ciscoasa> enable
ciscoasa# configure terminal
ciscoasa(config)#
ciscoasa# show running-config
ciscoasa# show startup-config
ciscoasa# copy run start
ciscoasa# write memory
ciscoasa# copy tftp flash
ciscoasa#config term
ciscoasa(config)# boot system flash:/asa911-k8.bin
ciscoasa(config)# enable password Gh4w7$-s39fg#(!
ciscoasa(config)#username ciscoadmin password adminpassword privilege 15
ciscoasa(config)# hostname DATA-CENTER-FW
ciscoasa(config)# crypto key generate rsa modulus 2048
ciscoasa(config)#aaa authentication ssh console LOCAL
ciscoasa(config)#username admin password adminpassword privilege 15
ciscoasa(config)#ssh 192.168.1.10 255.255.255.255 inside
ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# nameif DMZ
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# no shutdown
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 100.1.1.1
ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 192.168.1.1
ciscoasa(config)# object network internal_lan
ciscoasa(config-network-object)# subnet 192.168.1.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
ciscoasa(config)# object network obj_any
ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
ciscoasa(config-network-object)# nat (any,outside) dynamic interface
ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host 192.168.1.1
ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1
ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host 192.168.1.1
ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1 service tcp 80 80
ciscoasa(config)# access-list OUTSIDE_IN extended permit tcp any host 192.168.1.1 eq 80
ciscoasa(config)# access-group OUTSIDE_IN in interface outside
ciscoasa(config)# access-list INSIDE_IN extended deny ip host 192.168.1.1 any
ciscoasa(config)# access-list INSIDE_IN extended permit ip any any
ciscoasa(config)# access-group INSIDE_IN in interface inside
ciscoasa(config)# object-group network WEB_SRV
ciscoasa(config-network)# network-object host 192.168.1.1
ciscoasa(config-network)# network-object host 192.168.1.2
ciscoasa(config)# object-group network DMZ_SUBNETS
ciscoasa(config-network)# network-object 10.1.1.0 255.255.255.0
ciscoasa(config-network)# network-object 10.2.2.0 255.255.255.0
ciscoasa(config)# object-group service DMZ_SERVICES tcp
ciscoasa(config-service)# port-object eq http
ciscoasa(config-service)# port-object eq https
ciscoasa(config-service)# port-object range 21 23
ciscoasa(config)# access-list OUTSIDE-IN extended permit tcp any object-group DMZ_SUBNETS object-group DMZ_SERVICES
ciscoasa(config)# interface gigabitethernet 0/1
ciscoasa(config-if)# no nameif
ciscoasa(config-if)# no security-level
ciscoasa(config-if)# no ip address
ciscoasa(config-if)# exit
ciscoasa(config)# interface gigabitethernet 0/1.1
ciscoasa(config-subif)# vlan 10
ciscoasa(config-subif)# nameif inside1
ciscoasa(config-subif)# security-level 80
ciscoasa(config-subif)# ip address 192.168.1.1 255.255.255.0
ciscoasa(config)# interface gigabitethernet 0/1.2
ciscoasa(config-subif)# vlan 20
ciscoasa(config-subif)# nameif inside2
ciscoasa(config-subif)# security-level 90
ciscoasa(config-subif)# ip address 192.168.2.1 255.255.255.0
ciscoasa# clock set 18:30:00 Aug 10 2016
ciscoasa(config)# clock timezone MST -7
ciscoasa(config)# clock summer-time MST recurring 1 Sunday April 2:00 last Sunday October 2:00
ciscoasa(config)# dhcpd address 192.168.1.101-192.168.1.110 inside
ciscoasa(config)# dhcpd dns 209.165.201.2 209.165.202.129
ciscoasa(config)# dhcpd enable inside
ciscoasa(config)# same-security-traffic permit inter-interface
ciscoasa(config)# same-security-traffic permit intra-interface
ciscoasa# show access-list OUTSIDE-IN
ciscoasa# show clock
ciscoasa# show conn
ciscoasa# show conn all
ciscoasa# show conn state up,http_get,h323,sip
ciscoasa# show conn count
ciscoasa# show cpu usage
ciscoasa# show crypto ipsec sa
ciscoasa# show crypto isakmp sa
ciscoasa# show disk
ciscoasa# show environment
ciscoasa# show failover
ciscoasa# show interface
ciscoasa# show local-host
ciscoasa# show memory
ciscoasa# show route
ciscoasa# show version
ciscoasa# show xlate
ciscoasa# configure terminal
ciscoasa(config)#
ciscoasa# show running-config
ciscoasa# show startup-config
ciscoasa# copy run start
ciscoasa# write memory
ciscoasa# copy tftp flash
ciscoasa#config term
ciscoasa(config)# boot system flash:/asa911-k8.bin
ciscoasa(config)# enable password Gh4w7$-s39fg#(!
