关于防火墙Cisco ASA5520 的一些配置
来源:互联网 发布:二律背反 知乎 编辑:程序博客网 时间:2024/06/06 10:52
-----------如何装ASDM WEB HTTPS服务---------------------
asdm image disk0:/asdm-6475.bin
asdm history enable
http 0 0 outside
http 0 0 inside(内网只需这个)
http server enbale
asdm history enable
http 0 0 outside
http 0 0 inside(内网只需这个)
http server enbale
另外,必须IE8一下浏览器,必须Java装1.4.2版本,太新的没用,到100%就不会动了
-------------------------------------------------ACL规则语句---------------------------------
ASA防火墙要开放80 8080 8088等7个端口,然后有6台服务器开放
这样子是不是每个服务器地址都要做映射
配置是不是应该这样做
static (inside,outside)172.16.2.110 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.130 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.140 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.150 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.211 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.221 xxx.xxx.xxx.xxx netmask 255.255.255.255
access-list 101 extended permit tcp any host 172.16.2.110 eq 80
access-list 101 extended permit tcp any host 172.16.2.110 eq 8080
access-list 101 extended permit tcp any host 172.16.2.110 eq 8088
access-list 101 extended permit tcp any host 172.16.2.110 eq 4050
access-list 101 extended permit tcp any host 172.16.2.110 eq 5050
access-list 101 extended permit tcp any host 172.16.2.110 eq 554
access-list 101 extended permit tcp any host 172.16.2.110 eq 7554
access-list 102 extended permit tcp any host 172.16.2.130 eq 80
access-list 102 extended permit tcp any host 172.16.2.130 eq 8080
access-list 102 extended permit tcp any host 172.16.2.130 eq 8088
access-list 102 extended permit tcp any host 172.16.2.130 eq 4050
access-list 102 extended permit tcp any host 172.16.2.130 eq 5050
access-list 102 extended permit tcp any host 172.16.2.130 eq 554
access-list 102 extended permit tcp any host 172.16.2.130 eq 7554
access-list 103 extended permit tcp any host 172.16.2.140 eq 80
access-list 103 extended permit tcp any host 172.16.2.140 eq 8080
access-list 103 extended permit tcp any host 172.16.2.140 eq 8088
access-list 103 extended permit tcp any host 172.16.2.140 eq 4050
access-list 103 extended permit tcp any host 172.16.2.140 eq 5050
access-list 103 extended permit tcp any host 172.16.2.140 eq 554
access-list 103 extended permit tcp any host 172.16.2.140 eq 7554
access-list 104 extended permit tcp any host 172.16.2.150 eq 80
access-list 104 extended permit tcp any host 172.16.2.150 eq 8080
access-list 104 extended permit tcp any host 172.16.2.150 eq 8088
access-list 104 extended permit tcp any host 172.16.2.150 eq 4050
access-list 104 extended permit tcp any host 172.16.2.150 eq 5050
access-list 104 extended permit tcp any host 172.16.2.150 eq 554
access-list 104 extended permit tcp any host 172.16.2.150 eq 7554
access-list 105 extended permit tcp any host 172.16.2.211 eq 80
access-list 105 extended permit tcp any host 172.16.2.211 eq 8080
access-list 105 extended permit tcp any host 172.16.2.211 eq 8088
access-list 105 extended permit tcp any host 172.16.2.211 eq 4050
access-list 105 extended permit tcp any host 172.16.2.211 eq 5050
access-list 105 extended permit tcp any host 172.16.2.211 eq 554
access-list 105 extended permit tcp any host 172.16.2.211 eq 7554
access-list 106 extended permit tcp any host 172.16.2.221 eq 80
access-list 106 extended permit tcp any host 172.16.2.221 eq 8080
access-list 106 extended permit tcp any host 172.16.2.221 eq 8088
access-list 106 extended permit tcp any host 172.16.2.221 eq 4050
access-list 106 extended permit tcp any host 172.16.2.221 eq 5050
access-list 106 extended permit tcp any host 172.16.2.221 eq 554
access-list 106 extended permit tcp any host 172.16.2.221 eq 7554
int f0/0
access-group 101 in interface outside
access-group 102 in interface outside
access-group 103 in interface outside
access-group 104 in interface outside
access-group 105 in interface outside
access-group 106 in interface outside
这样子是不是每个服务器地址都要做映射
配置是不是应该这样做
