一,配置接口
配置外网口:
interface GigabitEthernet0/0 nameif outside 定义接口名字
security-level 0
ip address 111.160.45.147 255.255.255.240 设定ip noshut !
配置内网口:
interface GigabitEthernet0/1 nameif inside security-level 100 ip address 20.0.0.2 255.255.255.252 noshut 二,配置安全策略
access-list outside_acl extended permit icmp any any配置允许外网ping access-group outside_acl in interface outside 应用策略到outside口
access-list inside_access_in extended permit ip any any配置允许内网访问外网 access-group inside_access_in in interface inside应用到inside口 三,设置路由
route outside 0.0.0.0 0.0.0.0 111.160.45.145 1配置到出口的默认路由 route inside 10.1.0.0 255.255.0.0 20.0.0.1 1 配置到内网的静态路由 四,配置nat
object network nat_net配置需要nat的内网网段 subnet 0.0.0.0 0.0.0.0
nat (inside,outside) source dynamic nat_net interface配置使用出接口ip做转换ip 五,配置远程管理
配置telet管理:
telnet 0.0.0.0 0.0.0.0 outside telnet 0.0.0.0 0.0.0.0 inside telnet timeout 30 配置ssh管理:
crypto key generate rsa建立密钥并保存一次
wri
ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30 ssh version 1 配置用户名密码:
username admin password yfz4EIInjghXNlcu encrypted privilege 15