实验要求:
配置ASA的接口,路由和ACL,并验证接口之间的通信。
实验环境:
实验配置:
(路由器接口和静态路由配置略,可参见本人其他博客)
ASA配置:
enable
config terminal
int g0
nameif outside
security-level 0
ip address 172.16.1.1 255.255.255.0
no shutdown
int g1
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0
no shutdown
int g2
nameif dmz
security-level 50
ip address 192.168.1.1 255.255.255.0
no shutdown
exit
route outside 172.16.2.0 255.255.255.0 172.16.1.2
启用Telnet(路由器通用):
username bdqn privilege 15 password 123.123
line vty 0 4
login local
transport input telnet
exit
R1、R3、R4互相Telnet:
查看Conn表:
查看ASA和R2路由表:
配置ACL禁止在R3上Telenet到R4并验证:
ASA:
access-list t deny tcp 192.168.1.0 255.255.255.0 172.16.2.0 255.255.255.0 eq 23
access-group t in interface dmz
配置完成,实验结束
(如有疏漏,还请读者指出)