說明如何初如設定Cisco ASA 5500防火牆
##設定設備名稱及密碼
ciscoasa(config)# hostname ciscoasa
ciscoasa(config)# domain-name vivotek.tw
ciscoasa(config)# passwd cisco
ciscoasa(config)# enable password cisco
##設定inside
ciscoasa(config-if)# interface ethernet 0/1
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# ip address 192.168.0.1 255.255.255.0
ciscoasa(config-if)# no shutdown
##設定outside
ciscoasa(config)# interface ethernet 0/0
ciscoasa(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)# security-level 0
ciscoasa(config-if)# ip address 209.165.200.225 255.255.255.224
ciscoasa(config-if)# no shutdown
##設定dmz
ciscoasa(config-if)# interface ethernet 0/2
ciscoasa(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# ip address 192.168.100.1 255.255.255.0
ciscoasa(config-if)# no shutdown
##設定子接口(非必要)
ciscoasa(config)# interface ethernet 0/2.300
ciscoasa(config-subif)# vlan 300
ciscoasa(config-subif)# nameif dmz-web
ciscoasa(config-subif)# security-level 70
ciscoasa(config-subif)# ip address 192.168.200.1 255.255.255.0
ciscoasa(config-subif)# no shutdown
##查看interface內容
ciscoasa# show interface
##儲存設定
ciscoasa# wr
##啟用ASDM
ciscoasa(config)# asdm image disk0:/asdm-635.bin
指定使用的ASDM的版本
ciscoasa(config)# http server enable
因為下載ASDM需要透過Web,因此需要啟動ASA上的 Http Server
ciscoasa(config)# http 192.168.0.0 255.255.255.0 inside
只信任由192.168.0.0/24來的連線。
就可透過https://192.168.0.1/ 來下載ASDM
##啟用Telnet
ciscoasa(config)# telnet 192.168.0.0 255.255.255.0 inside
ciscoasa(config)# telnet timeout 5
##啟用SSH,預設的帳號:pix密碼:cisco
ciscoasa(config)# ssh 192.168.0.0 255.255.255.0 inside
啟用scp功能
ciscoasa(config)# ssh scopy enable
##設定時間
努力學習 