asa5520常用配置(国外英文资料).doc
文本预览下载声明
asa5520常用配置(国外英文资料)
Asa5520 basic configuration 2011-05-10 13:22:49 | classification: the default category | : | is large and small subscriptions.
The general web organization understands asa5520
The outer net - - - asa5520 - is the Intranet and the DMZ respectively
The asa configuration is configured in global mode, much like the cisco route.
The first time the firewall has an initial configuration
There are key configuration passwords, time, internal IP, and management IP
Configure the host name, domain name, and password
Host name: ciscoasa5520 (config) # hostname 5520
Domain name: 5520 (config) # domain - name 123.com
Password: 5520 (config) # enable password asa5520 (privileged password)
5520 (config) # password cisco (Telnet password)
Configure the interface name and security level
# 5520 (config) int f0/1
5520 (config) # nameif inside (internal web, DMZ, outside)
5520 (config) # security - level 100 (security level 100, DMZ: 50, outside: 0)
5520 (config) # IP add (configure the IP address)
5520 # no shut (config)
# 5520 (config) exit
View the interface show interface ipbrief
The show interface / 0 f
3, configuring the routing
5520 (config) # route interface name target network segment mask the next jump
The default route to the Internet
5520 (config) # ou-outside ...0.1481
(config) # route inside .255.255 54
See route show route
Management (enabling Telnet or SSH)
5520 (config) # Telnet IP or web segment mask interface
Example: 5520 (config) # Telnet 0 inside (indicating only this IP address, Telnet asa)
5520 (config) # Telnet inside (for the IP segment Telnet asa)
Set Telnet timeout 5520 (config) # Telnet timeout 30 units
SSH for cryptographic transfer (RSA key pair)
# 5520 (config) cryto key generate rsa modulus. 1024
Connection 5520 (config) # SSH inside
5520 (config) # SSH 00 outside allows any IP connection to the outer network
Configure idle timeout SSH timeout 30
SSH version 2
5, remote access to ASDM (ciscos adaptive security manager)
The client
显示全部