static (inside,outside)172.16.2.110 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.130 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.140 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.150 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.211 xxx.xxx.xxx.xxx netmask 255.255.255.255
static (inside,outside)172.16.2.221 xxx.xxx.xxx.xxx netmask 255.255.255.255
access-list 101 extended permit tcp any host 172.16.2.110 eq 80
access-list 101 extended permit tcp any host 172.16.2.110 eq 8080
access-list 101 extended permit tcp any host 172.16.2.110 eq 8088
access-list 101 extended permit tcp any host 172.16.2.110 eq 4050
access-list 101 extended permit tcp any host 172.16.2.110 eq 5050
access-list 101 extended permit tcp any host 172.16.2.110 eq 554
access-list 101 extended permit tcp any host 172.16.2.110 eq 7554
access-list 102 extended permit tcp any host 172.16.2.130 eq 80
access-list 102 extended permit tcp any host 172.16.2.130 eq 8080
access-list 102 extended permit tcp any host 172.16.2.130 eq 8088
access-list 102 extended permit tcp any host 172.16.2.130 eq 4050
access-list 102 extended permit tcp any host 172.16.2.130 eq 5050
access-list 102 extended permit tcp any host 172.16.2.130 eq 554
access-list 102 extended permit tcp any host 172.16.2.130 eq 7554
access-list 103 extended permit tcp any host 172.16.2.140 eq 80
access-list 103 extended permit tcp any host 172.16.2.140 eq 8080
access-list 103 extended permit tcp any host 172.16.2.140 eq 8088
access-list 103 extended permit tcp any host 172.16.2.140 eq 4050
access-list 103 extended permit tcp any host 172.16.2.140 eq 5050
access-list 103 extended permit tcp any host 172.16.2.140 eq 554
access-list 103 extended permit tcp any host 172.16.2.140 eq 7554
access-list 104 extended permit tcp any host 172.16.2.150 eq 80
access-list 104 extended permit tcp any host 172.16.2.150 eq 8080
access-list 104 extended permit tcp any host 172.16.2.150 eq 8088
access-list 104 extended permit tcp any host 172.16.2.150 eq 4050
access-list 104 extended permit tcp any host 172.16.2.150 eq 5050
access-list 104 extended permit tcp any host 172.16.2.150 eq 554
access-list 104 extended permit tcp any host 172.16.2.150 eq 7554
access-list 105 extended permit tcp any host 172.16.2.211 eq 80
access-list 105 extended permit tcp any host 172.16.2.211 eq 8080
access-list 105 extended permit tcp any host 172.16.2.211 eq 8088
access-list 105 extended permit tcp any host 172.16.2.211 eq 4050
access-list 105 extended permit tcp any host 172.16.2.211 eq 5050
access-list 105 extended permit tcp any host 172.16.2.211 eq 554
access-list 105 extended permit tcp any host 172.16.2.211 eq 7554
access-list 106 extended permit tcp any host 172.16.2.221 eq 80
access-list 106 extended permit tcp any host 172.16.2.221 eq 8080
access-list 106 extended permit tcp any host 172.16.2.221 eq 8088
access-list 106 extended permit tcp any host 172.16.2.221 eq 4050
access-list 106 extended permit tcp any host 172.16.2.221 eq 5050
access-list 106 extended permit tcp any host 172.16.2.221 eq 554
access-list 106 extended permit tcp any host 172.16.2.221 eq 7554
int f0/0
access-group 101 in interface outside
access-group 102 in interface outside
access-group 103 in interface outside
access-group 104 in interface outside
access-group 105 in interface outside
access-group 106 in interface outside
- 关于防火墙Cisco ASA5520 的一些配置
- IDC防火墙配置CISCO ASA5520
- 某集团公司cisco ASA5520的全配置
- Cisco ASA防火墙SSL VPN的配置
- 配置cisco pix防火墙的syslog
- cisco ASA5510防火墙配置
- CISCO防火墙端口映射配置
- cisco防火墙ipsec配置
- 防火墙的一些配置
- CISCO ASA5520 与SMTP问题
- 关于cisco日志的配置
- 关于cisco日志的配置
- 如何配置Cisco PIX防火墙
- 如何配置Cisco PIX防火墙
- Cisco路由器防火墙配置模板
- Cisco IOS防火墙的安全规则和配置方案
- Cisco.ASA硬件防火墙的基本配置命令介绍
- cisco asa(asa5510 设置)防火墙的配置详解
- 查看Android源码版本
- hibernate的内置方法Hql查询
- CareerCup-1.2
- mssql 查看语句运行时间异常的原因(SQLServer)
- 二分图的最小路径覆盖,最大独立集,最大团,支配数之间关系证明
- 关于防火墙Cisco ASA5520 的一些配置
- MP算法和OMP算法及其思想
- loadrunner C语言 实现sha1加密
- deb
- Flex的Popup在PureMVC中的数据传出
- C#.net 地图控件开发(十二) 第一阶段总结,附代码示例
- NYOJ130 相同的雪花
- Flex popup的陷阱
- 苹果键盘快捷键图标
