帮忙配置一下ASA5510的防护墙
我们公司的外部网络是这样的:外部通过光纤接入,连接到路由器上,路由器接ASA防护墙,防护墙再接交换机。外部网络的IP是121.18.53.54,路由器得内部IP是192.168.1.1,防护墙的内部IP是192.168.2.1。由于路由器比较老现在想把外网直接连接到防护墙上,请高手们帮助配置一下,看看防护墙的配置怎么改动。是不是直接把防护墙的outside口的ip,dns改掉,在配置路由信息就可以了呢?请高手指点!!!能给出具体怎样修改配置最好!万分感谢!!!
防护墙的配置信息如下:
ASA Version 7.0(7)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password ll/H5jVS3z.Y.VJ3 encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
passwd ll/H5jVS3z.Y.VJ3 encrypted
ftp mode passive
access-list 201 extended permit icmp any any
access-list 201 extended permit ip host 192.168.2.205 any
access-list 201 extended permit ip host 192.168.2.206 any
access-list 201 extended permit ip host 192.168.2.208 any
access-list 201 extended permit ip host 192.168.2.209 any
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 2000
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 7779
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 8001
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 8002
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 8601
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 9000
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 20867
access-list 201 extended deny tcp 192.168.2.0 255.255.255.0 any eq 22223
access-list 201 extended permit ip any any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip host 192.168.2.205 any
access-list inside_access_in extended permit ip host 192.168.2.206 any
access-list inside_access_in extended permit ip host 192.168.2.208 any
access-list inside_access_in extended permit ip host 192.168.2.209 any
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
2000
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
7779
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
8001
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
8002
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
8601
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
9000
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
20867
access-list inside_access_in extended deny tcp 192.168.2.0 255.255.255.0 any eq
22223
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
mtu outside 1500
mtu inside 1500
asdm image disk0:/asdm-507.bin
asdm location 192.168.2.203 255.255.255.255 inside
asdm location 192.168.2.205 255.255.255.255 inside
asdm location 192.168.2.206 255.255.255.255 inside
asdm location 192.168.2.208 255.255.255.255 inside
asdm location 192.168.2.209 255.255.255.255 inside
asdm location 192.168.2.0 255.255.255.0 outside
no asdm history enable
arp inside 192.168.2.183 0011.5b96.247b
arp inside 192.168.2.182 0016.960e.4623
arp inside 192.168.2.181 0011.2ff1.11b3
arp inside 192.168.2.167 001a.9223.31f0
arp inside 192.168.2.166 000d.8743.0ab6
arp inside 192.168.2.165 001b.fcbf.0f91
arp inside 192.168.2.164 000d.8741.1409
arp inside 192.168.2.163 000d.8713.af68
arp inside 192.168.2.162 000a.e660.8ec4
arp inside 192.168.2.161 000d.8740.f322
arp inside 192.168.2.160 0019.215b.29bf
arp inside 192.168.2.159 0007.9547.84e1
arp inside 192.168.2.158 0019.215c.41ca
arp inside 192.168.2.157 000d.8741.1405
arp inside 192.168.2.156 0007.9546.695d
arp inside 192.168.2.155 001e.906e.83c7
arp inside 192.168.2.152 0013.d43a.2cde
arp inside 192.168.2.151 001b.fc63.0916
arp inside 192.168.2.136 0019.21c2.1e06
arp inside 192.168.2.132 0007.9546.641e
arp inside 192.168.2.131 000d.8740.8feb
arp inside 192.168.2.123 0005.5de2.f571
arp inside 192.168.2.122 000d.8741.fd79
arp inside 192.168.2.121 000d.8741.e908
arp inside 192.168.2.116 0013.d43a.2b03
arp inside 192.168.2.115 0001.0176.27d6
arp inside 192.168.2.114 0011.5b75.82a5
arp inside 192.168.2.113 0001.0176.22af
arp inside 192.168.2.112 00e0.dde0.e0e1
arp inside 192.168.2.111 0010.5cdd.125b
arp inside 192.168.2.108 0005.5de3.5992
arp inside 192.168.2.106 0001.6c8c.a73b
arp inside 192.168.2.105 0019.2113.1964
arp inside 192.168.2.103 0016.ecdf.2bc0
arp inside 192.168.2.101 0011.5bce.03a6
arp inside 192.168.2.107 0016.1722.cf7a
arp inside 192.168.2.201 0005.5de2.ee3d
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.2.188 192.168.2.1 netmask 255.255.255.255
access-group 201 out interface outside
access-group 201 in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username admin password HUEInJlp4J/8wO.U encrypted
username song123 password h6wGvb4dAyTf2rTI encrypted
http server enable
http 192.168.2.188 255.255.255.255 inside
http 192.168.2.201 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.2.201 255.255.255.255 inside
telnet 192.168.2.188 255.255.255.255 inside
telnet timeout 20
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.2-192.168.2.254 inside
dhcpd dns 202.99.166.4 202.99.160.68
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:dc3892bd73031ea66603d2e46fee0082
急
那位高手帮帮忙?页:
[1]
