ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# inspect icmp
ciscoasa(config-pmap-c)# int g0/0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# desc ##Inside##
ciscoasa(config-if)# ip add 10.1.1.254 255.255.255.0
ciscoasa(config-if)# nameif Inside
INFO: Security level for "Inside" set to 100 by default.
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# int g0/1
ciscoasa(config-if)# no shut
ciscoasa(config-if)# desc ##Outside_Onnected##
ciscoasa(config-if)# desc ##Outside_Connected##
ciscoasa(config-if)# nameif Outside
INFO: Security level for "Outside" set to 0 by default.
ciscoasa(config-if)# security-level 0
ciscoasa(config-if)# ip add 1.1.100.1 255.255.255.252
ciscoasa(config-if)# exit
ciscoasa(config)# int g0/2
ciscoasa(config-if)# no shu
ciscoasa(config-if)# desc ##DMZ_NET##
ciscoasa(config-if)# nameif DMZ
INFO: Security level for "DMZ" set to 0 by default.
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# ip add 10.1.2.254 255.255.255.0
ciscoasa(config-if)# exit
ciscoasa(config)# int management 0/0
ciscoasa(config-if)# no sh
ciscoasa(config-if)# nameif Management
INFO: Security level for "Management" set to 0 by default.
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# ip add 192.168.1.254 255.255.255.0
ciscoasa(config-if)# route Outside 0 0 1.1.100.2
CE(config)#ip route 0.0.0.0 0.0.0.0 f0/1 1.1.100.6
CE(config)#ip route 211.100.1.0 255.255.255.0 f0/0 1.1.100.1
pdf파일에는 ospf를 돌리라고 나와있는데 돌리면 안된다.
ISP(config-if)#ip route 1.1.100.0 255.255.255.252 f0/0 1.1.100.5
ISP(config)#ip route 211.100.1.0 255.255.255.0 f0/0 1.1.100.5
ISP(config)#ip route 0.0.0.0 0.0.0.0 f0/1 10.0.0.1
ISP(config)#ip access-list standard INGRESS
ISP(config-std-nacl)#permit 211.100.1.0 0.0.0.255
ISP(config-std-nacl)#permit 2.2.2.0 0.0.0.255
ISP(config-std-nacl)#exit
ISP(config)#ip nat inside source list INGRESS interface f0/1 overload
ISP(config)#int f0/1
ISP(config-if)#ip nat outside
ISP(config-if)#int range f1/0 , f0/0
ISP(config-if-range)#ip nat inside
ISP(config-if-range)#ip access-list standard INGRESS
ISP(config-std-nacl)#permit 1.1.100.0
DSW(config)#int f0/0
DSW(config-if)#ip add 10.1.1.2 255.255.255.0
DSW(config-if)#no shut
DSW(config-if)#ip route 0.0.0.0 0.0.0.0 f0/0 10.1.1.254
DSW(config)#int f0/0
DSW(config-if)#int loo0
DSW(config-if)#ip add 10.2.2.1 255.255.255.0
DSW(config-if)#do ping 10.0.0.1 //안된다. asa에서 nat를 돌리면 될거다.
//nat돌리기
ciscoasa(config)# object network Global_IP
ciscoasa(config-network-object)# range 211.100.1.1 211.100.1.254
ciscoasa(config-network-object)# exit
ciscoasa(config)# object network Inside_NET
ciscoasa(config-network-object)# subnet 10.1.1.0 255.255.255.0
ciscoasa(config-network-object)# nat (Inside,Outside) dynamic Global_IP
ping 10.0.0.1 로 날리면 날아간다..ㅎㅎ
ciscoasa(config-network-object)# clear configure object
ciscoasa(config)# object network Inside_NET
ciscoasa(config-network-object)# subnet 100.1.1.0 255.255.255.0
ciscoasa(config-network-object)# nat (Inside,Outside) dynamic interface
ciscoasa(config-network-object)# clear configure object
ciscoasa(config)# object network Inside_NET
ciscoasa(config-network-object)# show run object
object network Inside_NET
ciscoasa(config-network-object)# object network Inside_NET
ciscoasa(config-network-object)# subnet 10.1.1.0 255.255.255.0
ciscoasa(config-network-object)# nat (Inside,Outside) dynamic interface
ciscoasa(config-network-object)# object network DNS_SVR
ciscoasa(config-network-object)# host 10.1.2.250
ciscoasa(config-network-object)# nat (DMZ,Outside) static 211.100.1.250
====ASA는 안한걸로 치자=========
'네트워크 수업 > Docker' 카테고리의 다른 글
23.06.01 23.06.02 (0) | 2023.06.01 |
---|---|
23.05.30 L3스위치 연결 (0) | 2023.05.30 |
ASA 23.05.26 (0) | 2023.05.26 |
ASA 23.05.23 (0) | 2023.05.25 |
Cisco ASA Firewall 23.05.24 (0) | 2023.05.24 |
댓글