cisco-asa-5505 基本配置 interface Vlan2 nameif outside ----------------------------------------对端口命名外端口 security-level 0 ----------------------------------------设置端口等级 ip address X.X.X.X 255.255.255.224 --------------------调试外网地址 ! interface Vlan3 nameif inside ---------------------------------------- 对端口命名内端口 security-level 100 ---------------------------------------- 调试外网地址 ip address 192.168.1.1 255.255.255.0 -------------------- 设置端口等级 ! interface Ethernet0/0 switchport access vlan 2 ---------------------------------------- 设置端口VLAN 与 VLAN2绑定 ! interface Ethernet0/1 switchport access vlan 3 ---------------------------------------- 设置端口VLAN 与 VLAN3绑定 ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive dns domain-lookup inside dns server-group DefaultDNS name-server 211.99.129.210 name-server 202.106.196.115 access-list 102 extended permit icmp any any ------------------ 设置ACL 列表(允许 ICMP 全部通过) access-list 102 extended permit ip any any ------------------设置ACL 列表(允许所有IP 全部通过) pager lines 24 mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface ----------------------------------------设置NAT 地址映射到外网口 nat (inside) 1 0.0.0.0 0.0.0.0 0 ---------------------------------NAT地址池(所有地址)0无最大会话数限制 access-group 102 in interface outside ------------------―――设置ACL 列表绑定到外端口 route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 ------------------设置到外网的默认路由 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0...
