所以我在我的工作中接了一个项目,把四个独立的networking合并到一个科洛中心。
目前,我把ASA 5510上的四个networking中的所有东西都分解成4个VLAN。每个networking都分配有一个/ 24子网的IP。
我已经在ASA 5510上设置了IP地址为172.20.0.1的端口e0 / 1,并使用IP地址172.20.0.3将它发送到3550上的fa0 / 48。
我已经能够ping通这两个接口,并且能够build立从ASA到Internet的路由。
我不知道该从哪里出发。
这里是展示为ASA 5510运行
mdc-fw01# show run : Saved : ASA Version 9.1(5) ! hostname mdc-fw01 domain-name mdcommerce.local enable password F7aoYryYQMUHhnCL encrypted names ! interface Ethernet0/0 nameif outside security-level 0 ip address 216.176.***.*** 255.255.255.240 ! interface Ethernet0/1 duplex full nameif inside security-level 100 ip address 172.20.0.1 255.255.255.248 ! interface Ethernet0/1.1 vlan 15 nameif MDCommerce security-level 100 ip address 192.168.15.1 255.255.255.0 ! interface Ethernet0/1.2 vlan 20 nameif Camber security-level 100 ip address 192.168.20.1 255.255.255.0 ! interface Ethernet0/1.3 vlan 10 nameif ASP security-level 100 ip address 10.0.2.254 255.255.255.0 ! interface Ethernet0/1.4 vlan 201 nameif HSSI security-level 100 ip address 192.168.201.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ! ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup outside dns domain-lookup inside dns server-group DefaultDNS name-server 216.176.***.*** name-server 216.176.***.*** domain-name mdcommerce.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu MDCommerce 1500 mtu Camber 1500 mtu ASP 1500 mtu HSSI 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network obj_any nat (inside,outside) dynamic interface ! router ospf 1 log-adj-changes ! route outside 0.0.0.0 0.0.0.0 216.176.***.*** 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint ASDM_TrustPoint0 enrollment terminal subject-name CN=mdc-fw01 crl configure crypto ca trustpool policy telnet timeout 5 no ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 outside ssh 192.168.1.0 255.255.255.0 management ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection statistics access-list no threat-detection statistics tcp-intercept username admin password XuyJjvRO952UKR8l encrypted ! ! prompt hostname context no call-home reporting anonymous Cryptochecksum:914f8c23591806b703df3d5c7ad203c6 : end 这是我的演示从我的思科3550运行
mdc-sw01>enable mdc-sw01#show run Building configuration... Current configuration : 3875 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname mdc-sw01 ! ! no aaa new-model ip subnet-zero ! ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! ! ! interface FastEthernet0/10 description HSSI Domain Controller switchport access vlan 201 switchport mode dynamic desirable ! interface FastEthernet0/12 description Camber Domain Controller switchport access vlan 20 switchport mode dynamic desirable ! interface FastEthernet0/17 description ASP Domain Controller switchport access vlan 10 switchport mode dynamic desirable ! interface FastEthernet0/19 description Backup Server Ubuntu switchport access vlan 20 switchport mode dynamic desirable ! interface FastEthernet0/21 description MDCommerce Domain Controller switchport access vlan 15 switchport mode access ! interface FastEthernet0/48 no switchport ip address 172.20.0.3 255.255.255.248 ! interface GigabitEthernet0/1 no switchport no ip address ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address shutdown ! interface Vlan15 ip address 192.168.15.1 255.255.255.0 ! ip default-gateway 172.20.0.1 ip classless ip http server ip http secure-server ! ! ! control-plane ! ! line con 0 line vty 5 15 ! end
从这一点我不知道该怎么做。 任何build议或帮助将非常appriciated。