Shulou(Shulou.com)06/02 Report--

Note: telnet is used to test.

Because ASA defaults to forming CONN tables for TCP and UDP

Icmp protocol can not form CONN table, so use ping mode.

It is normal to test that ping does not work.

ASA. Configuration:

Ciscoasa# show running-config

: Saved

:

ASA Version 8.4 (2)

!

Hostname ciscoasa

Enable password 8Ry2YjIyt7RRXU24 encrypted

Passwd 2KFQnbNIdI.2KYOU encrypted

Names

!

Interface GigabitEthernet0

Nameif Intside

Security-level 0

Ip address 192.168.10.254 255.255.255.0

!

Interface GigabitEthernet1

Nameif outside

Security-level 0

Ip address 192.168.20.254 255.255.255.0

!

Interface GigabitEthernet2

Shutdown

No nameif

No security-level

No ip address

!

Interface GigabitEthernet3

Shutdown

No nameif

No security-level

No ip address

!

Interface GigabitEthernet4

Shutdown

No nameif

No security-level

No ip address

!

Interface GigabitEthernet5

Shutdown

No nameif

No security-level

No ip address

!

Ftp mode passive

Pager lines 24

Mtu Intside 1500

Mtu outside 1500

Icmp unreachable rate-limit 1 burst-size 1

No asdm history enable

Arp timeout 14400

Timeout xlate 3:00:00

Timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Timeout sunrpc 0:10:00 h423 0:05:00 h325 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

Timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

Timeout tcp-proxy-reassembly 0:01:00

Timeout floating-conn 0:00:00

Dynamic-access-policy-record DfltAccessPolicy

No snmp-server location

No snmp-server contact

Snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

Telnet timeout 5

Ssh timeout 5

Console timeout 0

Threat-detection basic-threat

Threat-detection statistics access-list

No threat-detection statistics tcp-intercept

!

Class-map inspection_default

Match default-inspection-traffic

!

!

Policy-map type inspect dns preset_dns_map

Parameters

Message-length maximum client auto

Message-length maximum 512

Policy-map global_policy

Class inspection_default

Inspect dns preset_dns_map

Inspect ftp

Inspect h423 h325

Inspect h423 ras

Inspect rsh

Inspect rtsp

Inspect esmtp

Inspect sqlnet

Inspect skinny

Inspect sunrpc

Inspect xdmcp

Inspect sip

Inspect netbios

Inspect tftp

Inspect ip-options

!

Service-policy global_policy global

Prompt hostname context

Crashinfo save disable

Cryptochecksum:715f838bf34db00a308a613eb31214ac

: end

Ciscoasa# conf t

Ciscoasa (config) # in G0

Ciscoasa (config-if) # no na

Ciscoasa (config-if) # no nameif Intside

Ciscoasa (config-if) # nameif inside

INFO: Security level for "inside" set to 100by default.

Ciscoasa (config-if) #-

^

ERROR:% Invalid input detected at'^ 'marker.

Ciscoasa (config-if) #

Ciscoasa (config-if) # qq

^

ERROR:% Invalid input detected at'^ 'marker.

Ciscoasa (config-if) # Q

Ciscoasa (config) # Q

Ciscoasa# show rou

Ciscoasa# show route

Ciscoasa# show run

Ciscoasa# show running-config

: Saved

:

ASA Version 8.4 (2)

!

Hostname ciscoasa

Enable password 8Ry2YjIyt7RRXU24 encrypted

Passwd 2KFQnbNIdI.2KYOU encrypted

Names

!

Interface GigabitEthernet0

Nameif inside

Security-level 100

Ip address 192.168.10.254 255.255.255.0

!

Interface GigabitEthernet1

Nameif outside

Security-level 0

Ip address 192.168.20.254 255.255.255.0

!

Interface GigabitEthernet2

Shutdown

No nameif

No security-level

No ip address

!

Interface GigabitEthernet3

Shutdown

No nameif

No security-level

No ip address

!

