ASA5505透明模式下完全配置.docx

ASA5505透明模式下完全配置2008-08-01 13:04ciscoasa# show run: Saved:ASA Version 7.2(3) !firewall transparenthostname ciscoasadomain-name default.domain.invalidenable password 8Ry2YjIyt7RRXU24 encryptednames!interface Vlan1nameif insidesecurity-level 100!interface Vlan2nameif outsidesecurity-level 0!interface Ethernet0/0!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3! interface Ethernet0/4switchport access vlan 2!interface Ethernet0/5switchport access vlan 2!interface Ethernet0/6!interface Ethernet0/7!passwd 2KFQnbNIdI.2KYOU encryptedftp mode passivedns server-group DefaultDNSdomain-name default.domain.invalidaccess-list 111 extended permit tcp any any eq ftp-data access-list 111 extended permit tcp any any eq ssh access-list 111 extended permit tcp any any eq www access-list 111 extended permit tcp any any eq 8080 access-list 111 extended permit tcp any any eq 6600 access-list 111 extended permit tcp any any eq 7877 access-list 111 extended permit tcp any any range 2020 2121 access-list 111 extended permit tcp any any range 6800 6900 access-list 111 extended permit tcp any any range 5200 5400 access-list 111 extended permit icmp any any pager lines 24mtu inside 1500mtu outside 1500ip address 00 icmp unreachable rate-limit 1 burst-size 1asdm image disk0:/asdm-523.binno asdm history enablearp timeout 14400access-group 111 in interface outsidetimeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout uauth 0:05:00 absolutehttp server enablehttp insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstarttelnet insidetelnet timeout 5ssh timeout 5console timeout 0! class-map inspection_defaultmatch default-inspection-traffic!policy-map type inspect dns preset_dns_mapparametersmessage-length maximum 512policy-map global_policyclass inspection_defaultinspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy globalprompt hostname context Cryptochecksum:871ee08b54631ff021ad0c4a1a3db59d: endciscoasa# ciscoasa# ciscoasa# ciscoasa# ciscoasa# show verciscoasa# show version Cisco Adaptive Security Appliance Software Version 7.2(3) Device Manager Version 5.2(3)Compiled on Wed 15-Aug-07 16:08 by buildersSystem image file is disk0:/asa723-k8.binConfig file at boot was startup-configciscoasa up 5 mins 34 secsHardware: ASA5505, 256 MB RAM, CPU Geode 500 MHzInternal ATA Compact Flash, 128MBBIOS Flash M50FW080 0xffe00000, 1024KBEncryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)Boot microcode : CNlite-MC-Boot-Cisco-1.2SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03IPSec microcode : CNlite-MC-IPSECm-MAIN-2.040: Int: Internal-Data0/0 : address is 001e.4a39.b59d, irq 111: Ext: Ethernet0/0 : address is 001e.4a39.b595, irq 2552: Ext: Ethernet0/1 : address is 001e.4a39.b596, irq 2553: Ext: Ethernet0/2 : address is 001e.4a39.b597, irq 2554: Ext: Ethernet0/3 : address is 001e.4a39.b598, irq 2555: Ext: Ethernet0/4 : address is 001e.4a39.b599, irq 2556: Ext: Ethernet0/5 : address is 001e.4a39.b59a, irq 2557: Ext: Ethernet0/6 : address is 001e.4a39.b59b, irq 2558: Ext: Ethernet0/7 : address is 001e.4a39.b59c, irq 2559: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 25510: Int: Not used : irq 25511: Int: Not used : irq 255Licensed features for this platform:Maximum Physical Interfaces : 8 VLANs : 3, DMZ RestrictedInside Hosts : 10 Failover : DisabledVPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 10 WebVPN Peers : 2 Dual ISPs : Disabled VLAN Trunk Ports : 0 This platform has a Base license.Serial Number: JMX1145Z03DRunning Activation Key: 0x33184371 0x3cfb93d2 0xbc80d584 0x8efca824 0xcb0aadac Configuration register is 0x1Configuration has not been modified since last system restart.ciscoasa# ciscoasa# ciscoasa# ciscoasa# show inciscoasa# show interfaceInterface Vlan1 inside, is up, line protocol is upHardware is EtherSVIMAC address 001e.4a39.b59d, MTU 1500IP address , subnet mask 55Traffic Statistics for inside:48 packets input, 3275 bytes68 packets output, 3206 bytes3 packets dropped1 minute input rate 0 pkts/sec, 5 bytes/sec1 minute output rate 0 pkts/sec, 15 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 10 bytes/sec5 minute output rate 0 pkts/sec, 9 bytes/sec5 minute drop rate, 0 pkts/secInterface Vlan2 outside, is up, line protocol is upHardware is EtherSVIMAC address 001e.4a39.b59e, MTU 1500IP address , subnet mask 55Traffic Statistics for outside:113 packets input, 6686 bytes13 packets output, 855 bytes60 packets dropped1 minute input rate 0 pkts/sec, 26 bytes/sec1 minute output rate 0 pkts/sec, 5 bytes/sec1 minute drop rate, 0 pkts/sec5 minute input rate 0 pkts/sec, 18 bytes/sec5 minute output rate 0 pkts/sec, 2 bytes/sec5 minute drop rate, 0 pkts/secInterface Ethernet0/0 , is up, line protocol is upHardware is 88E6095, BW 100 MbpsAuto-Duplex(Full-duplex), Auto-Speed(100 Mbps)Available but not configured via nameifMAC address 001e.4a39.b595, MTU not setIP address unassigned25 packets input, 2547 bytes, 0 no bufferReceived 4 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops112 packets output, 7756 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/1 , is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 001e.4a39.b596, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/2 , is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 001e.4a39.b597, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/3 , is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 001e.4a39.b598, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/4 , is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 001e.4a39.b599, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/5 , is up, line protocol is upHardware is 88E6095, BW 100 MbpsAuto-Duplex(Full-duplex), Auto-Speed(100 Mbps)Available but not configured via nameifMAC address 001e.4a39.b59a, MTU not setIP address unassigned113 packets input, 8726 bytes, 0 no bufferReceived 97 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops13 packets output, 1089 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collisions, 0 deferred0 lost carrier, 0 no carrier0 rate limit drops0 switch egress policy dropsInterface Ethernet0/6 , is down, line protocol is downHardware is 88E6095, BW 100 MbpsAuto-Duplex, Auto-SpeedAvailable but not configured via nameifMAC address 001e.4a39.b59b, MTU not setIP address unassigned0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 L2 decode drops0 switch ingress policy drops0 pac