CISCO - ASA5510 - 防火墙配置手册

255.255.255.255

static (inside,outside) tcp interface 5080 192.168.16.246 5080 netmask 255.255.255.255

static (inside,outside) tcp interface 10100 192.168.16.246 10100 netmask 255.255.255.255

static (inside,outside) udp interface 3201 192.168.16.246 3201 netmask 255.255.255.255

static (inside,outside) tcp interface 8080 192.168.16.249 8080 netmask 255.255.255.255

static (inside,outside) tcp interface 82 192.168.16.251 82 netmask 255.255.255.255

static (inside,outside) tcp interface 83 192.168.16.252 83 netmask 255.255.255.255

static (inside,outside) tcp interface 16000 192.168.16.251 16000 netmask 255.255.255.255

static (inside,outside) tcp interface 15000 192.168.16.252 15000 netmask 255.255.255.255

static (inside,outside) tcp interface 8088 192.168.16.251 8088 netmask 255.255.255.255

static (inside,outside) tcp interface 211 192.168.16.251 211 netmask 255.255.255.255

static (inside,outside) tcp interface 9099 192.168.16.252 9099 netmask 255.255.255.255

static (inside,outside) tcp interface 8000 192.168.16.249 8000 netmask 255.255.255.255

static (inside,outside) tcp interface 7777 192.168.16.254 7777 netmask 255.255.255.255

static (inside,outside) udp interface 6661 192.168.16.40 6661 netmask 255.255.255.255

static (inside,outside) tcp interface 8500 192.168.16.251 8500 netmask

255.255.255.255

static (inside,outside) tcp interface 8600 192.168.16.251 8600 netmask 255.255.255.255

static (inside,outside) tcp interface 8081 192.168.16.1 8081 netmask 255.255.255.255

static (inside,outside) tcp interface 3389 192.168.16.254 3389 netmask 255.255.255.255

static (inside,outside) tcp interface 8001 192.168.16.249 8001 netmask 255.255.255.255

static (inside,outside) tcp interface www 192.168.16.254 www netmask 255.255.255.255 dns

access-group 120 in interface outside access-group 200 in interface inside route outside 0.0.0.0 0.0.0.0 219.139.50.1 1 route inside 192.18.16.0 255.255.255.0 192.168.1.2 1 route inside 192.168.3.0 255.255.255.0 192.168.10.2 1 route inside 192.168.4.0 255.255.255.0 192.168.10.2 1 route inside 192.168.5.0 255.255.255.0 192.168.10.2 1 route inside 192.168.6.0 255.255.255.0 192.168.10.2 1 route inside 192.168.7.0 255.255.255.0 192.168.10.2 1 route inside 192.168.8.0 255.255.255.0 192.168.10.2 1 route inside 192.168.9.0 255.255.255.0 192.168.10.2 1 route inside 192.168.11.0 255.255.255.0 192.168.10.2 1 route inside 192.168.16.0 255.255.255.0 192.168.10.2 1 route inside 192.168.21.0 255.255.255.0 192.168.10.2 1 route inside 192.168.31.0 255.255.255.0 192.168.10.2 1 route inside 192.168.41.0 255.255.255.0 192.168.10.2 1 route inside 192.168.51.0 255.255.255.0 192.168.10.2 1 route inside 192.168.61.0 255.255.255.0 192.168.10.2 1 route inside 192.168.71.0 255.255.255.0 192.168.10.2 1

route inside 192.168.100.0 255.255.255.0 192.168.10.2 1 timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy http server enable

http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet 192.168.0.0 255.255.0.0 inside telnet timeout 5 ssh timeout 5 console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management !

threat-detection basic-threat

threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn !

class-map inspection_default match default-inspection-traffic !

!

policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp !

service-policy global_policy global prompt hostname context

Cryptochecksum:8be70372fa840cf34638dc522883d306 : end