配置口:
interface GigabitEthernet0/0
nameif outside 定义接口名字
security-level 0
ip address 111.160.45.147 255.255.255.240 设定ip
no shut
!
配置内网口:
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 20.0.0.2 255.255.255.252
no shut
二,配置安全策略
access-list outside_acl extended permit icmp any any 配置允许ping
access-group outside_acl in interface outside 应用策略到outside口
access-list inside_access_in extended permit ip any any 配置允许内网访问
access-group inside_access_in in interface inside 应用到inside口
三,设置路由
route outside 0.0.0.0 0.0.0.0 111.160.45.145 1 配置到出口的默认路由
route inside 10.1.0.0 255.255.0.0 20.0.0.1 1 配置到内网的静态路由
四,配置nat
object network nat_net 配置需要nat的内网网段
subnet 0.0.0.0 0.0.0.0
nat (inside,outside) source dynamic nat_net interface 配置使用出接口ip做转换ip
五,配置远程管理
配置telet管理:
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 30
配置ssh管理:
crypto key generate rsa 建立密钥并保存一次
wri
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
ssh version 1
配置用户名密码:
username admin password yfz4EIInjghXNlcu encrypted privilege 15
Copyright © 2019-2025 51dongshi.net 版权所有
违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务
