拓扑图:
防火墙实验拓扑
配置:
Outside:
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
ip add 202.100.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 202.100.1.10
line vty 0 15
password cisco
exit
Inside:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface FastEthernet0/0
ip add 10.1.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 10.1.1.10
line vty 0 15
password cisco
exit
DMZ:
interface Loopback0
ip address 3.3.3.3 255.255.255.0
ip ospf network point-to-point
interface FastEthernet0/0
ip add 192.168.1.1 255.255.255.0
no sh
exit
router ospf 110
network 3.3.3.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
exit
ip route 0.0.0.0 0.0.0.0 192.168.1.10
line vty 0 15
password cisco
exit
ASA:
interface GigabitEthernet0
nameif outside
ip address 202.100.1.10 255.255.255.0
no sh
interface GigabitEthernet1
nameif inside
ip address 10.1.1.10 255.255.255.0
no sh
interface GigabitEthernet2
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
no sh
exit
router ospf 110
network 192.168.1.0 255.255.255.0 area 0
exit
route outside 0.0.0.0 0.0.0.0 202.100.1.1 1
route inside 2.2.2.0 255.255.255.0 10.1.1.1 1
存在问题:
ASA和router通过一台switch(3600 router模拟)连接时,switch上面划分3个VLAN,ASA使用子接口(单臂路由),目前在ASA上面无法ping通router上面的直连地址。
网友评论