Cisco ASA Acls: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
Zeile 2: Zeile 2:
 
;[[Cisco Asa ping freischalten]]
 
;[[Cisco Asa ping freischalten]]
 
=Traffic vom Lan ins Internet begrenzen=
 
=Traffic vom Lan ins Internet begrenzen=
ciscoasa# configure terminal                                    
+
;access-list bilden
*access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq www  
+
*ciscoasa# configure terminal
*access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq smtp  
+
*ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq www  
*access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq domain  
+
*ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq smtp  
*access-list acl-in-out extended permit udp 172.18.122.0 255.255.255.0 any eq domain  
+
*ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq domain  
*access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq https  
+
*ciscoasa(config)# access-list acl-in-out extended permit udp 172.18.122.0 255.255.255.0 any eq domain  
*access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq ssh  
+
*ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq https  
*access-list acl-in-out extended permit icmp 172.18.122.0 255.255.255.0 any echo  
+
*ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq ssh  
 
+
*ciscoasa(config)# access-list acl-in-out extended permit icmp 172.18.122.0 255.255.255.0 any echo  
*access-group acl-in-out out interface if-outside
+
;access-groupe anwenden
 +
*ciscoasa(config)# access-group acl-in-out out interface if-outside

Aktuelle Version vom 15. Februar 2016, 11:33 Uhr

Wenn keine Regel angewand wurde ist der Traffic von innen nach, mit Ausnahme von ICMP, aussen erlaubt.

Cisco Asa ping freischalten

Traffic vom Lan ins Internet begrenzen

access-list bilden
  • ciscoasa# configure terminal
  • ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq www
  • ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq smtp
  • ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq domain
  • ciscoasa(config)# access-list acl-in-out extended permit udp 172.18.122.0 255.255.255.0 any eq domain
  • ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq https
  • ciscoasa(config)# access-list acl-in-out extended permit tcp 172.18.122.0 255.255.255.0 any eq ssh
  • ciscoasa(config)# access-list acl-in-out extended permit icmp 172.18.122.0 255.255.255.0 any echo
access-groupe anwenden
  • ciscoasa(config)# access-group acl-in-out out interface if-outside
Abgerufen von „http://wiki.ixheim.de/index.php?title=Cisco_ASA_Acls&oldid=8386