B-35
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix B Sample Configurations
Example 14: ASA 5505 Base License
switchport access vlan 2
no shutdown
interface ethernet 0/1
switchport access vlan 1
no shutdown
interface ethernet 0/2
switchport access vlan 1
no shutdown
interface ethernet 0/3
switchport access vlan 3
no shutdown
interface ethernet 0/4
switchport access vlan 3
no shutdown
interface ethernet 0/5
switchport access vlan 3
no shutdown
interface ethernet 0/6
description PoE for IP phone1
switchport access vlan 1
no shutdown
interface ethernet 0/7
description PoE for IP phone2
switchport access vlan 1
no shutdown
nat (inside) 1 0 0
nat (home) 1 0 0
global (outside) 1 interface
! The previous NAT statements match all addresses on inside and home, so you need to
! also perform NAT when hosts access the inside or home networks (as well as the outside).
! Or you can exempt hosts from NAT for inside <--> home traffic, as effected by the
! following:
access-list natexmpt-inside extended permit ip any 192.168.2.0 255.255.255.0
access-list natexmpt-home extended permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list natexmpt-inside
nat (home) 0 access-list natexmpt-home
http server enable
http 192.168.1.0 255.255.255.0 inside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational
ssh 192.168.1.0 255.255.255.0 inside
To Next Page
Loading...
