今天刚拿到的!!回头在仔细看看,先给点测试配置!!!!SNMP 外面没OK,外部SSH 没OK! 其余简单的功能都OK!!! 听说PIX 7.0上的版本支持透明模式,没时间测试!只做了最简单的需要.... ASA Version 7.2(2)
!
hostname SCZQ-5505
domain-name www.sczq.com.cn
enable password xxx encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.6.39 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxx encrypted boot system disk0:/asa722-k8.bin
boot system disk0:/flash
ftp mode passive
dns server-group DefaultDNS
domain-name www.sczq.com.cn
access-list 101 extended permit icmp any any
access-list 101 extended permit tcp any host XXX.113.40.87 eq 7709
access-list 101 extended permit tcp any host XXX.113.40.87 eq ssh
access-list 101 extended permit tcp any host XXX.113.40.88 eq 7711
access-list 101 extended permit tcp any any eq pcanywhere-data
access-list 101 extended permit udp any any eq pcanywhere-status
access-list 101 extended permit tcp any host 192.168.6.41 eq www
access-list 101 extended permit udp any any eq snmp
access-list 101 extended permit udp any any eq snmptrap
access-list 102 extended permit icmp any any access-list 101 extended deny tcp any any access-list 101 extended deny udp any any
pager lines 24
logging enable
logging buffer-size 51200
logging monitor debugging
logging buffered debugging
logging history alerts
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
static (inside,outside) 192.168.6.41 10.10.10.3 netmask 255.255.255.255
static (inside,outside) 220.113.40.87 10.10.10.10 netmask 255.255.255.255
static (inside,outside) 220.113.40.88 10.10.10.11 netmask 255.255.255.255
static (inside,outside) 220.113.40.89 10.10.10.12 netmask 255.255.255.255
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.6.254 1
route outside 0.0.0.0 0.0.0.0 220.113.40.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http XXX.207.153.0 0.0.0.31 outside
http 10.10.10.0 255.255.255.0 inside
snmp-server host outside 192.168.6.35 community xxxx ( 不能处理,郁闷)
no snmp-server location
no snmp-server contact
snmp-server community xxxx (^_^)
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet 124.207.153.0 255.255.255.0 outside (没用,外部HTTP 还不错)
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcprelay timeout 60
class-map type inspect dns match-all preset_dns_map
class-map type inspect http match-all http
class-map type inspect h323 match-all h225
class-map type inspect h323 match-all ras
class-map type inspect ftp match-all ftp
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2041c501a8af16a33ca24ec3af7ac2c0
: end | 
IP卡
狗仔卡
发表于 2008-5-12 00:59:52
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