ciscoasa(config)#username ciscoadmin password adminpassword privilege 15
ciscoasa(config)# hostname DATA-CENTER-FW
ciscoasa(config)# crypto key generate rsa modulus 2048
ciscoasa(config)#aaa authentication ssh console LOCAL
ciscoasa(config)#username admin password adminpassword privilege 15
ciscoasa(config)#ssh 192.168.1.10 255.255.255.255 inside
ciscoasa(config)# interface GigabitEthernet0/1
ciscoasa(config-if)# nameif DMZ
ciscoasa(config-if)# ip address 192.168.1.2 255.255.255.0
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# no shutdown
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 100.1.1.1
ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 192.168.1.1
ciscoasa(config)# object network internal_lan
ciscoasa(config-network-object)# subnet 192.168.1.0 255.255.255.0
ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
ciscoasa(config)# object network obj_any
ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0
ciscoasa(config-network-object)# nat (any,outside) dynamic interface
ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host 192.168.1.1
ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1
ciscoasa(config)# object network web_server_static
ciscoasa(config-network-object)# host 192.168.1.1
ciscoasa(config-network-object)# nat (DMZ , outside) static 100.1.1.1 service tcp 80 80
ciscoasa(config)# access-list OUTSIDE_IN extended permit tcp any host 192.168.1.1 eq 80
ciscoasa(config)# access-group OUTSIDE_IN in interface outside
ciscoasa(config)# access-list INSIDE_IN extended deny ip host 192.168.1.1 any
ciscoasa(config)# access-list INSIDE_IN extended permit ip any any
ciscoasa(config)# access-group INSIDE_IN in interface inside
ciscoasa(config)# object-group network WEB_SRV
ciscoasa(config-network)# network-object host 192.168.1.1
ciscoasa(config-network)# network-object host 192.168.1.2
ciscoasa(config)# object-group network DMZ_SUBNETS
ciscoasa(config-network)# network-object 10.1.1.0 255.255.255.0
ciscoasa(config-network)# network-object 10.2.2.0 255.255.255.0
ciscoasa(config)# object-group service DMZ_SERVICES tcp
ciscoasa(config-service)# port-object eq http
ciscoasa(config-service)# port-object eq https
ciscoasa(config-service)# port-object range 21 23
ciscoasa(config)# access-list OUTSIDE-IN extended permit tcp any object-group DMZ_SUBNETS object-group DMZ_SERVICES
ciscoasa(config)# interface gigabitethernet 0/1
ciscoasa(config-if)# no nameif
ciscoasa(config-if)# no security-level
ciscoasa(config-if)# no ip address
ciscoasa(config-if)# exit
ciscoasa(config)# interface gigabitethernet 0/1.1
ciscoasa(config-subif)# vlan 10
ciscoasa(config-subif)# nameif inside1
ciscoasa(config-subif)# security-level 80
ciscoasa(config-subif)# ip address 192.168.1.1 255.255.255.0
ciscoasa(config)# interface gigabitethernet 0/1.2
ciscoasa(config-subif)# vlan 20
ciscoasa(config-subif)# nameif inside2
ciscoasa(config-subif)# security-level 90
ciscoasa(config-subif)# ip address 192.168.2.1 255.255.255.0
ciscoasa# clock set 18:30:00 Aug 10 2016
ciscoasa(config)# clock timezone MST -7
ciscoasa(config)# clock summer-time MST recurring 1 Sunday April 2:00 last Sunday October 2:00
ciscoasa(config)# dhcpd address 192.168.1.101-192.168.1.110 inside
ciscoasa(config)# dhcpd dns 209.165.201.2 209.165.202.129
ciscoasa(config)# dhcpd enable inside
ciscoasa(config)# same-security-traffic permit inter-interface
ciscoasa(config)# same-security-traffic permit intra-interface
ciscoasa# show access-list OUTSIDE-IN
ciscoasa# show clock
ciscoasa# show conn
ciscoasa# show conn all
ciscoasa# show conn state up,http_get,h323,sip
ciscoasa# show conn count
ciscoasa# show cpu usage
ciscoasa# show crypto ipsec sa
ciscoasa# show crypto isakmp sa
ciscoasa# show disk
ciscoasa# show environment
ciscoasa# show failover
ciscoasa# show interface
ciscoasa# show local-host
ciscoasa# show memory
ciscoasa# show route
ciscoasa# show version
ciscoasa# show xlate
Comments
Post a Comment