pondělí 17. září 2012

CISCO ASA 5505 - úvodní konfigurace

Trocha příkazů pro konfiguraci domácího firewallu CISCO ASA 5505





Clear configuration on ASA 5505
ASA5505# write erase

Resetting ASA 5505 to factory default
ASA5505(config)# config factory-default

To set Privileged level password (enable password)
ASA5505(config)# enable password mysecretpassword

Configure the private inside interface
ASA5505(config)# interface vlan 1
ASA5505(config-if)# nameif inside
ASA5505(config-if)# security-level 100
ASA5505(config-if)# ip address 10.0.0.1 255.255.255.0

ASA5505(config)# interface e0/1
ASA5505(config-if)# switchport access vlan 1

Configure the public outside interface
ASA5505(config)# interface vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address 192.168.1.1 255.255.255.0

ASA5505(config)# inteface e0/0
ASA5505(config-if)# switchport access vlan 2

Configure the DMZ interface (BASE License)
ASA5505(config)# interface vlan 3
ASA5505(config-if)# no forward interface vlan 1
ASA5505(config-if)# nameif dmz
ASA5505(config-if)# security-level 50
ASA5505(config)# ip address 172.10.0.1 255.255.255.0
ASA5505(config)# interface e0/2
ASA5505(config-if)# switchport access vlan 3

To enable management access to ASA from internal subnet 10.0.0.0 /24
ASA5505(config)# http server enable
ASA5505(config)# http 10.0.0.0 255.255.255.0 inside

Configure static route to reach internal subnet 10.0.0.0/24
ASA5505(config)# route inside 10.10.10.0 255.255.255.0 ethernet 0/1

Configure default route to reach outside (internet)
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 192.168.1.2

Configure static router to DMZ
ASA5505(config)# route dmz 172.16.0.1 255.255.255.0 ethernet 0/2

To configure DHCP pool for inside subnet
ASA5505(config)# dhcpd address 192.168.1.2-192.168.1.50 inside
ASA5505(config)# dhcpd enable inside
v
Štítky:

Žádné komentáře:

Okomentovat

Přihlásit se k odběru: Komentáře k příspěvku (Atom)