187
16.3-rasm. Tadqiq qilinayotgan tarmoq topologiyasi
2. Marshruzator va tarmoqlararo ekrandagi asosiy sozlamalarni
sozlang. Asosiy sozlamalar uchun quyidagi buyruqlardan foydalaning.
Marshruzatorga quyida buyruqlar ketma ketligi kiritiladi.
continue with configuration dialog? [yes/no]: no
Router>enable
Router#conf t
Router(config)#interface gigabitEthernet 0/1
Router(config-if)#no shutdown
Router(config-if)#ip address 195.158.18.1 255.255.255.0
Router(config-if)#exit
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#no shutdown
Router(config-if)#ip address 8.8.8.1 255.255.255.0
Router(config-if)#do wr
Tarmoqlararo ekrandagi asosiy
sozlamalarni sozlash uchun
quyidagi buyruqlar kiritiladi:
ciscoasa>en
ciscoasa#conf t
188
ciscoasa#no dhcpd enable
inside
ciscoasa#no dhcpd address 192.168.1.5-192.168.1.36 inside
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#ip address 192.168.100.1 255.255.255.0
ciscoasa(config-if)#exit
ciscoasa(config)#dhcpd enable inside
ciscoasa(config)#dhcpd address 192.168.100.22-192.168.100.50 inside
ciscoasa(config)#dhcpd dns 8.8.8.8
ciscoasa(config)#interface vlan 2
ciscoasa(config-if)#ip address 195.158.18.18 255.255.255.0
ciscoasa(config-if)#exit
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 195.158.18.1
ciscoasa(config)#object network NAT
ciscoasa(config-network-object)#subnet 192.168.100.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic outside
ciscoasa(config-network-object)#exit
ciscoasa(config)#class-map qoida
ciscoasa(config-if)#match default-inspection-traffic
ciscoasa(config-if)#exit
ciscoasa(config)#policy-map toplam
ciscoasa(config)#class qoida
ciscoasa(config)#inspect http
ciscoasa(config)#inspect icmp
ciscoasa(config)#exit
ciscoasa(config)#service-policy toplam global
ciscoasa(config)#exit
ciscoasa(config)#enable salom
ciscoasa(config)#username admin password tatu123
3. Asosiy sozlamalarni kiritgandan soʻng, DMZni tarmoqlararo
ekran
yordamida sozlanadi. Buyruqning
satriga quyidagi buyruqlar
kiritiladi:
ciscoasa(config)#hostname ASA
ASA(config)#domain-name tatu.uz
ASA(config)#ssh 192.168.100.0 255.255.255.0 inside
ASA(config)#aaa authentication ssh console LOCAL
ASA(config)#aaa authentication telnet console LOCAL
ASA(config)#ssh 8.8.8.8 255.255.255.255 outside
ASA(config)#interface vlan 3
ASA(config-if)#no forward interface vlan 1
ASA(config-if)#nameif DMZ
189
ASA(config-if)#ip address 192.168.70.1 255.255.255.0
ASA(config-if)#exit
ASA(config)#interface vlan 3
ASA(config-if)#security-level 70
ASA(config-if)#exit
ASA(config)#object network DMZ
ASA(config-network-object)#nat (DMZ,outside) static 195.158.18.88
ASA(config-network-object)#exit
ASA#
ASA#conf t
ASA(config)#access-list DMZ permit icmp any host 195.158.18.88
ASA(config)#access-group DMZ in interface outside
ASA(config)#access-list DMZ permit tcp any host 195.158.10.88 eq www
ASA(config)#end
Tegishli buyruqlarni kiritgandan soʻng,
tarmoqning ishlashini
tekshirishingiz kerak.