parto da 0... impostazioni di fabbrica
Inviato: mer 05 dic , 2007 9:31 am
riparto da 0,
ora considerando che ho una linea adsl con alice e un ip statico e il getway del mio router è il 192.168.1.1 con subnet 255.255.255.0
che righe di comando devo dare?
grazie
Per me l'importante è far edere il firewall al router e far in maniera tale che tutto il traffico passi, dopo vado poi a configurare le security policy...
sh run timeo
: Savedlobal (
:t
ASA Version 7.2(3)
console
!i
hostname ciscoasa
dhcpd auto
enable password xxxxxxxxxxxxxxxxx
!
class-map inspection_default
namesecuti
!
interface Vlan1ault-inspection
nameif inside
security-level 100olicy-map type insp
no ip addressdns_map
!
interface Vlan2ng command: htt
nameif outside5.255.255.0 ins
security-level 0
ip address dhcp setroutexecuting command: dhcpd a
!r
interface Ethernet0/08.1.33 inside
switchport access vlan 2
!
interface Ethernet0/1 address or netmask n
!
interface Ethernet0/2.255.255)
!
interface Ethernet0/3
!
interface Ethernet0/4g command: dhcpd auto
!o
interface Ethernet0/5
!
interface Ethernet0/6ommand: dhcpd enable
!s
interface Ethernet0/7
n
!d
passwd 2KFQnbNIdI.2KYOU encryptedt
ftp mode passiveble command f
pager lin
: Saved
:
ASA
arp timeout 14400
!
global (outside) 1 interface
enable password Wq/s
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00rface Vlan1
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
no ip address
!
interface Vlan2
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00ress dhcp setroute
!
interface Ethernet0/0
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00rnet0/1
!
interface Ethernet0/2
!
i
timeout uauth 0:05:00 absolute
!
interface Ethern
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:fafc77c2f6ee0a3c41bb57bb9ab69293
: end
ciscoasa#
ora considerando che ho una linea adsl con alice e un ip statico e il getway del mio router è il 192.168.1.1 con subnet 255.255.255.0
che righe di comando devo dare?
grazie
Per me l'importante è far edere il firewall al router e far in maniera tale che tutto il traffico passi, dopo vado poi a configurare le security policy...
sh run timeo
: Savedlobal (
:t
ASA Version 7.2(3)
console
!i
hostname ciscoasa
dhcpd auto
enable password xxxxxxxxxxxxxxxxx
!
class-map inspection_default
namesecuti
!
interface Vlan1ault-inspection
nameif inside
security-level 100olicy-map type insp
no ip addressdns_map
!
interface Vlan2ng command: htt
nameif outside5.255.255.0 ins
security-level 0
ip address dhcp setroutexecuting command: dhcpd a
!r
interface Ethernet0/08.1.33 inside
switchport access vlan 2
!
interface Ethernet0/1 address or netmask n
!
interface Ethernet0/2.255.255)
!
interface Ethernet0/3
!
interface Ethernet0/4g command: dhcpd auto
!o
interface Ethernet0/5
!
interface Ethernet0/6ommand: dhcpd enable
!s
interface Ethernet0/7
n
!d
passwd 2KFQnbNIdI.2KYOU encryptedt
ftp mode passiveble command f
pager lin
: Saved
:
ASA
arp timeout 14400
!
global (outside) 1 interface
enable password Wq/s
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00rface Vlan1
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
no ip address
!
interface Vlan2
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00ress dhcp setroute
!
interface Ethernet0/0
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00rnet0/1
!
interface Ethernet0/2
!
i
timeout uauth 0:05:00 absolute
!
interface Ethern
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:fafc77c2f6ee0a3c41bb57bb9ab69293
: end
ciscoasa#