防火墻FirewallsASA

創(chuàng)新互聯(lián)是一家集網(wǎng)站建設(shè),文水企業(yè)網(wǎng)站建設(shè),文水品牌網(wǎng)站建設(shè),網(wǎng)站定制,文水網(wǎng)站建設(shè)報(bào)價(jià),網(wǎng)絡(luò)營(yíng)銷,網(wǎng)絡(luò)優(yōu)化,文水網(wǎng)站推廣為一體的創(chuàng)新建站企業(yè)，幫助傳統(tǒng)企業(yè)提升企業(yè)形象加強(qiáng)企業(yè)競(jìng)爭(zhēng)力。可充分滿足這一群體相比中小企業(yè)更為豐富、高端、多元的互聯(lián)網(wǎng)需求。同時(shí)我們時(shí)刻保持專業(yè)、時(shí)尚、前沿，時(shí)刻以成就客戶成長(zhǎng)自我，堅(jiān)持不斷學(xué)習(xí)、思考、沉淀、凈化自己，讓我們?yōu)楦嗟钠髽I(yè)打造出實(shí)用型網(wǎng)站。

防火墻Firewalls ASA

實(shí)驗(yàn)：

1.思路：數(shù)據(jù)包的走向

2.要求：vlan互通，VRRP 內(nèi)網(wǎng)pat訪問外網(wǎng)，發(fā)布web服務(wù)器供外網(wǎng)訪問，

防火墻Firewalls ASA

讓sw1作根交換機(jī)

1.配置sw10 創(chuàng)建vlan10 20 100

1端口加入vlan10 2和3端口為trunk模式

防火墻Firewalls ASA

2.配置sw20 創(chuàng)建vlan10 20 40 100

1端口加入vlan100 3端口加入vlan40 2和4端口為trunk模式

防火墻Firewalls ASA

配置vlanif 10 ip：192.168.10.254 24

vlanif20 ip：192.168.20.254 24

vlanif40 ip：192.168.40.1 24

vlanif100 ip：192.168.100.254 24

防火墻Firewalls ASA

3.配置sw30 創(chuàng)建vlan10 20 50 100

1端口加入vlan20 3端口加入vlan50 2和4端口為trunk模式

防火墻Firewalls ASA

配置vlanif 10 ip：192.168.10.253 24

vlanif20 ip：192.168.20.253 24

vlanif50 ip：192.168.50.1 24

vlanif100 ip：192.168.100.253 24

防火墻Firewalls ASA

4.配置sw20 配置 vlan1的vrrp

vrrp vrid 10 virtual-ip 192.168.10.250

vrrp vrid 10 priority150

vrrp vrid 10 track interface g0/0/3 reduce 80

vrrp vrid 10 track interface g0/0/2 reduce 80

配置 vlan100的vrrp

vrrp vrid 100 virtual-ip 192.168.100.250

vrrp vrid 100 priority150

vrrp vrid 100 track interface g0/0/3 reduce 80

vrrp vrid 100 track interface g0/0/2 reduce 80

配置 vlan20的vrrp

vrrp vrid 20 virtual-ip 192.168.20.250

防火墻Firewalls ASA

5.配置sw30 配置 vlan10的vrrp

vrrp vrid 10 virtual-ip 192.168.20.250

配置 vlan20的vrrp

vrrp vrid 20 virtual-ip 192.168.20.250

vrrp vrid 20priority150

vrrp vrid 20 track interface g0/0/3 reduce 80

vrrp vrid 20 track interface g0/0/2 reduce 80

配置 vlan100的vrrp

vrrp vrid 100 virtual-ip 192.168.100.250

防火墻Firewalls ASA

6.配置sw20 配置rip

rip

version2

network 192.168.10.0

network 192.168.100.0

network 192.168.20.0

network 192.168.40.0

靜態(tài)浮動(dòng)路由

ip route-static 0.0.0.0 0.0.0.0 192.168.40.254

防火墻Firewalls ASA

7.配置sw30 配置rip

rip

version2

network 192.168.10.0

network 192.168.20.0

network 192.168.50.0

network 192.168.100.0

靜態(tài)浮動(dòng)路由

ip route-static 0.0.0.0 0.0.0.0 192.168.50.254

防火墻Firewalls ASA

8.配置防火墻

interface g0

nameif inside1

no shutdown

ip address 192.168.40.254 255.255.255.0

security-level 100

interface g1

nameif inside2

no shutdown

ip address 192.168.50.254 255.255.255.0

security-level 90

interface g2

nameif outside

no shutdown

ip address 200.8.8.1 255.255.255.252

security-level 0

防火墻Firewalls ASA

配置默認(rèn)路由

route inside1 192.168.10.0 255.255.255.0 192.168.40.1

route inside1 192.168.100.0 255.255.255.0 192.168.40.1

route inside2 192.168.20.0 255.255.255.0 192.168.50.1

route outside 200.1.1.0 255.255.255.0 200.8.8.2

防火墻Firewalls ASA

備份

route inside2 192.168.1.0 255.255.255.0 192.168.50.2

route inside2 192.168.100.0 255.255.255.0 192.168.50.2

route inside2 192.168.2.0 255.255.255.0 192.168.50.2

9.配置AR1

配置0端口ip：200.1.1.254 24

1端口ip：200.8.8.2 255.255.255.252

配置靜態(tài)浮動(dòng)路由

ip route-static 0.0.0.0 0.0.0.0 200.8.8.1

防火墻Firewalls ASA

10.在防火墻上配置靜態(tài)NAT

object network ob-in1

subnet 192.168.10.0 255.255.255.0

nat （inside1，outside）dynamic 119.1.1.1

object network ob-in2

subnet 192.168.20.0 255.255.255.0

nat （inside2，outside）dynamic 119.1.1.2

防火墻Firewalls ASA

此時(shí)client1和clent2 都可訪問公網(wǎng)ftp 并抓包查看內(nèi)網(wǎng)地址已轉(zhuǎn)化

防火墻Firewalls ASA

配置動(dòng)態(tài)PAT 使公網(wǎng)訪問內(nèi)網(wǎng)

object network ob-out

host 119.1.1.3

object network outside

host 200.1.1.1

nat （outside，inside1）static ob-out service tcp 80 80

防火墻Firewalls ASA

配置ACL

access-list out-to-ins permit tcp any object inside1 eq http

access-group out-to-ins in interface outside

文章名稱：防火墻FirewallsASA
標(biāo)題來源：http://m.jiaotiyi.com/article/gjipod.html

網(wǎng)站建設(shè)知識(shí)

防火墻FirewallsASA

其他資訊