ASA防火墙最基本配置
hostname zlcasa
enable password zlc
interface GigabitEthernet0/0 nameif outside security-level 0 ip address
interface GigabitEthernet0/1 nameif DMZ security-level 50 ip address
interface GigabitEthernet0/2 nameif inside security-level 100 ip address !
interface Ethernet0/0 nameif outside security-level 0
ip address 192.168.0.254 255.255.255.0 !
interface Ethernet0/1 nameif DMZ security-level 50 no ip address !
interface Ethernet0/2 nameif inside security-level 100
ip address 172.16.1.1 255.255.255.0 !
condui per icmp any any
global (outside) 8 interface
nat (inside) 8 172.16.0.0 255.255.0.0 route outside 0.0.0.0 0.0.0.0 192.168.16.1
access-list pericmp extended permit icmp any any
access-group pericmp in interface outside access-group pericmp in interface inside
pix打开snmp 和设置镜像端口
pixfirewall(config)# sh snmp
snmp-server host inside 192.168.0.5 \安装了MRTG和SOLARWINDS的WIN2003服务器地址
snmp-server location 192.168.0.1 \的内网端口地址 snmp-server contact liuxiang@thsoft.cn
snmp-server community cisco \指定团体?--我不明白是做什么用的 snmp-server enable traps \允许管理信息发送
monitor session 1 source interface Fa0/24 镜像端口 monitor session 1 destination interface Fa0/9 源端口