16-laboratoriya ishi tarmoq marshruzatorida dmz ni o’rnatish. Ishdan maqsad
Yüklə 485,89 Kb. Pdf görüntüsü
|
|
Ishni bajarish tartibi
1. Cisco packet tracer dasturi ishga tushiriladi. 2. Laboratoriya ishi uchun cisco 2960 kommutatori, 2911 marshruzatori, ASA0 5505 firewalli, server va kompyuterlar tanlanadi. 3. Quyida keltirilgan topologiya quriladi. 4. Qurilgan topologiya testlab ko`riladi. 16.1-rasm. Tadqiq qilinayotgan tarmoq topologiyasi ASA0 ga quyidagi buyruqlar ketma ketligi kiritiladi. ciscoasa>en ciscoasa#conf t ciscoasa#no dhcpd enable inside ciscoasa#no dhcpd address 192.168.1.5-192.168.1.36 inside ciscoasa(config)#interface vlan 1 ciscoasa(config-if)#ip address 192.168.100.1 255.255.255.0 ciscoasa(config-if)#exit ciscoasa(config)#dhcpd enable inside ciscoasa(config)#dhcpd address 192.168.100.22-192.168.100.50 inside ciscoasa(config)#dhcpd dns 8.8.8.8 ciscoasa(config)#interface vlan 2 ciscoasa(config-if)#ip address 195.158.18.18 255.255.255.0 ciscoasa(config-if)#exit ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 195.158.18.1 ciscoasa(config)#object network NAT ciscoasa(config-network-object)#subnet 192.168.100.0 255.255.255.0 ciscoasa(config-network-object)#nat (inside,outside) dynamic outside ciscoasa(config-network-object)#exit ciscoasa(config)#class-map qoida ciscoasa(config-if)#match default-inspection-traffic ciscoasa(config-if)#exit ciscoasa(config)#policy-map toplam ciscoasa(config)#class qoida ciscoasa(config)#inspect http ciscoasa(config)#inspect icmp ciscoasa(config)#exit ciscoasa(config)#service-policy toplam global ciscoasa(config)#exit ciscoasa(config)#enable salom ciscoasa(config)#username admin password tatu123 ciscoasa(config)#hostname ASA ASA(config)#domain-name tatu.uz ASA(config)#ssh 192.168.100.0 255.255.255.0 inside ASA(config)#aaa authentication ssh console LOCAL ASA(config)#aaa authentication telnet console LOCAL ASA(config)#ssh 8.8.8.8 255.255.255.255 outside ASA(config)#interface vlan 3 ASA(config-if)#no forward interface vlan 1 ASA(config-if)#nameif DMZ ASA(config-if)#ip address 192.168.70.1 255.255.255.0 ASA(config-if)#exit ASA(config)#interface vlan 3 ASA(config-if)#security-level 70 ASA(config-if)#exit ASA(config)#object network DMZ ASA(config-network-object)#nat (DMZ,outside) static 195.158.18.88 ASA(config-network-object)#exit ASA# ASA#conf t ASA(config)#access-list DMZ permit icmp any host 195.158.18.88 ASA(config)#access-group DMZ in interface outside ASA(config)#access-list DMZ permit tcp any host 195.158.10.88 eq www ASA(config)#end ROUTERga quyida buyruqlar ketma ketligi kiritiladi. continue with configuration dialog? [yes/no]: no Router>enable Router#conf t Router(config)#interface gigabitEthernet 0/1 Router(config-if)#no shutdown Router(config-if)#ip address 195.158.18.1 255.255.255.0 Router(config-if)#exit Router(config)#interface gigabitEthernet 0/0 Router(config-if)#no shutdown Router(config-if)#ip address 8.8.8.1 255.255.255.0 Router(config-if)#do wr |