一.图纸

二.命令

ciscoasa>

ciscoasa> en

ciscoasa# conf t

ciscoasa(config)# int e0/0

ciscoasa(config-if)# nameif outside

ciscoasa(config-if)# ip add 202.106.0.1 255.255.255.0

ciscoasa(config-if)# no sh

ciscoasa(config-if)# exit

ciscoasa(config)# int e0/1

ciscoasa(config-if)# nameif inside

ciscoasa(config-if)# ip add 10.0.0.2 255.255.255.252

ciscoasa(config-if)# no sh

ciscoasa(config-if)# exit

配置对外网的默认路由

ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 202.106.0.2

配置对内网的静态路由

ciscoasa(config)# route inside 192.168.1.0 255.255.255.0 10.0.0.1

ciscoasa(config)# route inside 192.168.2.0 255.255.255.0 10.0.0.1

配置 动态nat  将内网俩个网段转换到 外网 202.106.0.10-202.106.0.20 的地址范围内

ciscoasa(config)# nat (inside) 1 192.168.0.0 255.255.0.0

ciscoasa(config)# global (outside) 1 202.106.0.10-202.106.0.20

查看nat 转换

ciscoasa(config)# exit

ciscoasa# show xlate detail

ciscoasa# conf t

删除动态 nat 配置 动态pat   将内网地址转换到 外网 202.106.0.100 的地址上

ciscoasa(config)# no global (outside) 1 202.106.0.10-202.106.0.20

ciscoasa(config)# global (outside) 1 202.106.0.100

删除动态 nat 配置 动态pat   将内网地址转换到 防火墙外网接口地址上

ciscoasa(config)# no global (outside) 1 202.106.0.100

ciscoasa(config)# global (outside) 1 interface

ciscoasa(config)# exit

ciscoasa#