Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

ASA virtual wall configuration

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Asa configuration

ASA Version 8.0 (2)

!

Hostname ASA5520

Enable password 2KFQnbNIdI.2KYOU encrypted

No mac-address auto

!

Interface Ethernet0/0

!

Interface Ethernet0/0.1

Vlan 100

!

Interface Ethernet0/0.2

Vlan 200

!

Interface Ethernet0/0.3

Vlan 300

!

Interface Ethernet0/1

!

Interface Ethernet0/1.1

Vlan 10

!

Interface Ethernet0/1.2

Vlan 20

!

Interface Ethernet0/1.3

Vlan 30

!

Interface Ethernet0/2

!

Interface Ethernet0/3

!

Interface Ethernet0/4

Shutdown

!

Interface Ethernet0/5

Shutdown

!

Class default

Limit-resource All 0

Limit-resource ASDM 5

Limit-resource SSH 5

Limit-resource Telnet 5

!

Ftp mode passive

Pager lines 24

No failover

No asdm history enable

Arp timeout 14400

Console timeout 0

Admin-context admin

Context admin

Config-url disk0:/admin.cfg

!

Context join

Allocate-interface Ethernet0/0

Allocate-interface Ethernet0/1

Config-url disk0:/join.cfg

!

Context networking

Allocate-interface Ethernet0/2

Allocate-interface Ethernet0/3

Config-url disk0:/networking.cfg

!

Prompt hostname context

Cryptochecksum:9cc1a45cf59984c4f1379b68f95b098a

: end

Asa/neworking configuration

: Saved

:

ASA Version 8.0 (2)

!

Hostname networking

Enable password 2KFQnbNIdI.2KYOU encrypted

Names

!

Interface Ethernet0/2

Nameif outside

Security-level 0

Ip address dhcp

!

Interface Ethernet0/3

Nameif inside

Security-level 100

Ip address 172.16.1.254 255.255.255.0

!

Passwd 2KFQnbNIdI.2KYOU encrypted

Access-list out-to-in extended permit icmp any any echo

Access-list out-to-in extended permit icmp any any echo-reply

Access-list out-to-in extended permit tcp any host 10.0.0.110 eq ssh

Access-list out-to-in extended permit tcp any host 10.0.0.110 eq www

Access-list out-to-in extended permit tcp any host 10.0.0.110 eq ftp

Access-list out-to-in extended permit tcp any host 10.0.0.110 eq 8080

Pager lines 24

Mtu outside 1500

Mtu inside 1500

Icmp unreachable rate-limit 1 burst-size 1

No asdm history enable

Arp timeout 14400

Global (outside) 1 interface

Nat (inside) 1 172.16.1.0 255.255.255.0

Static (inside,outside) tcp 10.0.0.110 ssh 172.16.1.1 ssh netmask 255.255.255.255

Static (inside,outside) tcp 10.0.0.110 www 172.16.1.1 www netmask 255.255.255.255

Static (inside,outside) tcp 10.0.0.110 ftp 172.16.1.1 ftp netmask 255.255.255.255

Static (inside,outside) tcp 10.0.0.110 8080 172.16.1.1 3128 netmask 255.255.255.255

Access-group out-to-in in interface outside

Route outside 0.0.0.0 0.0.0.0 10.0.0.254 1

Timeout xlate 3:00:00

Timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Timeout sunrpc 0:10:00 h423 0:05:00 h325 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

Timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

Timeout uauth 0:05:00 absolute

Aaa authentication ssh console LOCAL

No snmp-server location

No snmp-server contact

No crypto isakmp nat-traversal

Telnet timeout 5

Ssh 0.0.0.0 0.0.0.0 outside

Ssh timeout 30

Ssh version 2

!

Class-map inspection_default

Match default-inspection-traffic

!

!

Policy-map type inspect dns preset_dns_map

Parameters

Message-length maximum 512

Policy-map global_policy

Class inspection_default

Inspect dns preset_dns_map

Inspect ftp

Inspect h423 h325

Inspect h423 ras

Inspect netbios

Inspect rsh

Inspect rtsp

Inspect skinny

Inspect esmtp

Inspect sqlnet

Inspect sunrpc

Inspect tftp

Inspect sip

Inspect xdmcp

!

Service-policy global_policy global

Username networking password qN3BipPT/OszXPm3 encrypted privilege 15

Cryptochecksum:430e91e467e74583910adccfabf80cec

: end

Asa/join configuration

ASA5520/join# sh running-config

: Saved

:

ASA Version 8.0 (2)

!

Hostname join

Enable password 2KFQnbNIdI.2KYOU encrypted

Names

!

Interface Ethernet0/0

Nameif outside

Security-level 0

Ip address dhcp

!

Interface Ethernet0/1

Nameif inside

Security-level 100

Ip address 192.168.1.254 255.255.255.0

!

Passwd 2KFQnbNIdI.2KYOU encrypted

Access-list out-to-in extended permit icmp any any echo

Access-list out-to-in extended permit icmp any any echo-reply

Access-list out-to-in extended permit tcp any host 10.0.0.100 eq 3389

Access-list out-to-in extended permit tcp any host 10.0.0.100 eq www

Access-list out-to-in extended permit tcp any host 10.0.0.100 eq ftp

Access-list out-to-in extended permit tcp any host 10.0.0.100 eq telnet

Pager lines 24

Mtu inside 1500

Mtu outside 1500

Icmp unreachable rate-limit 1 burst-size 1

No asdm history enable

Arp timeout 14400

Global (outside) 1 interface

Nat (inside) 1 192.168.1.0 255.255.255.0

Static (inside,outside) tcp 10.0.0.100 3389 192.168.1.1 3389 netmask 255.255.255.255

Static (inside,outside) tcp 10.0.0.100 www 192.168.1.1 www netmask 255.255.255.255

Static (inside,outside) tcp 10.0.0.100 ftp 192.168.1.1 ftp netmask 255.255.255.255

Static (inside,outside) tcp 10.0.0.100 telnet 192.168.1.1 telnet netmask 255.255.255.255

Access-group out-to-in in interface outside

Route outside 0.0.0.0 0.0.0.0 10.0.0.254 1

Timeout xlate 3:00:00

Timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Timeout sunrpc 0:10:00 h423 0:05:00 h325 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

Timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

Timeout uauth 0:05:00 absolute

Aaa authentication ssh console LOCAL

No snmp-server location

No snmp-server contact

No crypto isakmp nat-traversal

Telnet timeout 5

Ssh 0.0.0.0 0.0.0.0 outside

Ssh timeout 30

Ssh version 2

!

Class-map inspection_default

Match default-inspection-traffic

!

!

Policy-map type inspect dns preset_dns_map

Parameters

Message-length maximum 512

Policy-map global_policy

Class inspection_default

Inspect dns preset_dns_map

Inspect ftp

Inspect h423 h325

Inspect h423 ras

Inspect netbios

Inspect rsh

Inspect rtsp

Inspect skinny

Inspect esmtp

Inspect sqlnet

Inspect sunrpc

Inspect tftp

Inspect sip

Inspect xdmcp

!

Service-policy global_policy global

Username join password p8h2Qs/3blqj2KNa encrypted privilege 15

Cryptochecksum:3ece39ddf49bbe75af6c3688e1aebb4f

: end

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report