当前位置: 首页 > >

51CTO下载-5505拨号

发布时间:


ASAPPPOE拨号配置基本上和PIX拨号配置一致,所以以前有配置过PIX7.0以后的版本的大虾在配置时会顺手很多,下面贴一个我在某单位的配置。

ciscoasa# sh run
: Saved
:
ASA Version 7.2(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
nameif ouside
security-level 0
pppoe client vpdn group pppoe
ip address pppoe setroute
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
boot system disk0:/asa724-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
mtu ouside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm522.bin
no asdm history enable
arp timeout 14400
global (ouside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoe request dialout pppoe
vpdn group pppoe localname AD帐号
vpdn group pppoe ppp authentication pap
vpdn username AD帐号 password ********* store-local
dhcpd dns 202.96.128.86 202.96.128.110
!
dhcpd address 192.168.1.2-192.168.1.240 inside
dhcpd enable inside
!
username cisco password 3USUcOPFUiMCO4Jk encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2f16dce4833d2bebc3a1ea89b4d025df
: end
ciscoasa# show int eth0/1
Interface Ethernet0/1 "ouside", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 001e.f75e.6fe3, MTU 1492
IP address 219.135.156.257, subnet mask 255.255.255.255
2323 packets input, 1951541 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
1946 packets output, 330728 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (1/9) software (0/0)
output queue (curr/max packets): hardware (0/2) software (0/0)
Traffic Statistics for "ouside":
4454 packets input, 3793522 bytes
1946 packets output, 290048 bytes
178 packets dropped
1 minute input rate 1 pkts/sec, 835 bytes/sec
1 minute output rate 0 pkts/sec, 74 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 40 bytes/sec
5 minute output rate 0 pkts/sec, 5 bytes/sec
5 minute drop rate, 0 pkts/sec
ciscoasa# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 219.135.156.1 to network 0.0.0.0

C 192.168.1.0 255.255.255.0 is directly connected, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 219.135.156.1, ouside





















cisco asa 5505 NAT上网配置详解
ASA Version 7.2(3)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
no nameif
no security-level
no ip address
!

interface Vlan2
nameif outside 对端口命名外端口
security-level 0 设置端口等级
ip address 218.26.8.99 255.255.255.224 调试外网地址
!
interface Vlan3
nameif inside 对端口命名内端口
security-level 100 调试外网地址
ip address 192.168.0.1 255.255.255.0 设置端口等级
!
interface Ethernet0/0
switchport access vlan 2 设置端口VLAN与VLAN2绑定
!
interface Ethernet0/1
switchport access vlan 3 设置端口VLAN与VLAN3绑定
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 202.99.192.68
name-server 202.99.192.66
access-list 102 extended permit icmp any any 设置ACL列表(允许ICMP全部通过)
access-list 102 extended permit ip any any 设置ACL列表(允许所有IP全部通过)
pager lines 24
mtu outside 1500
mtu inside 1500

no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface 设置NAT地址映射到外网口
nat (inside) 1 0.0.0.0 0.0.0.0 NAT地址池(所有地址)
access-group 102 in interface outside 设置ACL列表绑定到外端口
route outside 0.0.0.0 0.0.0.0 218.26.8.97 1 设置到外网的默认路由,218.26.8.97为ISP给的网关
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside 设置TELNET所有地址进入
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside 设置SSH所有地址进入
ssh timeout 30
ssh version 2
console timeout 0
!
dhcpd address 192.168.0.2-192.168.0.254 inside 设置DHCP服务器地址池
dhcpd dns 202.99.192.68 202.99.192.66 interface inside 设置DNS服务器到内网端口
dhcpd enable inside 设置DHCP应用到内网端口
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp

inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2eee13a7a5b7517539234d1090c04521
: end




友情链接: