ciscoasa# show run
ciscoasa# show running-config : Saved :
ASA Version 8.2(5) !
firewall transparent hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names !
interface GigabitEthernet0/0 nameif outside security-level 0 !
interface GigabitEthernet0/1 nameif inside security-level 100 !
interface GigabitEthernet0/2 shutdown no nameif no security-level !
interface GigabitEthernet0/3 shutdown no nameif no security-level !
interface Management0/0 shutdown no nameif no security-level management-only !
ftp mode passive
access-list out-in extended permit ip any any access-list out-in extended permit tcp any any access-list out-in extended permit icmp any any pager lines 24 mtu outside 1500 mtu inside 1500
ip address 13.84.2.4 255.255.255.0 no failover
icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400
access-group out-in in interface outside timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy no snmp-server location no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0
threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept !
class-map inspection_default match default-inspection-traffic ! !
policy-map type inspect dns preset_dns_map parameters
message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp
inspect sip inspect netbios inspect tftp inspect ip-options !
service-policy global_policy global prompt hostname context
call-home reporting anonymous prompt 2
Cryptochecksum:6fae7ccfbe0303270444551fa25a4cf7 : end
1.默认不含密码进去en模式直接回车
2.首先需要把防火墙模式设置为firewall transparent保存并且重启 3.conf 模式下 配置全局地址 必须为上下游同一vlan地址 4.接口设置nameif 和 security-level 5.设置access-list
6调用access-group out-in in interface outside
Cisco ASA5545-k8透明模式案例
