ASA個實現easy ***

1、規劃拓撲圖

2、開始基本配置

R1(ISP)
hostname ISP
interface FastEthernet0/0
ip address 100.0.0.2 255.255.255.0
no sh
interface FastEthernet0/1
ip address 200.0.0.1 255.255.255.0
no sh
interface FastEthernet1/0
ip address 200.0.1.1 255.255.255.0
no sh

ASA01：
ASA01(config)# inter e0/0
ASA01(config-if)# nameif outside
ASA01(config-if)# security-level 0
ASA01(config-if)# ip add 100.0.0.1 255.255.255.0
ASA01(config-if)# no sh
ASA01(config-if)# inter e0/1
ASA01(config-if)# nameif inside
ASA01(config-if)# security-level 100
ASA01(config-if)# ip add 192.168.100.1 255.255.255.0
ASA01(config-if)# no sh
ASA01(config-if)# exit
ASA01(config)# route outside 0 0 100.0.0.2
ASA01(config)# access-list permit_icmp permit icmp any any
ASA01(config)# access-group permit_icmp in interface outside

開始配置easy ***

ASA01(config)# username cisco password cisco
ASA01(config)# crypto isakmp enable outside
ASA01(config)# crypto isakmp policy 10
ASA01(config-isakmp-policy)# encryption 3des
ASA01(config-isakmp-policy)# hash sha
ASA01(config-isakmp-policy)# authentication pre-share
ASA01(config-isakmp-policy)# group 2
ASA01(config-isakmp-policy)# exit
ASA01(config)# ip local pool ***-pool 192.168.200.10-192.168.200.100 mask 255.255.255.0
ASA01(config)# access-list split-acl permit ip 192.168.100.0 255.255.255.0 any
ASA01(config)# group-policy test-group internal
ASA01(config)# group-policy test-group attributes
ASA01(config-group-policy)# split-tunnel-policy tunnelspecified
ASA01(config-group-policy)# split-tunnel-network-list value split-acl
ASA01(config-group-policy)# exit
ASA01(config)# tunnel-group ***-group type ipsec-ra
ASA01(config)# tunnel-group ***-group general-attributes
ASA01(config-tunnel-general)# address-pool ***-pool
ASA01(config-tunnel-general)# default-group-policy test-group
ASA01(config-tunnel-general)# exit
ASA01(config)# tunnel-group ***-group ipsec-attributes
ASA01(config-tunnel-ipsec)# pre-shared-key
ASA01(config-tunnel-ipsec)# exit
ASA01(config)# crypto ipsec transform-set ***-set esp-3des esp-sha-hmac
ASA01(config)# crypto dynamic-map ***-dymap 1 set transform-set ***-set
ASA01(config)# crypto map ***-stamap 1000 ipsec-isakmp dynamic ***-dymap
ASA01(config)# crypto map ***-stamap interface outside
ASA01(config)# exit

配置完成
在host3上進行連接！
撥號已經成功！！
在host3上可以
ping通host1 通過ip的方式訪問web服務器，通過dns方式不行

在ASA上：
group-policy test-group attributes
ASA01(config-group-policy)# split-dns value sina.com
ASA01(config-group-policy)# dns-server value 192.168.100.2
ok
ok

注意：
1、現在配置的內網地址爲：192.168.100.1，現在我們配置的地址池：***-pool 192.168.200.10-192.168.200.100，不在同一個網段
2、如果想配置爲何我們的內網地址爲同一個網段的也可以，但是在這個時候要在動態map的模式下配置反向路由注入
ASA01(config)# crypto dynamic-map ***-dymap 1 set reverse-route 就可以了，這和我們在路由器上配置的相同
在路由器上也是一樣的地址池的網段是否和內網的網段一致這個要注意

ASA個實現easy ***

R1(ISP)
hostname ISP
interface FastEthernet0/0
ip address 100.0.0.2 255.255.255.0
no sh
interface FastEthernet0/1
ip address 200.0.0.1 255.255.255.0
no sh
interface FastEthernet1/0
ip address 200.0.1.1 255.255.255.0
no sh

SQL優化-20231016

ASA個實現easy ***

centos安裝rpm報Header V3 DSA signature錯誤(yum安裝軟件)

用ASA931做SSL ***

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結

ASA個實現easy ***

R1(ISP)hostname ISPinterface FastEthernet0/0ip address 100.0.0.2 255.255.255.0no shinterface FastEthernet0/1ip address 200.0.0.1 255.255.255.0no shinterface FastEthernet1/0ip address 200.0.1.1 255.255.255.0no sh

R1(ISP)
hostname ISP
interface FastEthernet0/0
ip address 100.0.0.2 255.255.255.0
no sh
interface FastEthernet0/1
ip address 200.0.0.1 255.255.255.0
no sh
interface FastEthernet1/0
ip address 200.0.1.1 255.255.255.0
no sh