cisco asa 5505详细配置实例

 
外网地址10.132.1.41 255.255.0.0 网关10.132.255.254
内网地址192.168.0.0 255.255.255.0 网关192.168.0.1
服务器地址192.168.0.200
开通80、3389、icmp端口
 
 
wr er删除配置reload
 
Pre-configure Firewall now through interactive prompts [yes]?
Firewall Mode [Routed]:
 
Enable password [<use current password>]:cisco
Allow password recovery [yes]?
Clock (UTC):
  Year [2009]:
Month [Oct]:
Day [22]:
Time [21:38:57]: 14:28:33
Inside IP address: 192.168.0.1
Inside network mask: 255.255.255.0
Host name: asa5505
Domain name:ciscoasa
IP address of host running Device Manager:
Use this configuration and write to flash?y
 
进入全局模式
asa5505> en
Password: *****
asa5505# conf t
 
配置vlan2
asa5505(config)# int vlan 2
asa5505(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
asa5505(config-if)# ip address 10.132.1.41 255.255.0.0
asa5505(config-if)# no shut
asa5505(config-if)# quit
 
添加端口
asa5505(config)# int e 0/0
asa5505(config-if)# switchport access vlan 2
asa5505(config-if)# no shut
 
配置路由
asa5505(config)#route outside 0.0.0.0 0.0.0.0 10.132.255.254
 
配置全局NAT
asa5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0
asa5505(config)# global (outside) 1 interface
INFO: outside interface address added to PAT pool
 
配置ACL
asa5505(config)# access-list 101 extended permit icmp any any
asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 80
asa5505(config)# access-list 101 extended permit tcp any host 10.132.1.41 eq 3389
asa5505(config)# access-group 101 in interface outside
 
配置映射
asa5505(config)# static (inside,outside) tcp interface 80 192.168.0.200 80 netmask 255.255.255.255
asa5505(config)# static (inside,outside) tcp interface 3389 192.168.0.200 3389 netmask 255.255.255.255
 
wr保存OK