一单位5505-K9 的配置

ASA Version 7.2(3)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface Vlan1
 nameif inside
security-level 85
ip address 192.168.1.1 255.255.255.0
interface Vlan2
 nameif outside
security-level 0
ip address 60.xxx.xxx.xxx  255.255.255.252
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2]

interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list 101 extended permit ip any any
access-list 101 extended permit tcp any host 60.xxx.xxx.xxx eq 8080
access-list 101 extended permit tcp any host 60.xxx.xxx.xxx eq smtp
access-list 101 extended permit tcp any host 60.xxx.xxx.xxx eq pop3
access-list inside_nat0_outside extended permit ip any 192.168.1.0 255.255.255.0
access-list 111 extended permit tcp any host 60.xxx.xxx.xxx eq 8080
access-list 111 extended permit tcp any host 60.xxx.xxx.xxx eq smtp
access-list 111 extended permit tcp any host 60.xxx.xxx.xxx eq pop3
access-list 111 extended permit tcp any host 60.xxx.xxx.xxx eq www
access-list 111 extended permit tcp any host 60.xxx.xxx.xxx eq ftp
access-list 111 extended permit tcp any host 60.xxx.xxx.xxx eq ftp-data
pager lines 24
mtu inside 1500
mtu outside 1400
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 8080 192.168.33.9 8080 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 192.168.33.9 smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 192.168.33.9 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www 192.168.33.10 www netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.33.10 ftp netmask 255.255.255.255
access-group 111 in interface outside
access-group 101 out interface outside
route inside 192.168.33.0 255.255.255.0 192.168.1.2 1
route outside 0.0.0.0 0.0.0.0 60.214.154.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
 inspect dns preset_dns_map
 inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
 inspect esmtp
 inspect sqlnet
  inspect sunrpc
 inspect tftp
 inspect sip
  inspect xdmcp
service-policy global_policy global
prompt hostname context