Cisco ASA 5505 开启SSH和Telnet服务

 未分类  No Responses »
12 月 312013
 

添加用户

ciscoasa(config)# username admin password admin privilege 15

开启本地用户数据库验证

ciscoasa(config)# aaa authorization command LOCAL

取消后,直接使用管理密码验证登录(cisco)
添加后,使用虚拟用户帐户验证登录

ciscoasa(config)# aaa authentication ssh console LOCAL

asa-5505-ssh-telnet-enable-01 asa-5505-ssh-telnet-enable-02

生成服务密钥

ciscoasa(config)# crypto key generate rsa modulus 1024
 INFO: The name for the keys will be: <Default-RSA-Key>
 Keypair generation process begin. Please wait...
ciscoasa(config)#

开启内网及外网所有网段的SSH服务

ciscoasa(config)# ssh 192.168.15.0 255.255.255.0 inside
ciscoasa(config)# ssh 0.0.0.0 0.0.0.0 outside
ciscoasa(config)# telnet 0 0 inside

指定SSH服务版本

ciscoasa(config)# ssh version 2

开启内网指定网段的Telnet服务

ciscoasa(config)# aaa authentication telnet console LOCAL
ciscoasa(config)# telnet 192.168.15.0 255.255.255.0 inside

设置时区,时间并查看当前系统时间

ciscoasa(config)# clock timezone HKST 8
ciscoasa(config)# clock set 18:45:40 9 Jan 2014
ciscoasa(config)# sh clock
18:46:00.019 HKST Thu Jan 9 2014

Cisco ASA 5505 基本联网功能配置

 未分类  No Responses »
12 月 302013
 

配置VLAN,指定接口IP

 ciscoasa(config)# interface vlan 1
 ciscoasa(config-if)# nameif inside
 INFO: Security level for "inside" set to 100 by default.
 ciscoasa(config-if)# ip address 192.168.15.1 255.255.255.0
 ciscoasa(config-if)# exit
 ciscoasa(config)# interface vlan 2
 ciscoasa(config-if)# nameif outside0
 INFO: Security level for "outside0" set to 0 by default.
 ciscoasa(config-if)# ip address 192.168.3.100 255.255.252.0
 ciscoasa(config)# interface vlan 3
 ciscoasa(config-if)# nameif outside1
 INFO: Security level for "outside1" set to 0 by default.
 ciscoasa(config-if)# ip address 10.20.30.40 255.255.255.0

验证配置
cisco-asa-5505-basic-network-01

将端口加入VLAN组

 ciscoasa(config)# interface ethernet 0/2
 ciscoasa(config-if)# switchport mode trunk
 ciscoasa(config-if)# switchport trunk allowed vlan 1
 ciscoasa(config-if)# switchport trunk native vlan 1
 ciscoasa(config-if)# no shutdown
 ciscoasa(config-if)# exit
 ciscoasa(config)# interface ethernet 0/0
 ciscoasa(config-if)# switchport access vlan 2
 ciscoasa(config-if)# no shutdown
 ciscoasa(config-if)# exit
 ciscoasa(config)# interface ethernet 0/1
 ciscoasa(config-if)# switchport access vlan 3
 ciscoasa(config-if)# no shutdown
 ciscoasa(config-if)# exit

验证配置
cisco-asa-5505-basic-network-02

开启DHCP服务

 ciscoasa(config)# dhcpd address 192.168.15.200-192.168.15.254 inside
 ciscoasa(config)# dhcpd dns 8.8.8.8 8.8.4.4
 ciscoasa(config)# dhcpd enable inside
 

定义对象

 ciscoasa(config)# object network obj_any
 ciscoasa(config-network-object)# subnet 0.0.0.0 0.0.0.0

添加NAT规则

 ciscoasa(config-network-object)# nat (inside,outside0) dynamic inerface dns
 ciscoasa(config-network-object)# exit

添加默认路由

ciscoasa(config)# route outside0 0.0.0.0 0.0.0.0 192.168.1.254

 

Cisco ASA 5505 防火墙初始化配置信息

 未分类  No Responses »
12 月 232013
 

清除配置

5505-1(config)# write erase
Erase configuration in flash memory? [confirm]

重启

5505-1# reload
Proceed with reload? [confirm]

提示是否进行预配置

Pre-configure Firewall now through interactive prompts [yes]? no
Type help or ‘?’ for a list of available commands.
ciscoasa> ?

