Shulou(Shulou.com)06/02 Report--

Experiment

Thinking and configuration

1. Configure g0

Interface g0

No shutdown

Nameif inside

Ip address 192.168.1.254 255.255.255.0

Security-level 100

Configure G1

Interface g1

No shutdown

Nameif outside

Ip address 192.168.8.254 255.255.255.0

Security-level 0

Configure G2

Interface g2

No shutdown

Nameif DMZ

Ip address 192.168.3.254 255.255.255.0

Security-level 50

two。 Configure AR1

Configure port 0 ip 192.168.1.1 255.255.255.0

Configure 1 port ip 10.1.1.254 255.255.255.0

Configure 2-port ip 10.2.2.254 255.255.255.0

Configure static floating rout

Ip route-static 0.0.0.0 0.0.0.0 192.168.1.254

3. Configure Cloud

Access-list out-to-in permit ip host 192.168.8.1 host 192.168.3.100

Access-group out-to-in in interface outside

At this time

DMZ publishes Web server, and client2 can access server3

Can be realized.

Configure routing entry

Route inside 10.1.1.0 255.255.255.0 192.168.1.1

Route inside 10.2.2.0 255.255.255.0 192.168.1.1

Use the command show conn detail to view conn

Configure FTP for server2

Configure FTP for server3

Configure client1 FTP

Configure client1 FTP

View show conn detail

View the routing tables of ASA and AR respectively

ASA:

AR1:

Configure Cloud

Access-list 111 deny tcp any host 192.168.3.1 eq 80

Access-group 111 in interface DMZ

Configure ACL to prevent client3 from accessing server2

=

Experiment: 1

Ideas and configuration:

1.

Enter crt

Before entering connect, clear the previous configuration:

Clear configuration all

Configure import safety level and ip

Interface g0

Nameif inside

No shutdown

Ip address 192.168.1.254

Securty-level 100

Interface g1

Nameif outside

No shutdown

Ip address 192.168.8.254

Securty-level 0

At this time, the experimental requirements can be met.

If you need client2 to access server1, you can configure ACL

Access-list out-to-in permit ip host 192.168.8.1 host 192.168.1.100

Source ip only

Access-list out-to-in permit ip host 192.168.8.0 host 192.168.1.100

For a network segment

Access-group out-to-in in interface outside

Experiment 2

Pc1ping to server 2/client 2

Configure ACL

Access-list ICMP permit icmp any any

Access-group ICMP in interface outside

Lab 3 configuring static and default rout

Configure R1

Port 0: ip 192.168.1.1 24

Port 1: ip 10.1.1.254 24

Port 2: ip 10.2.2.254 24

Configure Cloud

Route inside 10.1.1.0 255.255.255.0 192.168.1.1

Route inside 20.1.1.0 255.255.255.0 192.168.1.1

R1 configures static rout

Ip route-static 0.0.0.0 0.0.0.0 192.168.1.254

You can communicate with ping at this time.

Experiment 5 controls outbound link traffic and forbids outbound traffic of 10.1.1.0 Universe 24.

Configure ACL

Access-list in-to-out deny ip 10.1.1.0 255.255.55.0 any

Access-list in-to-out permit ip any any

Acess-group in-to-out in interface inside

At this time, the traffic of the 10.1.1.0 network segment cannot get out.

The PC can access the server.

Delete the dhcp configuration in the firewall first

No dhcp auto-config outside

No dhcp address 192.168.1.5-192.168.1.35 inside

No dhcp enable inside

No ip address dhcp

Configure ip 200.1.1.254 255.255.255.0 in vlan2

Configure port 0 as vlan1 and port 1 as vlan2

Configure ACL

Access-list 111 permit tcp any host 192.168.1.1 eq 80

Access-group 111 in interface outside

Experimental multi-area firewall

The configuration is based on the configuration of experiment 1.

Configuration

Interface g2

Nameif DMZ

No shutdown

Ip address 192.168.3.254 255.255.255.0

Security-level 50

High-level can access low-level, low-level can not access high-level

Client1 can access server2 server3

Client3 can access server3

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.