ASA 5200防火墙配置

interface GigabitEthernet0/0

 nameif outside_40M

 security-level 0

 ip address x.x.x.x 255.255.255.252

!

interface GigabitEthernet0/1

 nameif outside_10M

 security-level 0

 ip address x.x.x.x 255.255.255.252

!

interface GigabitEthernet0/2

 description Conn-LAN

 nameif inside

 security-level 100

 ip address 192.168.10.254 255.255.255.0

 

route outside_40M 0.0.0.0 0.0.0.0 x.x.x.x 1

route outside_10M 0.0.0.0 0.0.0.0 y.y.y.y 2

route inside 192.168.2.0 255.255.255.0 192.168.10.1 1

route inside 192.168.3.0 255.255.255.0 192.168.10.1 1

route inside 192.168.4.0 255.255.255.0 192.168.10.1 1

route inside 192.168.5.0 255.255.255.0 192.168.10.1 1

route inside 192.168.6.0 255.255.255.0 192.168.10.1 1

route inside 192.168.7.0 255.255.255.0 192.168.10.1 1

route inside 192.168.8.0 255.255.255.0 192.168.10.1 1

route inside 192.168.9.0 255.255.255.0 192.168.10.1 1

route outside_10M 223.5.20.0 255.255.255.0 x.x.x.x 1

 

NAT：

static (inside,outside_40M) tcp x.x.x.x 3333 192.168.6.63 3389 netmask 255.255.255.255 

access-list Policy_Outside_40M extended permit tcp any host x.x.x.x eq 3333

增加×××用户：

LB-F1-FW-01# conf t

LB-F1-FW-01(config)# username bobo365 password XXXXXX

LB-F1-FW-01(config)# username bobo365 attributes

LB-F1-FW-01(config-username)# ***-group-policy ReMote×××

LB-F1-FW-01(config-username)# exit

LB-F1-FW-01(config)# exit

LB-F1-FW-01# wr

转载于:https://blog.51cto.com/bobo365/1892507