ASA防火牆配置案例（一）

最後更新：2014-10-16 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

標籤：思科 router firewall

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/4C/7E/wKioL1Q-cIah_T1bAADc8Tx_fkM152.jpg" title="6.png" alt="wKioL1Q-cIah_T1bAADc8Tx_fkM152.jpg" />

實驗目標：

1.配置靜態路由，實現全網互連。

2.R1能telnet到R3，R4，R3被拒絕ACL規則telnet到R4，R4無法telnet到R1和R3.

ASA

conf t

int e0/1

nameif inside

security-level 100

ip add 10.1.1.10 255.255.255.0

no sh

int e0/2

nameif dmz

security-level 50

ip address 192.168.1.10 255.255.255.0

no sh

int e0/3

nameif outside

security-level 0

ip add 172.16.1.10 255.255.255.0

no sh

exit

route outside 172.16.2.0 255.255.255.0 172.16.1.2

access-list r3-r4 deny ip host 192.168.1.2 host 172.16.2.2

access-group r3-r4 in interface dmz

conf t

hostname router1

int f1/1

no sw

ip address 10.1.1.2 255.255.255.0

no sh

exit

ip routing

ip route 172.16.1.0 255.255.255.0 10.1.1.10

ip route 172.16.2.0 255.255.255.0 10.1.1.10

ip route 192.168.1.0 255.255.255.0 10.1.1.10

line vty 0 4

password 123456

exit

conf t

hostname router2

int f1/0

no sw

ip address 172.16.1.2 255.255.255.0

no sh

int f1/1

no sw

ip address 172.16.2.1 255.255.255.0

no sh

exit

ip route 192.168.1.0 255.255.255.0 172.16.1.10

ip route 10.1.1.0 255.255.255.0 172.16.1.10

end

conf t

hostname router3

int f1/0

no sw

ip address 192.168.1.2 255.255.255.0

no sh

exit

ip route 172.16.1.0 255.255.255.0 192.168.1.10

ip route 172.16.2.0 255.255.255.0 192.168.1.10

ip route 10.1.1.0 255.255.255.0 192.168.1.10

line vty 0 4

password 123456

exit

conf t

hostname router4

int f1/1

no sw

ip address 172.16.2.2 255.255.255.0

no sh

exit

ip route 192.168.1.0 255.255.255.0 172.16.2.1

ip route 10.1.1.0 255.255.255.0 172.16.2.1

ip route 172.16.1.0 255.255.255.0 172.16.2.1

line vty 0 4

password 123456

exit

R1telnet到R3

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/4C/7E/wKioL1Q-clfQrdUeAABfD05AkzA948.jpg" title="r1r3.png" alt="wKioL1Q-clfQrdUeAABfD05AkzA948.jpg" />

2.R1 telnet 到 R4

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/4C/7D/wKiom1Q-cjeA5gCrAABeVJQim7U567.jpg" title="r1r4.png" style="float:none;" alt="wKiom1Q-cjeA5gCrAABeVJQim7U567.jpg" />

3.R4無法telnet到R1，R3。

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/4C/7D/wKiom1Q-cjjxFor0AAC1_02wSZY625.jpg" title="r4-r1r3.png" style="float:none;" alt="wKiom1Q-cjjxFor0AAC1_02wSZY625.jpg" />

4.R3因為ACL被拒絕telnet到R4

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/4C/7E/wKioL1Q-cm7y3dh2AABdnx_adr4611.jpg" title="refusedr3.png" style="float:none;" alt="wKioL1Q-cm7y3dh2AABdnx_adr4611.jpg" />

5.查看ASA防火牆的路由表。

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/4C/7D/wKiom1Q-cjfiSFlUAAFAg_10ACM762.jpg" style="float:none;" title="ah route.png" alt="wKiom1Q-cjfiSFlUAAFAg_10ACM762.jpg" />

6.show conn detail。

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/4C/7D/wKiom1Q-cjiAZynNAAPEjnu4jrQ204.jpg" style="float:none;" title="show conn.png" alt="wKiom1Q-cjiAZynNAAPEjnu4jrQ204.jpg" />

本文出自 “龍愛雪琪” 部落格，謝絕轉載！

ASA防火牆配置案例（一）

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More