Router1 F1/0 <----> XPC P0/1
Router(config-if)#ip add 200.2.2.254 255.255.255.0
Router(config-if)#no sh
Router(config-if)#int f1/0
Router(config-if)#ip add 200.0.0.1 255.255.255.252
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#ip route 200.1.1.248 255.255.255.248 200.0.0.2
ASA(config)# domain-name asa.com
ASA(config)# enable password cisco
ASA(config)# passwd cisco
ASA(config-if)# nameif inside
ASA(config-if)# security-level 100
ASA(config-if)# ip add 192.168.0.254 255.255.255.0
ASA(config-if)# no sh
ASA(config-if)# int e0/1
ASA(config-if)# nameif outside
ASA(config-if)# security-level 0
ASA(config-if)# ip add 200.0.0.2 255.255.255.252
ASA(config-if)# no sh
ASA(config-if)# int e0/2
ASA(config-if)# nameif dmz
ASA(config-if)# security-level 50
ASA(config-if)# ip add 192.168.1.254 255.255.255.0
ASA(config-if)# no sh
ASA(config-if)# route outside 0.0.0.0 0.0.0.0 200.0.0.1
ASA(config)# ssh timeout 30
ASA(config)# ssh version 2
ASA(config)# global (outside) 1 int
ASA(config)# global (dmz) 1 192.168.1.100-192.168.1.110
允许外网Out主机访问dmz的Web服务器设置:
ASA(config)# static (dmz,outside) 200.1.1.253 192.168.1.1
ASA(config)# access-list out_to_dmz permit tcp any host 200.1.1.253 eq www
ASA(config)# access-group out_to_dmz in int outside
允许内网主机PC1ping外网out主机的设置:
ASA(config)# access-list 111 permit icmp any any echo-reply
ASA(config)# access-list 111 permit icmp any any unreachable
ASA(config)# access-list 111 permit icmp any any time-exceeded
ASA(config)# access-group 111 in int outside