IOU1
IOU1(config)#interface ethernet 0/0
IOU1(config-if)#duplex full
IOU1(config-if)#ip address 10.1.1.1 255.255.255.0
IOU1(config-if)#no shut
IOU1(config-if)#ex
IOU1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254
IOU2
IOU2(config)#interface ethernet 0/0
IOU2(config-if)#duplex full
IOU2(config-if)#ip address 172.16.1.1 255.255.255.0
IOU2(config-if)#no shut
IOU2(config-if)#ex
IIOU2(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.254
asa
ciscoasa(config)# interface gigabitEthernet 0
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# ip address 10.1.1.254 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config)# interface gigabitEthernet 1
ciscoasa(config-if)# nameif outside
ciscoasa(config-if)# security-level 0
ciscoasa(config-if)# ip address 172.16.1.254 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# ex
验证在R1上可以telent到R2,R2不能telent到R1
配置acl
ciscoasa(config)# access-list pingbao permit icmp any any
ciscoasa(config)# access-group pingbao in interface outside
ciscoasa(config)# access-list telnetbao permit ip host 172.16.1.1 host 10.1.1.1
ciscoasa(config)# access-group telnetbao in interface outside
R1pingR2
