114.114.114.114 223.5.5.5 interface inside
dhcpd enable inside
5、配置端口映射
(因?yàn)槲彝饩W(wǎng)只有一個(gè)IP因此,設(shè)置的時(shí)候就是interface,一定要先 設(shè)置外網(wǎng)IP再來設(shè)置端口映射)
static (inside,outside) tcp interface 80 192.168.2.2 80 netmask 255.255.255.255
static (inside,outside) tcp interface 443 192.168.2.242 tcp netmask 255.255.255.255
如果存在多個(gè)外網(wǎng)IP,如何設(shè)置端口映射呢?
static (inside,outside) tcp 118.25.235.101 80 192.168.2.2 80 netmask 255.255.255.255
static (inside,outside) tcp 118.25.235.101 443 192.168.2.242 tcp netmask 255.255.255.255
直接將IP寫上,注意如果只有一個(gè)IP,只能寫interface
6、ACL及內(nèi)外網(wǎng)策略
access-list outside extended permit ip any any
access-list outside extended deny icmp any any
access-list inside extended permit icmp any any
access-list inside extended permit ip any any
access-group outside in interface outside
access-group inside in interface inside
7、配置ssh登錄
crypto key generate rsa modulus 1024
aaa authentication ssh console LOCAL
username user1 password xxxx //配置ssh用戶名密碼
ssh version 1
ssh 0.0.0.0 0.0.0.0 inside //配置SSH內(nèi)網(wǎng)可以登錄及訪問
#ssh 0.0.0.0 0.0.0.0 outside //配置SSH外網(wǎng)可登錄
8、設(shè)置ASA系統(tǒng)時(shí)間及SNMP
clock set 13:14:00 2 feb 2012
snmp-server host inside 192.168.2.2 community public version 2c
snmp-server enable traps
9、開啟ASDM圖形化管理
webvpn
username admin password admin
http server enable 或者h(yuǎn)ttp server enable 8080(端口號(hào))
http 0.0.0.0 0.0.0.0 inside
asdm image disk0:/asdm-722.bin
10、保存配置
copy running-config startup-config
11、備份配置及操作系統(tǒng)
show flash
--#-- --length-- -----date/time------ path
3 4096 Aug 16 2017 12:25:12 log
8 4096 Aug 16 2017 12:25:24 crypto_archive
9 4096 Aug 16 2017 12:25:26 coredumpinfo
10 43 Aug 16 2017 12:25:26 coredumpinfo/coredump.cfg
78 15261696 Aug 16 2017 12:36:40 asa824-k8.bin
79 24047892 Aug 16 2017 12:39:12 asdm-722.bin
copy asa824-k8.bin tftp://192.168.2.3
copy asdm-722.bin tftp://192.168.2.3
copy running-config tftp://192.168.2.3
總結(jié)
以上是生活随笔為你收集整理的思科nat配置实例_Cisco ASA 5520(8.2.4)配置企业内网案例的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: linux非权限安装bioperl,Bi
- 下一篇: c语言多个子函数声明,C函数在多个源文件