Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Parsing ASA 8.0 Command

2025-01-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Some friends still have problems with firewalls. In fact, configuring ASA firewalls is very simple. The commonly used commands are hostname, interface (ip address, no shutdown, nameif, security-level), nat, global, route, static, access-list, access-group.

Let's parse the configuration of an ASA 8.0

ASA Version 8.0 (2) / / Note version, NAT command has changed since 8.3

!

Hostname ciscoasa / / Hostname

Domain-name sannet.net

Enable password 2KFQnbNIdI.2KYOU encrypted / / enable password

Names

!

Interface Ethernet0/0

Nameif inside / / define the internal network port

Security-level 100 / / Security level

Ip address 192.168.1.254 255.255.255.0 / / Private network IP address

!

Interface Ethernet0/1

Nameif dmz / / define DMZ area

Security-level 50 / / Security level

Ip address 172.16.1.254 255.255.255.0 / / DMZ area IP address

!

Interface Ethernet0/2

Nameif outside / / define the external network port

Security-level 0 / / Security level

Ip address 221.222.1.2 255.255.255.0 / / Public network IP address

!

Interface Ethernet0/3

Shutdown

No nameif

No security-level

No ip address

!

Interface Ethernet0/4

Shutdown

No nameif

No security-level

No ip address

!

Interface Ethernet0/5

Shutdown

No nameif

No security-level

No ip address

!

Passwd W6dWZr89yLlX1S1u encrypted / / telnet password

Ftp mode passive

Dns server-group DefaultDNS

Use of domain-name sannet.net / / domain name ssh

Access-list ToDmz extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0 / go to DMZ acl without NAT

Access-list telnet extended permit tcp any interface outside eq 2023 / / the public network accesses the acl of the internal network

Pager lines 24

Mtu inside 1500

Mtu dmz 1500

Mtu outside 1500

No failover

Icmp unreachable rate-limit 1 burst-size 1

No asdm history enable

Arp timeout 14400

Nat-control / / enable nat

Global (outside) 1 interface / / defines a public network mapping address

Nat (inside) 0 access-list ToDmz / / defines a region that does not do NAT conversion

Nat (inside) 1 0.0.0.0 0.0.0.0 / / defines the intranet NAT translation address

Static (dmz,outside) tcp interface 2023 172.16.1.2 telnet netmask 255.255.255.255 / / Port address Translation

Static (dmz,outside) 221.222.1.3 172.16.1.1 netmask 255.255.255.255 / / Private address translation

Access-group telnet in interface outside / / external network port receives ACL (telnet) traffic

Route outside 0.0.0.0 0.0.0.0 221.222.1.1 1 / / default route

Timeout xlate 3:00:00

Timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Timeout sunrpc 0:10:00 h423 0:05:00 h325 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

Timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

Timeout uauth 0:05:00 absolute

Dynamic-access-policy-record DfltAccessPolicy

No snmp-server location

No snmp-server contact

Snmp-server enable traps snmp authentication linkup linkdown coldstart

No crypto isakmp nat-traversal

Telnet 0.0.0.0 0.0.0.0 inside / / defines the private network telnet segment

Telnet timeout 5

Ssh 0.0.0.0 0.0.0.0 outside / / defines a public network ssh segment

Ssh timeout 5

Ssh version 2

Console timeout 0

Threat-detection basic-threat

Threat-detection statistics access-list

!

Class-map inspection_default

Match default-inspection-traffic

!

!

Policy-map type inspect dns preset_dns_map

Parameters

Message-length maximum 512

Policy-map global_policy

Class inspection_default

Inspect dns preset_dns_map

Inspect ftp

Inspect h423 h325

Inspect h423 ras

Inspect netbios

Inspect rsh

Inspect rtsp

Inspect skinny

Inspect esmtp

Inspect sqlnet

Inspect sunrpc

Inspect tftp

Inspect sip

Inspect xdmcp

Inspect icmp / / definition can flow through icmp, you can use the command fixup protocol icmp

!

Service-policy global_policy global

Username cisco password vzoACXLxNjqisKsJ encrypted

Prompt hostname context

Cryptochecksum:b38407b376659065819b3044e94283f1

: end

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Address command security area level network port password traffic network segment firewall configuration fire prevention host can pass domain name commonly used friend version port route vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Tech Info Apple Microsoft Shulou Information MariaDB Shulou Technology MySQL vpn Linux Redmi OPPO Reno macOS Huawei Xiaomi Docker NVidia Shulou Tech Info Apple Microsoft Shulou Information MariaDB Shulou Technology MySQL vpn Linux Redmi OPPO Reno macOS Huawei Xiaomi Docker NVidia

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report