asa
ciscoasa(config)# interface gigabitEthernet 0
ciscoasa(config-if)# nameif outside
ciscoasa(config-if)# security-level 0
ciscoasa(config-if)# ip address 200.1.1.1 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# ex
ciscoasa(config)# interface gigabitEthernet 2
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# ip address 192.168.0.254 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# ex
ciscoasa(config)# interface gigabitEthernet 1
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# ip address 172.16.1.254 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# ex
IOU1
IOU1(config)#interface ethernet 0/0
IOU1(config-if)#duplex full
IOU1(config-if)#ip address 200.1.1.2 255.255.255.0
IOU1(config-if)#no shut
IOU1(config-if)#ex
IOU1(config)#int loo0
IOU1(config-if)#ip address 218.85.152.99 255.255.255.255
IOU1(config-if)#exit
IOU1(config)#username bdqn privilege 15 password benet
IOU1(config)#line vty 0 4
IOU1(config-line)#login local
IOU1(config-line)#transport input telnet
IOU1(config-line)#exit
IOU2
IOU2(config)#interface ethernet 0/0
IOU2(config-if)#duplex full
IOU2(config-if)#ip address 192.168.0.1 255.255.255.0
IOU2(config-if)#no shut
IOU2(config-if)#ex
IOU2(config)#int loo 0
IOU2(config-if)#ip address 192.168.1.11 255.255.255.255
IOU2(config-if)#exit
IOU2(config)#ip route 0.0.0.0 0.0.0.0 192.168.0.254
IOU2(config)#username bdqn privilege 15 password benet
IOU2(config)#line vty 0 4
IOU2(config-line)#login local
IOU2(config-line)#transport input telnet
IOU2(config-line)#exit
IOU3
IOU3(config)#interface ethernet 0/0
IOU3(config-if)#duplex f
IOU3(config-if)#duplex full
IOU3(config-if)#ip address 172.16.1.11 255.255.255.0
IOU3(config-if)#no shut
IOU3(config)#interface loopback 0
IOU3(config-if)#ip address 172.16.88.11 255.255.255.255
IOU3(config-if)#exit
IOU3(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.254
IOU3(config)#username bdqn privilege 15 password benet
IOU3(config)#line vty 0 4
IOU3(config-line)#login local
IOU3(config-line)#transport input telnet
IOU3(config-line)#exit
配置静态
ciscoasa(config)# route dmz 192.168.1.0 255.255.255.0 192.168.0.1
ciscoasa(config)# route inside 172.16.88.0 255.255.255.0 172.16.1.11
asa(config)# route outside 0 0 200.1.1.2
查看路由表
动态nat
asa(config)# object network out-1
asa(config-network-object)# range 200.1.1.10 200.1.1.20
asa(config-network-object)# exit
asa(config)# object network in-1
asa(config-network-object)# subnet 172.16.88.0 255.255.255.0
asa(config-network-object)# exit
asa(config)# object network in-2
asa(config-network-object)# subnet 172.16.1.0 255.255.255.0
asa(config-network-object)# exit
asa(config)# object network dmz-1
asa(config-network-object)# subnet 192.168.0.0 255.255.255.0
asa(config-network-object)# exit
asa(config)# object network dmz-2
asa(config-network-object)# subnet 192.168.1.0 255.255.255.0
asa(config-network-object)# exit
asa(config)# object-group network in-zu
asa(config-network-object-group)# network-object object in-1
asa(config-network-object-group)# network-object object in-2
asa(config-network-object-group)# exit
asa(config)# object-groupnet netw
asa(config)# object-group network dmz-zu
asa(config-network-object-group)# network-object object dmz-1
asa(config-network-object-group)# network-object object dmz-2
asa(config-network-object-group)# exit
PAT
asa(config)# nat (inside,outside) source dynamic in-zu out-1
asa(config)# nat (dmz,outside) source dynamic dmz-zu out-1
