hostname ciscoasa #配置主机名
domain-name default.domain.invalid
enable password oRmx3R1CItyN8X6z encrypted #密码
passwd oRmx3R1CItyN8X6z encrypted
names
dns-guard
!
interface Ethernet0/0 #进入接口命令
nameif outside #配置接口名称
security-level 0 #配置接口安全等级
ip address 125.125.125.2 255.255.255.128 #配置接口IP地址
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.255.1 255.255.255.0
management-only
!
ftp mode passive
access-list in-server extended permit icmp any any #充许ping
access-list in-server extended permit ip any interface outside
access-list in-server extended permit ip any host 125.125.125.3 #开放125.125.125.3上的所有端口
access-list in-server extended permit tcp any host 125.125.125.4 eq 3389 #开放125.125.12.4 上的3389端口
access-list in-server extended permit tcp any host 125.125.12.4 eq www #开放125.125.12.4 上的80端口
domain-name default.domain.invalid
enable password oRmx3R1CItyN8X6z encrypted #密码
passwd oRmx3R1CItyN8X6z encrypted
names
dns-guard
!
interface Ethernet0/0 #进入接口命令
nameif outside #配置接口名称
security-level 0 #配置接口安全等级
ip address 125.125.125.2 255.255.255.128 #配置接口IP地址
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.255.1 255.255.255.0
management-only
!
ftp mode passive
access-list in-server extended permit icmp any any #充许ping
access-list in-server extended permit ip any interface outside
access-list in-server extended permit ip any host 125.125.125.3 #开放125.125.125.3上的所有端口
access-list in-server extended permit tcp any host 125.125.125.4 eq 3389 #开放125.125.12.4 上的3389端口
access-list in-server extended permit tcp any host 125.125.12.4 eq www #开放125.125.12.4 上的80端口
access-list in-server extended permit tcp any host 125.125.125.4 range ftp ftp-data #开放125.125.12.4 上的ftp端口 20 21
global (outside) 1 interface #配置外部接口
nat (inside) 1 192.168.1.0 255.255.255.0 #配置nat转换
static (inside,outside) 125.125.125.4 192.168.1.16 netmask 255.255.255.255 #配置外部地址与内部地址映射
access-group in-server in interface outside
route outside 0.0.0.0 0.0.0.0 61.186.254.129 1 #配置路由
nat (inside) 1 192.168.1.0 255.255.255.0 #配置nat转换
static (inside,outside) 125.125.125.4 192.168.1.16 netmask 255.255.255.255 #配置外部地址与内部地址映射
access-group in-server in interface outside
route outside 0.0.0.0 0.0.0.0 61.186.254.129 1 #配置路由
write #保存run-config到start-confg
copy startup-config startup-config-09-5-30 #备份配置文件
