QUE ES UNA DMZ?
Una zona desmilitarizada (DMZ) es una parte de una red interna de una organización que está disponible
para una red no fiable como Internet. Una DMZ ayuda a mejorar la seguridad en la red interna de una organización.
Una zona desmilitarizada (demilitarized zone, DMZ) es una red perimetral que protege la red de área local (local-area network, LAN)
interna contra el tráfico no confiable. Un significado común para una DMZ es una subred que se encuentra entre la Internet pública y las redes privadas.
video anterior de configuración basica de asa5506 • Configuración básica d...
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
usuario = admin
contraseña = cisco$
enable secret = cisco$
:
ASA Version 9.6(1)
!
hostname ciscoasa
domain-name write
enable password T8nNobTSbHuXw2px encrypted
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/2
nameif outside
security-level 0
ip address 120.120.1.2 255.255.255.224
!
interface GigabitEthernet1/3
nameif dmz
security-level 50
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
shutdown
!
object network pubweb
host 10.10.10.2
nat (dmz,outside) static 120.120.1.3
object network redlocal_inside
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic interface
object network srvcorreo
host 10.10.10.3
nat (dmz,outside) static 120.120.1.4
object network webserver
host 120.120.1.3
!
route outside 0.0.0.0 0.0.0.0 120.120.1.1 1
!
access-list outside extended permit icmp any any echo
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit tcp any eq www 192.168.1.0 255.255.255.0
access-list outside extended permit tcp any host 120.120.1.3 eq www
access-list outside extended permit tcp any host 120.120.1.4 eq pop3
access-list outside extended permit tcp any host 120.120.1.4 eq smtp
access-list dmz extended permit icmp any any
access-list dmz extended permit tcp any any
access-list dmz extended permit udp any any eq www
access-list dmz extended permit tcp any any eq pop3
access-list dmz extended permit tcp any any eq smtp
!
!
access-group outside in interface outside
access-group dmz in interface dmz
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
!
username admin password T8nNobTSbHuXw2px encrypted
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect tftp
!
service-policy global_policy global
!
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
!
dhcpd dns 8.8.8.8
!
dhcpd address 192.168.1.50-192.168.1.250 inside
dhcpd enable inside
!
!
!
!
Негізгі бет Configurar zona DMZ en CISCO ASA5506 PARA PUBLICAR SERVICIOS VIDEO 23
No video
Пікірлер: 2