目录

一.图纸

二.命令


一.图纸

二.命令

ciscoasa>
ciscoasa> en
ciscoasa# conf t
ciscoasa(config)# int e0/0
ciscoasa(config-if)# nameif outside
ciscoasa(config-if)# ip add 202.106.0.1 255.255.255.0
ciscoasa(config-if)# no sh
ciscoasa(config-if)# exit

ciscoasa(config)# int e0/1
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# ip add 10.0.0.2 255.255.255.252
ciscoasa(config-if)# no sh
ciscoasa(config-if)# exit

配置对外网的默认路由
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 202.106.0.2

配置对内网的静态路由
ciscoasa(config)# route inside 192.168.1.0 255.255.255.0 10.0.0.1
ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 10.0.0.1

配置 动态nat  将内网俩个网段转换到 外网 202.106.0.10-202.106.0.20 的地址范围内
ciscoasa(config)# nat (inside) 1 192.168.0.0 255.255.0.0
ciscoasa(config)# global (outside) 1 202.106.0.10-202.106.0.20

查看nat 转换
ciscoasa(config)# exit
ciscoasa# show xlate detail

ciscoasa# conf t
删除动态 nat 配置 动态pat   将内网地址转换到 外网 202.106.0.100 的地址上
ciscoasa(config)# no global (outside) 1 202.106.0.10-202.106.0.20
ciscoasa(config)# global (outside) 1 202.106.0.100

删除动态 nat 配置 动态pat   将内网地址转换到 防火墙外网接口地址上
ciscoasa(config)# no global (outside) 1 202.106.0.100
ciscoasa(config)# global (outside) 1 interface
ciscoasa(config)# exit
ciscoasa#                   

                                   

12-06 17:04