【每日必学】ASA 常用配置试验Software Version 7.2(3)
发布作者:微思网络 发布时间:2017-04-26 浏览量:0次
|
|
|
||||||||||
1.配置模式介绍 |
|
|||||||||||
|
|
|
例子:
ciscoasa> enable
Password: //默认 enable 密码为空 ciscoasa#configure terminal ciscoasa(config)# interface ethernet 0/0 ciscoasa(config-if)#
2.主机名配置
ciscoasa(config)# hostname ASA5510 配置主机名,默认为 ciscoasa ASA5510(config)# clock timezone GMT +8 配置时区
ASA5510(config)# clock set 20:10:10 dec 12 2008 配置时间,配置时间前要先配置时区
ASA5510(config)# show clock 查看时间
20:10:22.620 GMT Fri Dec 12 2008
ASA5510(config)#
3.泉州CCNA培训教你配置接口
配置 outsider 接口: ASA5510(config)# int e0/0
ASA5510(config-if)# nameif outside 命名接口
INFO: Security level for "outside" set to 0 by default. 接口名字 outside 自动和 security-level 0 关联
ASA5510(config-if)# ip address 202.100.1.10 255.255.255.0 配置接口 IP 地址
ASA5510(config-if)# no shutdown 启用接口
ASA5510(config-if)# end 退出到特权模式
ASA5510#
配置 insider 接口:
ASA5510(config)# int e0/1 ASA5510(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default. 接口名字 inside 自动和 security-level 100 关联
ASA5510(config-if)# ip address 192.168.1.10 255.255.255.0 ASA5510(config-if)# no shutdown
配置 dmz 接口:
ASA5510(config)# int e0/2 ASA5510(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ASA5510(config-if)# security-level 50 必须要手工更改 dmz 的安全级别
ASA5510(config-if)# ip address 10.1.1.10 255.255.255.0 ASA5510(config-if)# no shutdown ASA5510(config-if)# end
ASA5510#
4.保存配置 ,清空配置
1.Write (write=copy run star) 存盘
2.Write erase 清空startup-config
3. show run 查看所有配置 show run 后边跟上适当的你想看的配置
例:sh run nat | sh run glob | sh run interface Show version 查看版本 Show flash 查看flash,占用空间或是映像文件
4.Clear config 后边跟上适当的你想清除的配置例:clear config interface e0/0 清除接口配置参数
clear config nat | clear config glob 清除NAT配置 clear config route 清除静态路由配置 clear xlate 清除 NAT 转换项 clear local-host all 清除所有主机连接
5.Clear config all 清空所有的runn-config,并且不需要重启device (慎用)
6. reload 重启 ASA
5.实验拓扑和静态路由配置
1.配置 ASA ciscoasa(config)# host ASA ASA(config)# int e0/0 ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# ip add 202.100.1.10 255.255.255.0
ASA(config-if)# no sh
ASA(config-if)# exit
ASA(config)# int e0/1
ASA(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ASA(config-if)# ip add 192.168.1.10 255.255.255.0
ASA(config-if)# no sh
ASA(config-if)# exit
ASA(config)# int e0/2
ASA(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ASA(config-if)# security-level 50
ASA(config-if)# ip add 10.1.1.10 255.255.255.0
ASA(config-if)# no sh
ASA(config-if)# exit
ASA(config)#
2.配置 R1
Router(config)#host R1.OUT
R1.OUT(config)#int e0/0
R1.OUT(config-if)#ip add 202.100.1.1 255.255.255.0
R1.OUT(config-if)#no sh
R1.OUT(config-if)#exit
R1.OUT(config)#int loo0
R1.OUT(config-if)#ip add 1.1.1.1 255.255.255.0
R1.OUT(config-if)#no sh
3.配置 R2
Router(config)#host IN.R2
IN.R2(config)#int e0/0
IN.R2(config-if)#ip add 192.168.1.1 255.255.255.0
IN.R2(config-if)#no sh
IN.R2(config-if)#exit
IN.R2(config)#int loo0
IN.R2(config-if)#ip add 2.2.2.2 255.255.255.0
IN.R2(config-if)#no sh
IN.R2(config-if)#end
4.配置 R3
Router(config)#host DMZ.R3
DMZ.R3(config)#int e0/0
DMZ.R3(config-if)#ip add 10.1.1.1 255.255.255.0
DMZ.R3(config-if)#no sh
DMZ.R3(config-if)#exit
DMZ.R3(config)#int loo0 DMZ.R3(config-if)#ip add 3.3.3.3 255.255.255.0 DMZ.R3(config-if)#end
4.在 ASA 上配置静态路由,使得 ASA 可以 ping 通 1.1.1.1 , 2.2.2.2 , 3.3.3.3
路由配置格式:route + 出接口 + 路由的目的地 + 路由目的地掩码 + 下一跳地址
sho run route 查看路由配置
show route 查看路由表
ASA(config)# route outside 1.1.1.0 255.255.255.0 202.100.1.1
ASA(config)# route inside 2.2.2.0 255.255.255.0 192.168.1.1
ASA(config)# route dmz 3.3.3.0 255.255.255.0 10.1.1.1
ASA(config)# sho run route 查看路由配置 route outside 1.1.1.0 255.255.255.0 202.100.1.1 1 route inside 2.2.2.0 255.255.255.0 192.168.1.1 1 route dmz 3.3.3.0 255.255.255.0 10.1.1.1 1
ASA(config)# show route 查看路由表
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
S 1.1.1.0 255.255.255.0 [1/0] via 202.100.1.1, outside
S 2.2.2.0 255.255.255.0 [1/0] via 192.168.1.1, inside
S 3.3.3.0 255.255.255.0 [1/0] via 10.1.1.1, dmz
C 202.100.1.0 255.255.255.0 is directly connected, outside
C 10.1.1.0 255.255.255.0 is directly connected, dmz
C 192.168.1.0 255.255.255.0 is directly connected, inside ASA(config)#