asa防火墙简要手册（ASA firewall brief manual）.docVIP

asa防火墙简要手册（ASA firewall brief manual） ASA firewall brief manual Fu Yu summarized the data in September 29, 2011 View firewall features and licenses: Show version Show activation-key Enter the firewall license: #activation-key, 0 0 0 0 0 0Configure logical interfaces and add them to the appropriate VLAN Config#firewall vlan-group 1 10,20,39 Firewall module 3 vlan-group 1 Configure interface redundancy: Interface redundant 1 Member-interface Ethernet 0/1 Member-interface Ethernet 0/2 No shutdown View interface redundancy status: Show interface redundant 1 Configuration interface: ASA Interface g0/1 NameIf outside Speed 100 Duplex full Security-level 0 IP address FWSM: can only establish logical interfaces Firewall vlan-group 1 10,20,30 Firewall module 3 vlan-group 1 Exit Session slot 3 processor 1 Conf t NameIf VLAN 10 inside security100 NameIf VLAN 20 outside security 0 NameIf VLAN 30 DMZ security 50 IP, address, inside, , IP, address, outside, , IP, address, DMZ, , Obtain the IP address via the PPPOE protocol VPDN, username, ABC, password, ABC VPDN group 1 localname ABC VPDN group 1, PPP, authentication, chap VPDN group 1, request, dialout, PPPoE IP, address, outside, PPPoE, setroute Protect firewalls from VLAN hopping attacks Modify native VLAN to prevent attackers from entering the internal network as a springboard by default native VLAN 1 VLAN 20 Interface g0/1 SW trunk encap dot1q SW trunk native VLAN 20 SW mode trunk Configure static routing (administrative distance is 1) Route outside 1 points to ISP Route inside 1 Route inside 1 Configuring the ISP example: the public network IP mask given by a general operator is 30/, that is, a public network IP for the user, so I only write the static routing protocol. 2 ISP 00 (assuming Telecom) and 00 (assuming Unicom) Firewall intranet address: external: (config) #sla monitor 1 defines the SLA monitoring process (config-sla-monitor) #type, echo,