Shulou(Shulou.com)06/03 Report--

Experimental requirements:

1. The two private network segments 10.1.1.0 and 10.2.2.0 are dynamically converted into public network through PAT to be accessed.

2.. Convert the two private network segments 10.1.1.0 and 10.2.2.0 into public network through PAT static (port mapping) to access.

3. Use SSH and ASDM remote login to access the intranet

Experimental steps and ideas

Based on yesterday's experimental server1 ip 10.1.1.0 subnet mask: 255.255.255.0 gateway: 10.1.1.254 Client1 ip 10.2.2.0 subnet mask: 255.255.255.0 gateway: 10.2.2.254 Server2 ip 20.8.8.2 subnet mask: 255.255.255.248 gateway: 200.8.8.6 Client2 ip 200.8.8.1 subnet mask: 255.255.255.248 gateway: 200.8.8.6 server3 ip 192. 168.30.100 subnet mask: 255.255.255.0 gateway: 192.168.30.254 server5 ip 192.168.30.101 subnet mask: 255.255.255.0 gateway: 192.168.30.254 Client3 ip 192.168.30.1 subnet Mask: 255.255.255.0 Gateway: 192.168.30.25 configure dynamic PAT on the firewall: asa (config) # object network ob-in (name) asa (config-network-object) # subnet 10.1.1.0 255.255.255.0 Private network segment asa (config-network-object) # subnet 10.2.2.0 255.255.255.0

The private network segment to be converted

Asa (config-network-object) # nat (inside,outside) dynamic 200.8.8.3 Public network to be converted

Show xlate command to view the xlate table

Clear xlate cleanup

Verify, test as shown in the following figure

Configure static PAT (port mapping)

Asa (config) # object network ob-out (name)

Asa (config-network-object) # host 200.8.8.4 the public network to be translated (Note: 200.8.8.3 was dynamically used before, so change the address or there will be conflicts)

Asa (config) # object network dmz01 (name)

Asa (config-network-object) # host 192.168.3.100 Private Network address to be translated

Asa (config-network-object) # nat (dmz,outside) static ob-out service tcp 8080 server port number

Asa (config) # object network ob-out (name)

Asa (config-network-object) # host 200.8.8.4

Asa (config) # the public network to be converted by object network dmz02

Asa (config-network-object) # host 192.168.3.101 Private Network to be converted

Asa (config-network-object) # nat (dmz,outside) static ob-out service tcp 21 21 server port number

Write an acl:

Asa (config) # access-list out_to_dmz (name) servers allowed by permit tcp any object dmz01 eq http

Asa (config) # access-list out_to_dmz (name) servers allowed by permit tcp any object dmz02 eq ftp

Asa (config) # access-group out_to_dmz in interface outside call

Verification, test

Enter the mapped port on Client2, as follows

Remote access to the intranet using SSH

Asa (config) # hostname asa842 configuration name

Asa842 (config) # domain-name asadomain.com configuration domain name (optional)

Asa842 (config) # crypto key generate rsa modulus 1024 generates a RSA key pair. The length of the key is 1024 bits by default.

Asa842 (config) # ssh 0 0 outside address to be logged in remotely (0 represents any one)

Asa842 (config) # username ssh password cisco configure password

Asa842 (config) # aaa authentication ssh console LOCAL 3a Certification

Verification, test

Enter the user name in the interface

Enter password

And then you can go in.

You can change the configuration inside.

ASDM remote login

Asa842 (config) # http server enable enable HTTPS service

Asa842 (config) # http 0 0 outside allows slave outside interface

Managed through https

Asa842 (config) # asdm image disk0:/asdm-649.bin provides the client to download ASDM software

Asa842 (config) # username cisco password cisco privilege 15 permission 15 is administrator privilege, default is 1

Verification, test

Visit the web page via https://200.8.8.6 as shown in the following figure

Enter Install ASDM Launcher as shown below

Enter user name and password

Enter the user name and password to enter

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.