Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Firewall Firewalls ASA

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Experiment:

1. Idea: the trend of data packets

two。 Requirements: vlan interconnection, VRRP intranet pat access extranet, release web server for extranet access

Let sw1 be the root switch

1. Configure sw10 to create vlan10 20 100

Port 1 joins vlan10 and ports 2 and 3 are in trunk mode

two。 Configure sw20 to create vlan10 20 40 100

1 port join vlan100 3 port join vlan40 2 and 4 ports are in trunk mode

Configure vlanif 10 ip:192.168.10.254 24

Vlanif20 ip:192.168.20.254 24

Vlanif40 ip:192.168.40.1 24

Vlanif100 ip:192.168.100.254 24

3. Configure sw30 to create vlan10 20 50 100

1 port join vlan20 3 port join vlan50 2 and 4 ports are in trunk mode

Configure vlanif 10 ip:192.168.10.253 24

Vlanif20 ip:192.168.20.253 24

Vlanif50 ip:192.168.50.1 24

Vlanif100 ip:192.168.100.253 24

4. Configure sw20 configure vrrp for vlan1

Vrrp vrid 10 virtual-ip 192.168.10.250

Vrrp vrid 10 priority150

Vrrp vrid 10 track interface g0/0/3 reduce 80

Vrrp vrid 10 track interface g0/0/2 reduce 80

Configure vrrp for vlan100

Vrrp vrid 100 virtual-ip 192.168.100.250

Vrrp vrid 100 priority150

Vrrp vrid 100 track interface g0/0/3 reduce 80

Vrrp vrid 100 track interface g0/0/2 reduce 80

Configure vrrp for vlan20

Vrrp vrid 20 virtual-ip 192.168.20.250

5. Configure sw30 configure vrrp for vlan10

Vrrp vrid 10 virtual-ip 192.168.20.250

Configure vrrp for vlan20

Vrrp vrid 20 virtual-ip 192.168.20.250

Vrrp vrid 20priority150

Vrrp vrid 20 track interface g0/0/3 reduce 80

Vrrp vrid 20 track interface g0/0/2 reduce 80

Configure vrrp for vlan100

Vrrp vrid 100 virtual-ip 192.168.100.250

6. Configure sw20 configure rip

Rip

Version2

Network 192.168.10.0

Network 192.168.100.0

Network 192.168.20.0

Network 192.168.40.0

Static floating route

Ip route-static 0.0.0.0 0.0.0.0 192.168.40.254

7. Configure sw30 configure rip

Rip

Version2

Network 192.168.10.0

Network 192.168.20.0

Network 192.168.50.0

Network 192.168.100.0

Static floating route

Ip route-static 0.0.0.0 0.0.0.0 192.168.50.254

8. Configure the firewall

Interface g0

Nameif inside1

No shutdown

Ip address 192.168.40.254 255.255.255.0

Security-level 100

Interface g1

Nameif inside2

No shutdown

Ip address 192.168.50.254 255.255.255.0

Security-level 90

Interface g2

Nameif outside

No shutdown

Ip address 200.8.8.1 255.255.255.252

Security-level 0

Configure default rout

Route inside1 192.168.10.0 255.255.255.0 192.168.40.1

Route inside1 192.168.100.0 255.255.255.0 192.168.40.1

Route inside2 192.168.20.0 255.255.255.0 192.168.50.1

Route outside 200.1.1.0 255.255.255.0 200.8.8.2

Backup

Route inside2 192.168.1.0 255.255.255.0 192.168.50.2

Route inside2 192.168.100.0 255.255.255.0 192.168.50.2

Route inside2 192.168.2.0 255.255.255.0 192.168.50.2

9. Configure AR1

Configure port 0 ip:200.1.1.254 24

1 port ip:200.8.8.2 255.255.255.252

Configure static floating rout

Ip route-static 0.0.0.0 0.0.0.0 200.8.8.1

10. Configure static NAT on the firewall

Object network ob-in1

Subnet 192.168.10.0 255.255.255.0

Nat (inside1,outside) dynamic 119.1.1.1

Object network ob-in2

Subnet 192.168.20.0 255.255.255.0

Nat (inside2,outside) dynamic 119.1.1.2

At this point, both client1 and clent2 can access the public network ftp and grab packets to check that the private network address has been converted.

Configure dynamic PAT to enable the public network to access the private network

Object network ob-out

Host 119.1.1.3

Object network outside

Host 200.1.1.1

Nat (outside,inside1) static ob-out service tcp 80 80

Configure ACL

Access-list out-to-ins permit tcp any object inside1 eq http

Access-group out-to-ins in interface outside

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration Port routing static Mode floating Fire Protection Public Network Firewall switch dynamic address backup idea data Server Lab Service vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Docker Xiaomi Shulou Information MySQL vpn Redmi Shulou Technology OPPO Reno NVidia Apple Huawei Microsoft Shulou Tech Info Linux macOS MariaDB Docker Xiaomi Shulou Information MySQL vpn Redmi Shulou Technology OPPO Reno NVidia Apple Huawei Microsoft Shulou Tech Info Linux macOS

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report