Shulou(Shulou.com)06/02 Report--

Experimental report on basic configuration of Network Operation and maintenance ASA

Name: Li Jun Class: NTD1710 date: December 29, 2017

Experimental task

Verify that R1 can telnet to R2 and R3 Magi R3 can telnet to R2 but not telnet to R1 Magi R2 cannot telnet to R1 and R3

Train of thought and experimental steps

Set the port quota IP of RR correctly and enable the routing function

Enable

Configure terminal

Ip routing

Interface fastethernet 1/0

Ip address 172.16.1.1 255.255.255.0

No shutdown

Exit

Interface fastethernet 0/0

Ip address 4.4.4.2 255.255.255.0

No shutdown

Exit

Configure the IP address of the port on R2 and turn off the routing function

Enable

Configure terminal

No ip routing

Ip default-gateway 4.4.4.2

Interface fastethernet 0/0

Ip address 4.4.4.1 255.255.255.0

No shutdown

Configure the IP address of the port on R1 and turn off the routing function

Enable

Configure terminal

No ip routing

Ip default-gateway 10.1.1.254

Interface fastethernet 0/0

Ip address 10.1.1.1 255.255.255.0

No shutdown

Configure the IP address of the port on R3 and turn off the routing function

Enable

Configure terminal

No ip routing

Ip default-gateway 192.168.1.254

Interface fastethernet 0/0

Ip address192.168.1.1 255.255.255.0

No shutdown

First clear the configuration of the ASA firewall

Enable

Configure terminal

Clear configure all

Configure IP for ASA firewall ports and set priority and port name

Interface gigabitethernet 0

Ip address 10.1.1.254 255.255.255.0

Nameif inside

Security-level 100

No shutdown

Exit

Interface gigabitethernet 1

Ip address 172.16.1.254 255.255.255.0

Nameif outside

Security-level 0

No shutdown

Exit

Interface gigabitethernet 2

Ip address 192.168.1.254 255.255.255.0

Nameif DMZ

Security-level 50

No shutdown

Exit

Because the ASA firewall looks at the conn table, then the acl table, and then the priority when the traffic is accessed.

So you need to configure ACL

Access-list 100 extended permit ip any any

Access-list 100 extended permit ip host 172.16.1.0 any

Access-list 100 extended permit ip host 4.4.4.0 any

Access-group 100 in interface outside

Because the firewall on ASA does not have a 4.4.4.0 route

So you need to add a default route

Route outside 0.0.0.0 0.0.0.0 172.16.1.1

Because there is no route for R1 on RR

So you need to add a default route

Ip route 0.0.0.0 0.0.0.0 172.16.1.254

Turn on telnet and set the password on R2 and RR

Enable password 123456zzz

Line vty 0 4

Password 123456

Result verification verification and testing

Show conn detail

R1:

Ping 172.16.1.1

Ping 4.4.4.1

Telnet 172.16.1.1

Telnet 4.4.4.1

Problems and analysis

ICMP is not allowed to pass by default

Those with low priority cannot directly access those with higher priority.

ASA first check the conn table, then check the acl table and then check the priority

Li Jun tel:15135361516 Qq:344728662

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.