本次实验实验GNS3进行
需求描述
要求配置ASA的接口和ACL,并验证接口之间的通信
实验步骤:
配置路由器和ASA的接口,实现网络互通
分别配置R1和R2模拟PC,并启用Telnet,验证在R1上可以Telnet到R2,但在R2上不能Telnet到R1
使用show conn detail 命令查看conn表
测试在R1上能否ping通R2,然后配置ACL实现在R1上ping通R2
配置ACL实现在R2上Telnet到R1
拓扑图:
IOU1的配置
Configure terminal
Hostname R1
Interface ethernet 0/0
Duplex full
Ip address 10.1.1.1 255.255.255.0
No shutdown
Exit
Ip route 0.0.0.0 0.0.0.0 10.1.1.254
配置telnet
Username bdqn privilege 15 password 123
Line vty 0 4
Login local
Transport input telnet
exit
IOU2的配置
Configure terminal
Hostname
R2
Interface
ethernet 0/0
Duplex
full
Ip
address 172.16.1.1 255.255.255.0
No
shutdown
Exit
Ip route
0.0.0.0 0.0.0.0 172.16.1.254
配置telnet
Username bdqn privilege 15 password 123
Line vty 0 4
Login local
Transport input telnet
exit
ASA-1的配置
Enable
Configure terminal
Hostname ASA
Enable password asa802
Passwd cisco
Interface gigabitethernet 1
Nameif inside
Security-level 100
Ip address 10.1.1.254 255.255.255.0
No shutdown
Exit
Interface gigabitethernet 0
Nameif outside
Security-level 0
Ip address 172.16.1.254 255.255.255.0
No shutdown
Exit
ACL的配置
Access-list ping permit icmp any any
Access-group ping in interface outside
Access-list telnet permit ip host 172.16.1.1 host 10.1.1.1
Access-group telnet in interface outside
最后使用show命令查看