Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "how to configure Cisco ASA firewall". The editor shows you the operation process through an actual case, and the operation method is simple, fast and practical. I hope this article "how to configure Cisco ASA firewall" can help you solve the problem.

The basic configuration steps for ASA are as follows:

Configure hostname and domain name

Hostname [hostname]

Domain-name xx.xx

Hostname Cisco-ASA 5520

Domain-name ciscosas.com.cn

Configure login username and password

Password [password]

Enable password [password]

Configure interfaces, routin

Interface interface_name

Nameif [name]

There are three interface types for name, insdie outside dmz

Security-level xx (Numeric)

The higher the value, the higher the security level of the interface.

Note: default inside 100, outside 0, dmz is between the two

Static rout

Route interface_number network mask next-hop-address

Route outside 0.0.0.0 0.0.0.0 210.210.210.1

Configure remote management access

Telnet

Telnet {network | ip-address} mask interface_name

Telnet 192.168.1.0 255.255.255.0 inside

Telnet 210.210.210.0 255.255.255.0 outside

SSH

Crypto key generate rsa modulus {1024 | 2048}

Specify rsa factor, 1024 recommended by Cisco

Ssh timeout minutes

Ssh version version_number

Crypto key generate rsa modulus 1024

Ssh timeout 30

Ssh version 2

Configure ASDM (Adaptive Security device Manager) access

Http server enbale port enable featur

Http {networdk | ip_address} mask interface_name

Asdm image disk0:/asdm_file_name specifies the file location

Username user password password privilege 15

NAT

Nat-control

Nat interface_name nat_id local_ip mask

Global interface_name nat_id {global-ip [global-ip] | interface}

Nat-control

Nat inside 1 192.168.1.0 255.255.255.0

Global outside 1 interface

Global dmz 1 192.168.202.100-192.168.202.150

ACL

Access-list list-name standad permit | deny ip mask

Access-list list-name extendad permit | deny protocol source-ip mask destnation-ip mask port

Access-group list-name in | out interface interface_name

If the intranet server needs to be distributed to the public network

Staic real-interface mapped-interface mapped-ip real-ip

Staic (dmz,outside) 210.210.202.100 192.168.202.1

Save configuration

Wirte memory

Clear configuration

Clear configure (all)

This is the end of the introduction to "how to configure Cisco ASA Firewall". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.