Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

ASA-- common application configuration

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Experimental network structure diagram:

DNS Server- (outside) ASA-Firewall (inside)-LAN Client

| |

DMZ-WEB-Server

IP address assignment

Public network: 210.10.10.0.0 Universe 30

Intranet: 192.168.210.0Maple 24

DMZ: 192.168.202.0/24

Basic ASA configuration:

Configure hostname, domain name, and password

Configure Interfac

Configure routin

Configure remote management access

Configure network address translation for outbound traffic

Configure ACL

Enable

Conf t

Hostname ASA5520

Domain-name lpq.com

Enable password ASA5520

Passwd cisco

Conf t

Interface e0/0

Nameif outside

Security-level 0

Ip address 210.10.10.2 255.255.255.0

No shutdown

Exit

Interface e0/1

Nameif inside

Security-level 100

Ip address 192.168.201.1 255.255.255.0

No shutdown

Exit

Interface e0/2

Nameif dmz

Security-level 50

Ip address 192.168.202.1 255.255.255.0

No shutdown

Exit

Route outside 0.0.0.0 0.0.0.0 210.10.10.1

End

Show route

Conf t

Telnet 192.168.201.0 255.255.255.0 inside

Telnet timeout 15

Crypto key generate rsa modulus 1024

Ssh 192.168.201.0 255.255.255.0 inside

Ssh 0 0 outside

Ssh timeout 30

Ssh version 2

Username ASA5520 password cisco

Aaa authertication ssh console LOCAL

Passwd aaa

Http server enable 8008

Http 192.168.201.0 255.255.255.0 inside

Http 0 0 outside

Http 0 0 inside

Asdm p_w_picpath disk0:/asdm-615.bin

Username admin password admin privilege 15

Access-list 111 extended permit icmp any any

Access-list 111 permit ip any any

Access-group 111 in inter outside

Access-group 111 in inter inside

Access-group 111 in inter dmz

Access-list testacl deny ip 192.168.201.33 255.255.255.255 any

Access-list testacl permit ip any any

Access-group testacl in inter inside

-

Nat-control

Nat (inside) 1 0 0

Global (outside) 1 interface

Global (dmz) 1 192.168.202.100-192.168.202.110

Static (dmz,outside) 210.10.10.2 192.168.202.2

Access-list out_to_dmz permit tcp any host 210.10.10.2 eq 80

Access-group out_to_dmz in interface outside

End

Write memory

Copy running-config startup-config

Clear configuration information:

Conf t

Clear configure all

Clear configure comman [level2 command]

End

=

Advanced Application of ASA-URL filtering

Conf t

Access-list tcp_filter1 permit tcp 192.168.201.0 255.255.255.240 any eq www

Class-map tcp_filter_class1

Match access-list tcp_filter1

Exit

Regex url1\ .sina\ .com

Class-map type regex match-any url_class1

Match regex url1

Exit

Class-map type inspect http http_url_class1

Match not request header host regex class url_class1

Exit

Policy-map type inspect http http_url_policy1

Class http_url_class1

Drop-connection log

Exit

Exit

Policy-map inside_http_url_policy

Class tcp_filter_class1

Inspect http http_url_policy1

Exit

Exit

Delete this line when service-policy inside_http_url_policy interface inside / / complete configuration

-

Access-list tcp_filter2 permit tcp any any eq www

Class-map tcp_filter_class2

Match access-list tcp_filter2

Exit

Regex url2\ .game\ .com

Class-map type regex match-any url_class2

Match regex url2

Exit

Class-map type inspect http http_url_class2

Match request header host regex class url_class2

Exit

Policy-map type inspect http http_url_policy2

Class http_url_class2

Drop-connection log

Exit

Exit

Policy-map inside_http_url_policy

Class tcp_filter_class2

Inspect http http_url_policy2

Exit

Exit

Service-policy inside_http_url_policy interface inside

-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration address network application advanced host information domain name basic configuration password interface traffic structure structure diagram routing remote management distribution experiment access management vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Linux OPPO Reno Shulou Tech Info Xiaomi vpn Apple MySQL Shulou Technology Microsoft Huawei Docker Shulou Information MariaDB Redmi macOS NVidia Linux OPPO Reno Shulou Tech Info Xiaomi vpn Apple MySQL Shulou Technology Microsoft Huawei Docker Shulou Information MariaDB Redmi macOS NVidia

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report