實(shí)驗(yàn)網(wǎng)絡(luò)結(jié)構(gòu)圖：
DNS Server--------(outside)ASA-Firewall(inside)-------LAN Client
      |
   DMZ-WEB-Server
---------------------------------------------------
IP地址分配
外網(wǎng)：210.10.10.0/30
內(nèi)網(wǎng)：192.168.210.0/24
DMZ： 192.168.202.0/24
----------------------------------------------------
ASA基本配置：
配置主機(jī)名、域名和密碼
配置接口
配置路由
配置遠(yuǎn)程管理接入
為出站流量配置網(wǎng)絡(luò)地址轉(zhuǎn)換
配置ACL

成都創(chuàng)新互聯(lián)公司主營(yíng)平南網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司,主營(yíng)網(wǎng)站建設(shè)方案,app開(kāi)發(fā)定制,平南h5小程序開(kāi)發(fā)搭建,平南網(wǎng)站營(yíng)銷(xiāo)推廣歡迎平南等地區(qū)企業(yè)咨詢(xún)

enable
conf t
hostname ASA5520
domain-name lpq.com
enable password ASA5520
passwd cisco

conf t
interface e0/0
nameif outside
security-level 0
ip address 210.10.10.2 255.255.255.0
no shutdown
exit

interface e0/1
nameif inside
security-level 100
ip address 192.168.201.1 255.255.255.0
no shutdown
exit

interface e0/2
nameif dmz
security-level 50
ip address 192.168.202.1 255.255.255.0
no shutdown
exit

route outside 0.0.0.0 0.0.0.0 210.10.10.1
end
show route

conf t
telnet 192.168.201.0 255.255.255.0 inside
telnet timeout 15

crypto key generate rsa modulus 1024
ssh 192.168.201.0 255.255.255.0 inside
ssh 0 0 outside
ssh timeout 30
ssh version 2
username ASA5520 password cisco
aaa authertication ssh console LOCAL
passwd aaa

http server enable 8008
http 192.168.201.0 255.255.255.0 inside
http 0 0 outside
http 0 0 inside
asdm p_w_picpath disk0:/asdm-615.bin
username admin password admin privilege 15
----------------------------------------------------------------

access-list 111 extended permit icmp any any
access-list 111 permit ip any any

access-group 111 in inter outside
access-group 111 in inter inside
access-group 111 in inter dmz

access-list testacl deny ip 192.168.201.33 255.255.255.255 any
access-list testacl permit ip any any

access-group testacl in inter inside
--------------------------------------------
nat-control
nat (inside) 1 0 0
global (outside) 1 interface
global (dmz) 1 192.168.202.100-192.168.202.110

static (dmz,outside) 210.10.10.10.2 192.168.202.2
access-list out_to_dmz permit tcp any host 210.10.10.2 eq 80
access-group out_to_dmz in interface outside

end
write memory
copy running-config startup-config

清除配置信息：
conf t
clear configure all
clear configure comman [level2 command]
end
===========================================
ASA的高級(jí)應(yīng)用-URL過(guò)濾

conf t
access-list tcp_filter1 permit tcp 192.168.201.0 255.255.255.240 any eq www

class-map tcp_filter_class1
match access-list tcp_filter1
exit

regex url1 \.sina\.com

class-map type regex match-any url_class1
match regex url1
exit

class-map type inspect http http_url_class1
match not request header host regex class url_class1
exit

policy-map type inspect http http_url_policy1
class http_url_class1
drop-connection log
exit
exit

policy-map inside_http_url_policy
class tcp_filter_class1
inspect http http_url_policy1
exit
exit

service-policy inside_http_url_policy interface inside //完整配置時(shí)刪除此行
----------------

access-list tcp_filter2 permit tcp any any eq www

class-map tcp_filter_class2
match access-list tcp_filter2
exit

regex url2 \.game\.com
class-map type regex match-any url_class2
match regex url2
exit

class-map type inspect http http_url_class2
match request header host regex class url_class2
exit

policy-map type inspect http http_url_policy2
class http_url_class2
drop-connection log
exit
exit

policy-map inside_http_url_policy
class tcp_filter_class2
inspect http http_url_policy2
exit
exit

service-policy inside_http_url_policy interface inside

---------------------------------------

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無(wú)理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性?xún)r(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專(zhuān)為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

本文題目：ASA--常見(jiàn)應(yīng)用配置-創(chuàng)新互聯(lián)
網(wǎng)站鏈接：http://weahome.cn/article/phshs.html