ASA防火墙怎么样配置
相关话题
想要配置好一个防火墙,就要有好的方法,那么ASA防火墙要怎么样配置呢?下面由小编给你做出详细的介绍!希望对你有帮助!
ASA防火墙配置方法一:
Cisco ASA5550防火墙配置VPN总结
ASA防火墙配置一、网络拓扑
|172.x.x.x
|outside
|========|=========|
| |-----Internet 61.x.x.x
|========|=========|
|inside
|133.x.x.x
防火墙分别配置三个端口,端口名称和IP地址分配如上。VPN Client的IP Address Pool为100.100.100.0 255.255.255.0。
ASA防火墙配置二、配置过程
1、建立动态map
crypto ipsec transform-set myset esp-aes-256 esp-sha-hmac
crypto dynamic-map dymap 1 set transform-set myset
crypto dynamic-map dymap 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dymap
crypto map mymap interface Internet
crypto isakmp enable Internet
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
2、建立tunnel group
ASA防火墙配置方法二:
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0 (内网防火墙接口IP)
interface Ethernet0/1
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.0(外网固定IP) global (outside) 1 interfacenat (inside) 1 192.168.8.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1(外网网关)
ASA防火墙配置方法三:
首先你需要定义下内网的流量
access-list 100 permit ip 192.168.0.0 255.255.255.0 any 这个就是表示所有的192.168.0.0/16的网络
定义nat
global ( outside ) 1 interface
nat ( inside ) 1 access-list 100
另外还需要放行流量
access-list acl permit ip any any ( 由于不清楚你的流量我就放行所有了)
access-group acl in interface outside
access-group acl out interface outside