Interface GigabitEthernet4

Shutdown

No nameif

No security-level

No ip address

!

Interface GigabitEthernet5

Shutdown

No nameif

No security-level

No ip address

!

Ftp mode passive

Pager lines 24

Mtu inside 1500

Mtu outside 1500

Icmp unreachable rate-limit 1 burst-size 1

No asdm history enable

Arp timeout 14400

Timeout xlate 3:00:00

Timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Timeout sunrpc 0:10:00 h423 0:05:00 h325 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

Timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

Timeout tcp-proxy-reassembly 0:01:00

Timeout floating-conn 0:00:00

Dynamic-access-policy-record DfltAccessPolicy

No snmp-server location

No snmp-server contact

Snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

Telnet timeout 5

Ssh timeout 5

Console timeout 0

Threat-detection basic-threat

Threat-detection statistics access-list

No threat-detection statistics tcp-intercept

!

Class-map inspection_default

Match default-inspection-traffic

!

!

Policy-map type inspect dns preset_dns_map

Parameters

Message-length maximum client auto

Message-length maximum 512

Policy-map global_policy

Class inspection_default

Inspect dns preset_dns_map

Inspect ftp

Inspect h423 h325

Inspect h423 ras

Inspect rsh

Inspect rtsp

Inspect esmtp

Inspect sqlnet

Inspect skinny

Inspect sunrpc

Inspect xdmcp

Inspect sip

Inspect netbios

Inspect tftp

Inspect ip-options

!

Service-policy global_policy global

Prompt hostname context

Crashinfo save disable

Cryptochecksum:b6be07c60b5c6f70fdd258745b715629

R1 configuration:

[Connection to 192.168.20.1 closed by foreign host]

R1#show run

R1#show running-config

Building configuration...

Current configuration: 1164 bytes

!

Version 12.4

Service timestamps debug datetime msec

Service timestamps log datetime msec

No service password-encryption

!

Hostname R1

!

Boot-start-marker

Boot-end-marker

!

!

No aaa new-model

Memory-size iomem 5

No ip icmp rate-limit unreachable

Ip tcp synwait-time 5

!

Ip cef

No ip domain lookup

!

Interface Ethernet0/0

Ip address 192.168.10.1 255.255.255.0

Half-duplex

!

Interface Ethernet0/1

No ip address

Shutdown

Half-duplex

!

Interface Ethernet0/2

No ip address

Shutdown

Half-duplex

!

Interface Ethernet0/3

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/0

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/1

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/2

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/3

No ip address

Shutdown

Half-duplex

!

No ip http server

No ip http secure-server

Ip route 192.168.20.0 255.255.255.0 192.168.10.254

!

Control-plane

!

Line con 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line aux 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line vty 0 4

Login

!

!

End

R2 configuration:

R2#show running-config

Building configuration...

Current configuration: 1198 bytes

!

Version 12.4

Service timestamps debug datetime msec

Service timestamps log datetime msec

No service password-encryption

!

Hostname R2

!

Boot-start-marker

Boot-end-marker

!

Enable password 123

!

No aaa new-model

Memory-size iomem 5

No ip icmp rate-limit unreachable

Ip tcp synwait-time 5

!

!

Ip cef

No ip domain lookup

!

Interface Ethernet0/0

No ip address

Shutdown

Half-duplex

!

Interface Ethernet0/1

Ip address 192.168.20.1 255.255.255.0

Half-duplex

!

Interface Ethernet0/2

No ip address

Shutdown

Half-duplex

!

Interface Ethernet0/3

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/0

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/1

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/2

No ip address

Shutdown

Half-duplex

!

Interface Ethernet1/3

No ip address

Shutdown

Half-duplex

!

No ip http server

No ip http secure-server

Ip route 192.168.10.0 255.255.255.0 192.168.20.254

!

Control-plane

!

Line con 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line aux 0

Exec-timeout 0 0

Privilege level 15

Logging synchronous

Line vty 0 4

Password asd

Login

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.