没有合适的资源?快使用搜索试试~ 我知道了~
首页Cisco ASA防火墙配置手册
Cisco ASA 5500 Series Configuration Guide using the CLI Software Version 8.4 and 8.6 for the ASA 5505,ASA 5510,ASA 5520,ASA 5540,ASA 5550 ,ASA 5580,ASA 5512-X,ASA 5515-X,ASA 5525-X,ASA 5545-X,ASA 5555-X,and ASA 5585-X
资源详情
资源评论
资源推荐
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco ASA 5500 Series Configuration
Guide using the CLI
Software Version 8.4 and 8.6 for the ASA 5505, ASA 5510, ASA 5520, ASA
5540, ASA 5550, ASA 5580, ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA
5545-X, ASA 5555-X, and ASA 5585-X
Released: January 31, 2011
Updated: October 31, 2012
Text Part Number: N/A, Online only
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Cisco ASA 5500 Series Configuration Guide using the CLI
Copyright © 2011-2012 Cisco Systems, Inc. All rights reserved.
iii
Cisco ASA 5500 Series Configuration Guide using the CLI
CONTENTS
About This Guide lxv
Document Objectives lxv
Audience lxv
Related Documentation lxv
Conventions lxvi
Obtaining Documentation and Submitting a Service Request lxvii
PART
1 Getting Started with the ASA
CHAPTER
1 Introduction to the Cisco ASA 5500 Series 1-1
Hardware and Software Compatibility 1-1
VPN Specifications 1-1
New Features 1-1
New Features in Version 8.6(1) 1-2
New Features in Version 8.4(5) 1-4
New Features in Version 8.4(4.1) 1-6
New Features in Version 8.4(3) 1-9
New Features in Version 8.4(2) 1-12
New Features in Version 8.4(1) 1-19
Firewall Functional Overview 1-24
Security Policy Overview 1-24
Permitting or Denying Traffic with Access Lists 1-25
Applying NAT 1-25
Protecting from IP Fragments 1-25
Using AAA for Through Traffic 1-25
Applying HTTP, HTTPS, or FTP Filtering 1-25
Applying Application Inspection 1-25
Sending Traffic to the IPS Module 1-26
Sending Traffic to the Content Security and Control Module 1-26
Applying QoS Policies 1-26
Applying Connection Limits and TCP Normalization 1-26
Enabling Threat Detection 1-26
Enabling the Botnet Traffic Filter 1-27
Configuring Cisco Unified Communications 1-27
Contents
iv
Cisco ASA 5500 Series Configuration Guide using the CLI
Firewall Mode Overview 1-27
Stateful Inspection Overview 1-27
VPN Functional Overview 1-28
Security Context Overview 1-29
CHAPTER
2 Getting Started 2-1
Accessing the Appliance Command-Line Interface 2-1
Configuring ASDM Access for Appliances 2-2
Accessing ASDM Using the Factory Default Configuration 2-2
Accessing ASDM Using a Non-Default Configuration (ASA 5505) 2-3
Accessing ASDM Using a Non-Default Configuration (ASA 5510 and Higher) 2-5
Starting ASDM 2-6
Connecting to ASDM for the First Time 2-7
Starting ASDM from the ASDM-IDM Launcher 2-8
Starting ASDM from the Java Web Start Application 2-8
Using ASDM in Demo Mode 2-9
Factory Default Configurations 2-10
Restoring the Factory Default Configuration 2-11
ASA 5505 Default Configuration 2-11
ASA 5505 Routed Mode Default Configuration 2-11
ASA 5505 Transparent Mode Sample Configuration 2-13
ASA 5510 and Higher Default Configuration 2-15
Working with the Configuration 2-15
Saving Configuration Changes 2-16
Saving Configuration Changes in Single Context Mode 2-16
Saving Configuration Changes in Multiple Context Mode 2-16
Copying the Startup Configuration to the Running Configuration 2-17
Viewing the Configuration 2-18
Clearing and Removing Configuration Settings 2-18
Creating Text Configuration Files Offline 2-19
Applying Configuration Changes to Connections 2-19
CHAPTER
3 Managing Feature Licenses 3-1
Supported Feature Licenses Per Model 3-1
Licenses Per Model 3-1
License Notes 3-16
VPN License and Feature Compatibility 3-20
Information About Feature Licenses 3-20
Contents
v
Cisco ASA 5500 Series Configuration Guide using the CLI
Preinstalled License 3-21
Permanent License 3-21
Time-Based Licenses 3-21
Time-Based License Activation Guidelines 3-21
How the Time-Based License Timer Works 3-21
How Permanent and Time-Based Licenses Combine 3-22
Stacking Time-Based Licenses 3-23
Time-Based License Expiration 3-23
Shared AnyConnect Premium Licenses 3-23
Information About the Shared Licensing Server and Participants 3-24
Communication Issues Between Participant and Server 3-25
Information About the Shared Licensing Backup Server 3-25
Failover and Shared Licenses 3-25
Maximum Number of Participants 3-27
Failover Licenses (8.3(1) and Later) 3-28
Failover License Requirements and Exceptions 3-28
How Failover Licenses Combine 3-28
Loss of Communication Between Failover Units 3-29
Upgrading Failover Pairs 3-30
No Payload Encryption Models 3-30
Licenses FAQ 3-30
Guidelines and Limitations 3-31
Configuring Licenses 3-32
Obtaining an Activation Key 3-33
Activating or Deactivating Keys 3-33
Configuring a Shared License 3-35
Configuring the Shared Licensing Server 3-35
Configuring the Shared Licensing Backup Server (Optional) 3-37
Configuring the Shared Licensing Participant 3-37
Monitoring Licenses 3-38
Viewing Your Current License 3-38
Monitoring the Shared License 3-44
Feature History for Licensing 3-46
PART
2 Configuring Firewall and Security Context Modes
CHAPTER
4 Configuring the Transparent or Routed Firewall 4-1
Configuring the Firewall Mode 4-1
Information About the Firewall Mode 4-1
剩余1993页未读,继续阅读
也许爱
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- ExcelVBA中的Range和Cells用法说明.pdf
- 基于单片机的电梯控制模型设计.doc
- 主成分分析和因子分析.pptx
- 共享笔记服务系统论文.doc
- 基于数据治理体系的数据中台实践分享.pptx
- 变压器的铭牌和额定值.pptx
- 计算机网络课程设计报告--用winsock设计Ping应用程序.doc
- 高电压技术课件:第03章 液体和固体介质的电气特性.pdf
- Oracle商务智能精华介绍.pptx
- 基于单片机的输液滴速控制系统设计文档.doc
- dw考试题 5套.pdf
- 学生档案管理系统详细设计说明书.doc
- 操作系统PPT课件.pptx
- 智慧路边停车管理系统方案.pptx
- 【企业内控系列】企业内部控制之人力资源管理控制(17页).doc
- 温度传感器分类与特点.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论30