clear Reset functions
enable Turn on privileged commands
exit Exit from the EXEC
help Interactive help for commands
login Log in as a particular user
logout Exit from the EXEC
no Negate a command or set its defaults
ping Send echo messages
quit Exit from the EXEC
show Show running system information
traceroute Trace route to destination

进入特权模式(密码为空)查看初始配置信息

ciscoasa> en
 Password:
 ciscoasa# show run
 : Saved
 :
 ASA Version 8.4(2)
 !
 hostname ciscoasa
 enable password 8Ry2YjIyt7RRXU24 encrypted
 passwd 2KFQnbNIdI.2KYOU encrypted
 names
 !
 interface Ethernet0/0
 shutdown
 !
 interface Ethernet0/1
 shutdown
 !
 interface Ethernet0/2
 shutdown
 !
 interface Ethernet0/3
 shutdown
 !
 interface Ethernet0/4
 shutdown
 !
 interface Ethernet0/5
 shutdown
 !
 interface Ethernet0/6
 shutdown
 !
 interface Ethernet0/7
 shutdown
 !
 interface Vlan1
 no nameif
 no security-level
 no ip address
 !
 ftp mode passive
 pager lines 24
 no failover
 icmp unreachable rate-limit 1 burst-size 1
 no asdm history enable
 arp timeout 14400
 timeout xlate 3:00:00
 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
 timeout tcp-proxy-reassembly 0:01:00
 timeout floating-conn 0:00:00
 dynamic-access-policy-record DfltAccessPolicy
 user-identity default-domain LOCAL
 no snmp-server location
 no snmp-server contact
 snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
 telnet timeout 5
 ssh timeout 5
 console timeout 0
threat-detection basic-threat
 threat-detection statistics access-list
 no threat-detection statistics tcp-intercept
 !
 class-map inspection_default
 match default-inspection-traffic
 !
 !
 policy-map type inspect dns preset_dns_map
 parameters
 message-length maximum client auto
 message-length maximum 512
 policy-map global_policy
 class inspection_default
 inspect dns preset_dns_map
 inspect ftp
 inspect h323 h225
 inspect h323 ras
 inspect ip-options
 inspect netbios
 inspect rsh
 inspect rtsp
 inspect skinny
 inspect esmtp
 inspect sqlnet
 inspect sunrpc
 inspect tftp
 inspect sip
 inspect xdmcp
 !
 service-policy global_policy global
 prompt hostname context
 call-home
 profile CiscoTAC-1
 no active
 destination address http https://tools.cisco.com/its/service/oddce/services/De
 destination address email callhome@cisco.com
 destination transport-method http
 subscribe-to-alert-group diagnostic
 subscribe-to-alert-group environment
 subscribe-to-alert-group inventory periodic monthly
 subscribe-to-alert-group configuration periodic monthly
 subscribe-to-alert-group telemetry periodic daily
 Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
 : end
 ciscoasa#

 

使用minicom串口连接Cisco ASA 5505

 未分类  No Responses »
12 月 232013
 

关于Minicom的描述信息

Name : minicom
Arch : x86_64
Version : 2.3
Release : 6.1.el6
Size : 246 k
Repo : base
Summary : A text-based modem control and terminal emulation program
URL : http://alioth.debian.org/projects/minicom/
License : GPLv2+
Description : Minicom is a simple text-based modem control and terminal
 : emulation program somewhat similar to MSDOS Telix. Minicom
 : includes a dialing directory, full ANSI and VT100 emulation, an
 : (external) scripting language, and other features.

安装minicom

 [root@nas ~]# yum install minicom

minicom-cisco-5505-01

 

[root@nas ~]# minicom -s

minicom-cisco-5505-02 minicom-cisco-5505-03 minicom-cisco-5505-04 minicom-cisco-5505-05 minicom-cisco-5505-06 minicom-cisco-5505-07 minicom-cisco-5505-08

Welcome to minicom 2.3

OPTIONS: I18n
Compiled on Aug 19 2010, 05:50:19.
Port /dev/ttyS1

Press CTRL-A Z for help on special keys
ciscoasa>
ciscoasa# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 6.4(5)

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is “disk0:/asa842-k8.bin”
Config file at boot was “startup-config”

ciscoasa up 50 mins 10 secs

Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1

 Older Entries