ASA#5_Cau hinh Zone-Based cơ bản - Phần 2
Sơ đồ:
Lưu ý: Dùng GNS3 để thực hiện Lab này.
Cấu hình đầy đủ:
ISP
Building configuration…
Current configuration : 1120 bytes
!
Hostname ISP
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
ip address 150.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no fair-queue
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 192.168.1.0 255.255.255.0 150.1.1.2
!
ip http server
no ip http secure-server
ip nat inside sourve list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 150.1.1.0 0.0.0.255
!
GATEWAY
Building configuration…
Current configuration : 1262 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GATEWAY
!
class-map type inspect match-any POLICY
match protocol tcp
match protocol udp
match protocol icmp
!
policy-map type inspect POLITY
class type inspect POLITY
inspect
class class-default
!
zone security PUBLIC
zone security PRIVATE
zone-pair security ZONE soure PRIVATE destination PUBLIC
service-policy type inspect POLITY
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
zone-member security PRIVATE
duplex auto
speed auto
!
interface FastEthernet0/0
ip address 150.1.1.2 255.255.255.0
zone security PUBLIC
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 150.1.1.1
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
Kiểm tra:
GATEWAY# show zone security
GATEWAY# show zone-pair security
Truy cập thành công những dịch vụ ngoài Internet như DNS, HTTP, SMTP, POP3, ICPM, …
GATEWAY# show policy-map type inspect zone-pair sessions
Lưu ý: Từ vùng PUBLIC vẫn có thể truy cập vào tấy cả các cổng của GATEWAY.
References
[1]http://www.mustbegeek.com/configure-ssh-access-in-cisco-asa/
[2]https://cuongquach.com/firewall-asa-bai-1-cau-hinh-co-ban.html
[3]https://learningnetwork.cisco.com/thread/76581
[4]Nhóm tác giả TT Tin học VNPro, CCSP LABPRO (ISCW, SNRS, IPS & CSMARS, SNAF & SNAA), NXB Thông tin & Truyền thông.