Cisco ASA Series Firewall 策略路由配置.doc

《Cisco ASA Series Firewall 策略路由配置.doc》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

1、CiscoASASeriesFirewall策略路由配置First,weneedtoconfigureinterfaces.ciscoasa(config)#interfaceGigabitEthernet0/0ciscoasa(config-if)#noshutdownciscoasa(config-if)#nameifinsideciscoasa(config-if)#ipaddress10.1.1.1255.255.255.0ciscoasa(config)#interfaceGigabitEthernet0/1ciscoasa(config-if)

2、#noshutdownciscoasa(config-if)#nameifoutside-1ciscoasa(config-if)#ipaddress192.168.6.5255.255.255.0ciscoasa(config)#interfaceGigabitEthernet0/2ciscoasa(config-if)#noshutdownciscoasa(config-if)#nameifoutside-2ciscoasa(config-if)#ipaddress172.16.7.6255.255.255.0Then,weneedtoconfigur

3、eanaccess-listformatchingthetraffic.ciscoasa(config)#access-listacl-1permitip10.1.0.0255.255.0.0ciscoasa(config)#access-listacl-2permitip10.2.0.0255.255.0.0Weneedtoconfigurearoute-mapbyspecifyingtheaboveaccess-listasmatchcriteriaalongwiththerequiredsetactions.ciscoasa(config)#rout

4、e-mapequal-accesspermit10ciscoasa(config-route-map)#matchipaddressacl-1ciscoasa(config-route-map)#setipnext-hop192.168.6.6ciscoasa(config)#route-mapequal-accesspermit20ciscoasa(config-route-map)#matchipaddressacl-2ciscoasa(config-route-map)#setipnext-hop172.16.7.7ciscoasa(config)#

5、route-mapequal-accesspermit30ciscoasa(config-route-map)#setipinterfaceNull0Now,thisroute-maphastobeattachedtoaninterface.ciscoasa(config)#interfaceGigabitEthernet0/0ciscoasa(config-if)#policy-routeroute-mapequal-accessTodisplaythepolicyroutingconfiguration.ciscoasa(config)#showpol

6、icy-routeInterfaceRoutemapGigabitEthernet0/0equal-access