In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Third, NAT control
1) NAT control disabled (default is NAT control disabled (no nat-control)
At this time NAT rules are not necessary, do not do NAT, also allow outbound, but do not translate, with the real IP out.
2) Enable NAT control (nat-control)
This is a NAT rule must have, otherwise it is not out of the station, there is no matching NAT rule.
4. NAT exemption
When NAT control is enabled, each originating connection requires a corresponding NAT rule, and exemptions are configured to bypass NAT rules. (e.g. ×××), NAT exemption allows two-way communication. Only high-level applications are allowed.
Configuring NAT exemptions begins with defining an ACL that specifies traffic that needs to bypass NAT rules.
Now I'll configure the exemption PC2 host (10.1.1.2) according to the previous topology
asa(config)#access-list nonat permit ip 10.1.1.0 255.255.255.0 172.16.16.0 255.255.255.0
asa(config)#nat (inside) 0 access-list nonat
In this way, PC2 does not perform NAT translation when accessing hosts in the 172.16.16.0/24 segment.
5. Remote management ASA
1) Configuration allows telnet access
asa (config)#telnet 10.1.1.0 255.255.255.0 inside This configuration only allows telnet access on segment 10.1.1.0/24.
You can also allow telnet access to only one host.
asa(config)#telnet 10.1.1.22 255.255.255.255 inside
2) Configure SSH access
cisco asa (config)# host asa configure hostname
asa (config)#domain-name accp.com Configure domain names
asa(config)#passwd Passwd The password specified by the passwd command is the remote access password, which also applies to telnet
asa (config)#crypto key generate rsa modulus 1024 Generate RSA key pair
asa(config)#write mem save key
View key pairs
asa(config)#show crypto key mypubkey rsa
Allow ssh access
asa(config)#ssh 10.1.1.0 255.255.255.0 inside
asa(config)#ssh 0 0 outside
asa (config)# ssh version 2
3)Configure ASDM Access
1) Enable HTTPS server functionality
asa(config)#http server enable {port}
2) Allow https access
asa(config)#http 10.1.1.0 255.255.255.0 inside
3) Specify the location of the ASDM image
asa(config)#asdm p_w_picpath disk0:/asdmfile
4)Configure the username and password used for client login
asa(config)#username zhangsan password 123456 privileges 15
5) Run ASDM as a web
VI. Log management
Log information security levels are divided into eight levels
0 emergency (very urgent)
1 alert (emergency)
2 Critical (critical)
3 error (error)
4 warning (warning)
5 Notice (Note)
6 information (reminder)
7 debugging
1) Configuration log
asa(config)# clock timezone peking 8
2) Configuration time
asa(config)#clock set 11:30:00 26 sep 2013
3)log-enabled
asa(config)#logging enable
asa (config)# logging timestamp Enable timestamp
asa(config)#logging trap information
asa(config)#logging host inside 10.1.1.2
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
