实验拓扑
ISP配置
1 2 3 4 5
| inter g0/0 ip add 1.1.1.1 255.255.255.248 inter g0/1 ip add 2.1.1.1 255.255.255.248
|
AF1配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| 公网接口配置 inter g0/0 nameif outside ip add 1.1.1.1 255.255.255.248 内网接口配置 inter g0/1 nameif inside ip add 10.1.1.1 255.255.255.248 内网网络对象配置 object network user_network subnet 10.2.1.0 255.255.255.0 nat (inside,outside) dynamic interface //对此网段地址做源地址转换,转换地址为出接口地址 策略配置(ACL) access-list InToOut extended permit ip object user_network any access-list InToOut extended permit icmp any any 将策略应用在接口 access-group InToOut in interface outside 路由配置 route outside 0.0.0.0 0.0.0.0 1.1.1.1 route inside 10.2.1.0 255.255.255.0 10.1.1.2
|
SW1配置
1 2 3 4 5 6 7 8 9 10
| 上联接口配置 int g0/0 ip add 10.1.1.2 255.255.255.248 本地网络配置 inter lookbacp ip add 10.2.1.254 255.255.255.0 上网验证 ping 1.1.1.1 source 10.2.1.254 echo !!!!!
|
备注
ASA版本: 9.x
ISP模拟运营商设备,不能配置回程路由!!!!!!!!