思路与配置
1.配置R1
2.配置云
interface GigabitEthernet0
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet1
nameif outside
security-level 0
ip address 200.8.8.6 255.255.255.248
interface GigabitEthernet2
nameif DMZ
security-level 50
ip address 192.168.3.254 255.255.255.0
route inside 10.1.1.0 255.255.255.0 192.168.1.1
route inside 10.2.2.0 255.255.255.0 192.168.1.1
3.配置client :
object network ob-in
subnet 10.2.2.0 255.255.255.0
nat (inside,outside) dynamic 200.8.8.4 (200.8.8.4为网段不用ip)
4.用client1访问server2
-------------------------------------------------------------------------------------------------------------
配置静态PAT
1.在实验一的基础上进行以下配置:
静态PAT:
object network ob-out
host 200.8.8.4
object network dmz01
host 192.168.3.100
nat(dmz,outside) static ob-out service tcp 80 80
object network dmz02
host 192.168.3.101
nat (dmz,outside)static ob-out service tcp 21 21
配置ACL
accecc-list out-to-dmz permit tcp any object dmz01 eq http
access-list out-to-dmz permit tcp any object dmz02 eq ftp
access-group out-to-dmz in interface outside
在client2上验证ftp
----------------------------------------------------------------------------------------------
远程ssh
配置云
hostname asa842
domain-name asadomain.com
crypto key generate rsa modulus 1024
ssh 0 0 outside
username ssh password cisco
aaa authentication ssh console LOCAL
配置vmnet8 ip:200.8.8.5 255.255.255.248 200.8.8.6
在crt 中连接 200.8.8.6
进入之后 输入 username : ssh
password:cisco
配置:
http server enable
http 0 0 outside
asdm image disk0:/asdm-64.9 bin
username cisco password cisco privilege15
先运行JAVA
浏览器中输入:http//:200.8.8.6
点击 Install ASDM Launcher 进入
输入 用户名:ssh
密码:cisco
就会弹出以下界面
输入 name:200.8.8.6
username:ssh
password:cisco
原文地址:http://blog.51cto.com/13567421/2068835