实验拓扑:
1、配置ip、loo0接口
ASA:
- ciscoasa(config)# interface gigabitEthernet 0
- ciscoasa(config-if)# nameif outside
- ciscoasa(config-if)# security-level 0
- ciscoasa(config-if)# ip address 10.0.12.2 255.255.255.0
- ciscoasa(config-if)# no shu
- ciscoasa(config-if)# ex
- ciscoasa(config)# interface gigabitEthernet 2
- ciscoasa(config-if)# nameif dmz
- ciscoasa(config-if)# security-level 50
- ciscoasa(config-if)# ip address 10.0.31.2 255.255.255.0
- ciscoasa(config-if)# no shu
- ciscoasa(config-if)# ex
- ciscoasa(config)# interface gigabitEthernet 1
- ciscoasa(config-if)# nameif inside
- ciscoasa(config-if)# security-level 100
- ciscoasa(config-if)# ip address 10.0.21.1 255.255.255.0
- ciscoasa(config-if)# no shu
- ciscoasa(config-if)# ex
IOU1:
- IOU1(config)#interface ethernet 0/0
- IOU1(config-if)#duplex full
- IOU1(config-if)#ip address 10.0.12.1 255.255.255.0
- IOU1(config-if)#no shutdown
- IOU1(config-if)#ex
- IOU1(config)#INTerface LOO0
- IOU1(config-if)#IP ADDress 1.1.1.1 255.255.255.255
- IOU1(config-if)#EX
IOU2:
- IOU2(config)#interface ethernet 0/0
- IOU2(config-if)#duplex full
- IOU2(config-if)#ip address 10.0.21.2 255.255.255.0
- IOU2(config-if)#no shutdown
- IOU2(config-if)#ex
- IOU2(config)#INTerface LOO0
- IOU2(config-if)#IP ADDress 2.2.2.2 255.255.255.255
- IOU2(config-if)#EX
IOU3:
- IOU3(config)#interface ethernet 0/0
- IOU3(config-if)#duplex full
- IOU3(config-if)#ip address 10.0.31.1 255.255.255.0
- IOU3(config-if)#no shutdown
- IOU3(config-if)#ex
- IOU3(config)#INTerface LOO0
- IOU3(config-if)#IP ADDress 3.3.3.3 255.255.255.255
- IOU3(config-if)#EX
2、配置默认和静态路由
ASA:
- ciscoasa(config)# ROUTE OUTside 1.1.1.0 255.255.255.0 10.0.12.1
- ciscoasa(config)# ROUTE DMZ 3.3.3.0 255.255.255.0 10.0.31.1
- ciscoasa(config)# ROUTE INside 2.2.2.2 255.255.255.0 10.0.21.2
IOU2:
- IOU2(config)#IP ROUTE 0.0.0.0 0.0.0.0 10.0.21.1
IOU3:
- IOU3(config)#IP ROUTE 0.0.0.0 0.0.0.0 10.0.31.2
3、配置动态NAT
ASA:
- asa(config)# object network out-pool
- asa(config-network-object)# range 10.0.12.10 10.0.12.20
- asa(config-network-object)# ex
- asa(config)# object network in-ld
- asa(config-network-object)# subnet 10.0.31.0 255.255.255.0
- asa(config-network-object)# ex
- asa(config)# object network in-xd
- asa(config-network-object)# subnet 3.3.3.0 255.255.255.0
- asa(config-network-object)# ex
- asa(config)# object network dmz-1
- asa(config-network-object)# subnet 10.0.21.0 255.255.255.0
- asa(config-network-object)# ex
- asa(config)# object network dmz-2
- asa(config-network-object)# subnet 2.2.2.0 255.255.255.0
- asa(config-network-object)# ex
- asa(config)# object-group network in-lan
- asa(config-network-object-group)# network-object object in-ld
- asa(config-network-object-group)# network-object object in-xd
- asa(config-network-object-group)# ex
- asa(config)# object-group network dmz-lan
- asa(config-network-object-group)# network-object object dmz-1
- asa(config-network-object-group)# network-object object dmz-2
- asa(config-network-object-group)# ex
- asa(config)# nat (inside,outside) source dynamic dmz-lan out-pool
- asa(config)# nat (dmz,outside) source dynamic in-lan out-pool
4、配置telnet
IOU1:
- IOU1(config)#username bdqn privilege 15 password 123456
- IOU1(config)#line vty 0 4
- IOU1(config-line)#login local
- IOU1(config-line)#transport input telnet
IOU2:
- IOU2(config)#username bdqn privilege 15 password 123456
- IOU2(config)#line vty 0 4
- IOU2(config-line)#login local
- IOU2(config-line)#transport input telnet
IOU3:
- IOU3(config)#username bdqn privilege 15 password 123456
- IOU3(config)#line vty 0 4
- IOU3(config-line)#login local
- IOU3(config-line)#transport input telnet
telnet 10.0.12.1查看
再使用show xlate 查看xlate表
