CLI기반의 초기 설정 모드

 

Pre-configure Firewall now through interactive prompts [yes]? Firewall Mode [Routed]:

->Routed Mode(Layer3) 또는Bridge(Transparent-Layer2) Mode 지정Routed Mode 시반드시NAT 구성을해야하며, Network 변경이필요하지만, Transparent 모드는네트워크구성이없음

 

Enable password [<use current password>]: cisco

->패스워드구성

Allow password recovery [yes]?

->패스워드복구기능을활성화시킬것인지정의

 

Clock (UTC):

Year [2005]:

Month [Nov]:

Day [2]:

Time [01:14:54]:17:48:00

->System Clock 정의

Inside IP address: 192.168.1.1

Inside network mask: 255.255.255.0

Host name: ASA

->Inside IP Address 정의및Host 이름정의

Use this configuration and write to flash? Yes

->Setup모드에서 구성한Config 저장여부

 

 

 

 

 

 

 

초기설치시에는Setup Setup 모드지정후Inside(Gigabit0/1) Inside 를통해ASDM으로바로접속가능

 

기본 환경 설정

Inside Interface or Management Interface 설정

 

ManagementInterface 설정하기

Interface Management0/0

no shutdown

description Interface for Management

nameifMgmt-Interface

management-only

->Management 용으로만사용할경우설정

ipaddress 1.1.1.1 255.255.255.0

->Mgmt IP Address 정의

 

외부접속용Interface(Outside) 정의

Interface GigabitEthernet0/0

no shutdown

nameifoutside

->Internet 접속용Interface 정의

security-level 0

->외부에서들어오는Interface 이므로보안등급이가장낮게정의0

ipaddress 10.10.10.1 255.255.255.0

->외부접속용IP Address 정의

 

내부접속용Interface(Inside) 정의

interface GigabitEthernet0/1

nameifinside

->내부Network을위한interface 정의

 

security-level 100

->내부Network 이므로가장높은보안등급정의100

ipaddress 192.168.1.1 255.255.255.0

interface GigabitEthernet0/2

description interface for LAN

nameifinside-2

->내부Network 가운데다른네트워크추가정의가능(보안등급0~100)

security-level 100

ipaddress 20.20.20.1 255.255.255.0

 

Same-Security-Level 정의

same-security-traffic permit inter-interface

->두개이상의서로다른nameif를가진물리적인터페이스가동일한보안등급

(Security-level)을가질경우Same-Security-level 정의를통한구성가능

 

ASA Firmware Upload 하기

ASA# copy ftp://anonymous@192.168.1.10/asa704-k8.bin disk0:   

  ->기본적으로장비에이미내장되어있음

 

ASA 운영을위한ASDM Upload 하기

ASA# copy ftp://anonymous@192.168.1.10/asdm504.bin disk0:   

->기본적으로장비에이미내장되어있음

 

다중Firmware 구성시Boot 환경설정

ASA(config)# boot system disk0:asa704-k8.bin

ASA# shbootvar

Current BOOT variable = disk0:/asa704-k8.bin

 

Disk0: 의정보확인

ASA# dirDirectory of disk0:/

2706 -rw-1589 00:06:14 Oct 10 2005 old_running.cfg

2707 -rw-1009 00:06:14 Oct 10 2005 admin.cfg

2709 -rw-1318 15:17:08 Jul 25 2005 c-a.cfg

2711 -rw-2167 00:30:14 Oct 16 2005 logo.gif

2712 -rw-5437440 19:07:04 Nov 02 2005 asa704-k8.bin

4040 -rw-5958324 19:08:22 Nov 02 2005 asdm504.bin

 

ASDM 접속을위한기본구성

ASA(config)# http server enable

->Web Service Enable

ASA(config)# http 192.168.0.0 255.255.0.0 inside

->웹서비스를접속할수있는Network 정의

 

ASA(config)# asdmimage disk0:/asdm504.bin

->ASDM image가있는디스크URL 정의

 

Telnet 접속을위한 기본구성

ASA(config)#telnet 0.0.0.0 0.0.0.0 inside

->Telnet 이가능한Network 정의

 

Inside Network 접속유무 Check를위한 ICMP허용

ASA(config)#icmp permit any inside

->inside Interface Ping Test 허용

 

 

 

 

 

 

+ Recent posts