asa5510 学习备份 - 数据安全 - Chinaunix - Powered by Discuz! Archiver

论坛 › 数据安全 › asa5510 学习备份

gaolimin_lose 发表于 2011-12-23 02:08

asa5510 学习备份

<p style="margin:0in;font-family:SimSun;font-size:17.0pt"> </p>

<p style="margin:0in;font-family:SimSun;font-size:10.0pt;color:gray">2011年10月10日</p>

<p style="margin:0in;font-family:SimSun;font-size:10.0pt;color:gray">10:52</p>

<a href="http://blog.chinaunix.net/attachment/201110/10/20280615_1318219272J8Zl.jpg" target="_blank"><img src="http://blog.chinaunix.net/attachment/201110/10/20280615_1318219272J8Zl.jpg" .load="imgResize(this, 650);" border="0" ;=""></a>

<p style="margin:0in"> </p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Conf t</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Int eth0</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Nameif
outside</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Security-level
0</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Ip
address 202.100.10.1 255.255.255.0</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">No shut</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"> </p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Int eth1</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Nameif
inside</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Security-level
100</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Ip
address 192.168.1.1255.255.255.0</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">No shut</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"> </p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Int eth2</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Nameif
dmz</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Security-level
50</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Ip
address 172.16.1.1 255.255.255.0</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">No shut</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"> </p>

<p style="margin:0in;font-family:宋体;font-size:10.0pt">路由配置</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Route
outside 0.0.0.0 0.0.0.0 202.100.10.2 1</p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:Calibri" lang="en-US">Route inside 10.0.0.0 255.0.0.0 192.168.1.2 1(?web server</span><span style="font-family:宋体" lang="zh-CN">为什么接在这里？</span><span style="font-family:Calibri" lang="en-US">)</span></p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"> </p>

<p style="margin:0in;font-family:宋体;font-size:10.0pt">地址转换</p>

<p style="margin:0in;font-family:宋体;font-size:10.0pt"> </p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">静态</span><span style="font-family:Calibri" lang="en-US">NAT<span> 
</span></span><span style="font-family:宋体" lang="zh-CN">静态</span><span style="font-family:Calibri" lang="en-US">PAT</span><span style="font-family:宋体" lang="zh-CN">（可以看成静态</span><span style="font-family:Calibri" lang="en-US">NAT</span><span style="font-family:宋体" lang="zh-CN">的端口模式）</span></p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"><span> </span></p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Static
(inside, outside) 202.100.10.1 10.0.0.1 netmast 255.255.255.255</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Static(inside,outside)
tcp 202.100.10.1 www 10.0.0.1 www netmask 255.255.255.255</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Static(dmz,outside)tcp
202.100.10.1 pop3 172.16.1.2 pop3 netmask 255.255.255.255</p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">动态</span><span style="font-family:Calibri" lang="en-US">NAT<span> 
</span></span><span style="font-family:宋体" lang="zh-CN">动态</span><span style="font-family:Calibri" lang="en-US">PAT</span><span style="font-family:宋体" lang="zh-CN">（可以看成动态</span><span style="font-family:Calibri" lang="en-US">NAT</span><span style="font-family:宋体" lang="zh-CN">的端口模式）</span></p>

<p style="margin:0in;font-family:宋体;font-size:10.0pt"> </p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">动态</span><span style="font-family:Calibri" lang="en-US">NAT</span><span style="font-family:宋体" lang="zh-CN">先要配置全局地址池</span><span style="font-family:Calibri" lang="en-US"> </span></p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:Calibri" lang="en-US">eg</span><span style="font-family:宋体" lang="zh-CN">：</span><span style="font-family:Calibri" lang="en-US"> global(outside) 1
202.100.10.2-202.100.10.10 netmask 255.255.255.0</span></p>

<p style="margin:0in;margin-left:.375in;font-family:Calibri;font-size:10.0pt" lang="en-US">Nat(inside) 1 192.168.1.0 255.255.255.0</p>

<p style="margin:0in;margin-left:.375in;font-family:Calibri;font-size:10.0pt" lang="en-US">Global(dmz) 1 interface</p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">策略</span><span style="font-family:Calibri" lang="en-US">NAT</span><span style="font-family:宋体" lang="zh-CN">（</span><span style="font-family:Calibri" lang="en-US">PAT</span><span style="font-family:宋体" lang="zh-CN">）</span></p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">带</span><span style="font-family:Calibri" lang="en-US">ACL</span><span style="font-family:宋体" lang="zh-CN">的</span><span style="font-family:Calibri" lang="en-US">NAT</span></p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"> </p>

<p style="margin:0in;font-family:宋体;font-size:10.0pt">定义高安全接口区域需要进行抵制转换的范围</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Nat(inside)
1</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US"> </p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">定义</span><span style="font-family:Calibri" lang="en-US">ACL</span></p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-list
100 extended permit ip any any</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-list
100 extended icmp any any</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-list
101 extended permit tcp any host 10.1.1.1 eq www</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-list
102 extended permit tcp any host 172.16.1.2eq pop3</p>

<p style="margin:0in;font-size:10.0pt"><span style="font-family:宋体" lang="zh-CN">在端口上应用</span><span style="font-family:Calibri" lang="en-US">ACL</span></p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-group
100 in int outside</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-group
101in int inside</p>

<p style="margin:0in;font-family:Calibri;font-size:10.0pt" lang="en-US">Access-group
102interface dmz</p>

页: [1]

查看完整版本: asa5510 学习备份