VMWare 模擬 ASA 步驟.1
使用 VMware Server 2.0x 或 VMware Workstation 7.x
建立一虛擬機器 ASA 硬體配置如下
Other 2.6x Linux (32-bit)
Processors: 1
Memory: 256MB
Hard Disk1 (IDE 0:0) : Hard disk not valid(註)
Network Adapter 1: HostOnly (VMnet1)
Network Adapter 2: VMnet2
Network Adapter 3: Bridged
註: 先暫時建立 IDE 0:0 硬碟 8G 即可,不要使用 SCSI 界面的硬碟
VMWare 模擬 ASA 步驟.2
取得 asa.vmdk 硬碟檔案
複製(覆蓋)到虛擬機器 ASA 新建好的 vmdk 檔
開啟虛擬機器 ASA 出現以下畫面
本畫面無法作輸入控制
VMWare 模擬 ASA 步驟.3
使用 Telnet 方式連接 ASA
只能由 inside 界面作 Telnet 連接(預先設定)
inside 網路界面位址為 192.168.1.1 (預先設定)
因此必須將 UbuntuDesk 設定 IP 位址為 192.168.1.xx 來執行 Telnet 連線
如圖
ping 192.168.1.1
telnet 192.168.1.1
Password: cisco
enable Password: cisco
ASA設定檔
hostname ciscoasa
enable password cisco
names
passwd cisco
domain-name cnp.tw
ftp mode passive
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
no shutdown
interface Ethernet0/1
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
no shutdown
interface Ethernet0/2
nameif outside
security-level 0
ip address 140.137.214.161 255.255.255.0
no shutdown
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
dhcpd domain cnp.tw
dhcpd address 192.168.1.64-192.168.1.95 inside
dhcpd dns 168.95.1.1
dhcpd enable inside
dhcpd lease 3600
dhcpd ping_timeout 50
static default route
route outside 0.0.0.0 0.0.0.0 140.137.214.254
telnet 192.168.1.0 255.255.255.0 inside
passwd cisco
enable password cisco
access-list NONAT1 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list NONAT1
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 140.137.214.171-140.137.214.175 netmask 255.255.255.0
global (outside) 1 140.137.214.176 netmask 255.255.255.0
access-list NONAT2 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (dmz) 0 access-list NONAT2
nat (dmz) 2 192.168.2.0 255.255.255.0
global (outside) 2 140.137.214.177-140.137.214.179 netmask 255.255.255.0
global (outside) 2 140.137.214.180 netmask 255.255.255.0
static (dmz,outside) 140.137.214.162 192.168.2.200 netmask 255.255.255.255
access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit icmp any any time-exceeded
access-list 100 extended permit icmp any any unreachable
access-list 100 extended permit udp any any eq domain
access-list 100 extended permit tcp any host 140.137.214.162 eq www
access-list 100 extended permit tcp any host 140.137.214.162 eq ftp
access-list 100 extended permit tcp any host 140.137.214.162 eq smtp
access-list 100 extended permit tcp any host 140.137.214.162 eq pop3
access-group 100 in interface outside
access-list 120 extended permit icmp any any echo
access-list 120 extended permit icmp any any echo-reply
access-list 120 extended permit icmp any any time-exceeded
access-list 120 extended permit icmp any any unreachable
access-list 120 extended permit udp any any eq domain
access-group 120 in interface dmz
end
留言列表
