Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Principle and basic configuration of cisco ASA Firewall Security algorithm (2)

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Third, NAT control

1) NAT control disabled (default is NAT control disabled (no nat-control)

At this time NAT rules are not necessary, do not do NAT, also allow outbound, but do not translate, with the real IP out.

2) Enable NAT control (nat-control)

This is a NAT rule must have, otherwise it is not out of the station, there is no matching NAT rule.

4. NAT exemption

When NAT control is enabled, each originating connection requires a corresponding NAT rule, and exemptions are configured to bypass NAT rules. (e.g. ×××), NAT exemption allows two-way communication. Only high-level applications are allowed.

Configuring NAT exemptions begins with defining an ACL that specifies traffic that needs to bypass NAT rules.

Now I'll configure the exemption PC2 host (10.1.1.2) according to the previous topology

asa(config)#access-list nonat permit ip 10.1.1.0 255.255.255.0 172.16.16.0 255.255.255.0

asa(config)#nat (inside) 0 access-list nonat

In this way, PC2 does not perform NAT translation when accessing hosts in the 172.16.16.0/24 segment.

5. Remote management ASA

1) Configuration allows telnet access

asa (config)#telnet 10.1.1.0 255.255.255.0 inside This configuration only allows telnet access on segment 10.1.1.0/24.

You can also allow telnet access to only one host.

asa(config)#telnet 10.1.1.22 255.255.255.255 inside

2) Configure SSH access

cisco asa (config)# host asa configure hostname

asa (config)#domain-name accp.com Configure domain names

asa(config)#passwd Passwd The password specified by the passwd command is the remote access password, which also applies to telnet

asa (config)#crypto key generate rsa modulus 1024 Generate RSA key pair

asa(config)#write mem save key

View key pairs

asa(config)#show crypto key mypubkey rsa

Allow ssh access

asa(config)#ssh 10.1.1.0 255.255.255.0 inside

asa(config)#ssh 0 0 outside

asa (config)# ssh version 2

3)Configure ASDM Access

1) Enable HTTPS server functionality

asa(config)#http server enable {port}

2) Allow https access

asa(config)#http 10.1.1.0 255.255.255.0 inside

3) Specify the location of the ASDM image

asa(config)#asdm p_w_picpath disk0:/asdmfile

4)Configure the username and password used for client login

asa(config)#username zhangsan password 123456 privileges 15

5) Run ASDM as a web

VI. Log management

Log information security levels are divided into eight levels

0 emergency (very urgent)

1 alert (emergency)

2 Critical (critical)

3 error (error)

4 warning (warning)

5 Notice (Note)

6 information (reminder)

7 debugging

1) Configuration log

asa(config)# clock timezone peking 8

2) Configuration time

asa(config)#clock set 11:30:00 26 sep 2013

3)log-enabled

asa(config)#logging enable

asa (config)# logging timestamp Enable timestamp

asa(config)#logging trap information

asa(config)#logging host inside 10.1.1.2

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report