市网节目源防火墙Cisco 5520: 透明模式+允许UDP协议通过
2010-10-01 18:33
253 查看
#firewall transparent
#names
interface Ethernet0
nameif outside //名称必须配置,不然无法应用acl
security-level 0
interface Ethernet1
nameif inside
security-level 100
access-list 100 extended permit icmp any any
access-list 100 extended permit udp any any
access-group 100 in interface outside
access-group 100 out interface outside
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sh run:
ASA Version 7.2(4)
!
firewall transparent
hostname ShiwangTS
domain-name ShiwangTS.com
enable password E2IIjHaapicfW3YL level 1 encrypted
enable password tsjKg7JHkl3qMaXK encrypted
passwd tsjKg7JHkl3qMaXK encrypted
names
dns-guard
!
interface GigabitEthernet0/0
speed 1000
nameif outside
security-level 0
!
interface GigabitEthernet0/1
speed 1000
nameif inside
security-level 100
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
boot system disk0:/asa724-k8.bin
boot system disk0:/ASDM-524.BIN
boot system disk0:/disk0
ftp mode passive
dns server-group DefaultDNS
domain-name ShiwangTS.com
access-list 101 extended permit icmp any any
access-list 101 extended permit udp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 10.65.160.22 255.255.128.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/ASDM-524.BIN
no asdm history enable
arp timeout 14400
access-group 101 in interface outside
access-group 101 out interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 2
console timeout 0
username datapart password cmuSZjj2pzwasn8i encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:9a8f1e1f1d59cf2698c51597ca077bab
: end
本文出自 “默读坊” 博客,请务必保留此出处http://modufang.blog.51cto.com/662957/400112
#names
interface Ethernet0
nameif outside //名称必须配置,不然无法应用acl
security-level 0
interface Ethernet1
nameif inside
security-level 100
access-list 100 extended permit icmp any any
access-list 100 extended permit udp any any
access-group 100 in interface outside
access-group 100 out interface outside
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sh run:
ASA Version 7.2(4)
!
firewall transparent
hostname ShiwangTS
domain-name ShiwangTS.com
enable password E2IIjHaapicfW3YL level 1 encrypted
enable password tsjKg7JHkl3qMaXK encrypted
passwd tsjKg7JHkl3qMaXK encrypted
names
dns-guard
!
interface GigabitEthernet0/0
speed 1000
nameif outside
security-level 0
!
interface GigabitEthernet0/1
speed 1000
nameif inside
security-level 100
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
boot system disk0:/asa724-k8.bin
boot system disk0:/ASDM-524.BIN
boot system disk0:/disk0
ftp mode passive
dns server-group DefaultDNS
domain-name ShiwangTS.com
access-list 101 extended permit icmp any any
access-list 101 extended permit udp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 10.65.160.22 255.255.128.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/ASDM-524.BIN
no asdm history enable
arp timeout 14400
access-group 101 in interface outside
access-group 101 out interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 2
console timeout 0
username datapart password cmuSZjj2pzwasn8i encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:9a8f1e1f1d59cf2698c51597ca077bab
: end
本文出自 “默读坊” 博客,请务必保留此出处http://modufang.blog.51cto.com/662957/400112
相关文章推荐
- 思科6504交换机二层组播通过ASA透明模式防火墙
- 通过配置Windows 防火墙允许使用TCP/IP协议远程访问数据库
- 在linux下配置网桥透明模式防火墙
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 稳扎稳打Silverlight(55) - 4.0通信之对UDP协议的支持: 通过 UdpSingleSourceMulticastClient 实现 SSM(Source Specific Multicast),即“源特定多播”
- 稳扎稳打Silverlight(55) - 4.0通信之对UDP协议的支持: 通过 UdpSingleSourceMulticastClient 实现 SSM(Source Specific Multicast),即“源特定多播”
- 稳扎稳打Silverlight(55) - 4.0通信之对UDP协议的支持: 通过 UdpSingleSourceMulticastClient 实现 SSM(Source Specific Multicast),即“源特定多播”
- Windows 7系统如何设置允许程序或功能通过防火墙?
- 通过配置Windows 防火墙允许使用TCP/IP协议远程访问数据库
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 稳扎稳打Silverlight(54) - 4.0通信之对UDP协议的支持: 通过 UdpAnySourceMulticastClient 实现 ASM(Any Source Multicast),即“任意源多播”
- 使用一个简单的python脚本将一个本地文件以码流的形式,通过UDP协议发送到对端:
- 稳扎稳打Silverlight(55) - 4.0通信之对UDP协议的支持: 通过 UdpSingleSourceMulticastClient 实现 SSM(Source Specific Multicast),即“源特定多播”
- 稳扎稳打Silverlight(55) - 4.0通信之对UDP协议的支持: 通过 UdpSingleSourceMulticastClient 实现 SSM(Source Specific Multicast),即“源特定多播”
- 稳扎稳打Silverlight(55) - 4.0通信之对UDP协议的支持: 通过 UdpSingleSourceMulticastClient 实现 SSM(Source Specific Multicast),即“源特定多播”