• If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

Cisco ASA Firewall with PPPoE

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ASA Firewall with PPPoE

    Mô hình:




    Cấu hình tham khảo:


    ASA Version 7.2(2)
    !
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password * encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.254 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group ATT
    ip address pppoe setroute
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    passwd * encrypted
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    access-list inside_access_out extended permit ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1492
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-522.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    access-group inside_access_out in interface inside
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    vpdn group ATT request dialout pppoe
    vpdn group ATT localname [ENTER ISP USERNAME HERE]
    vpdn group ATT ppp authentication chap [or PAP, depends on your ISP settings]
    vpdn username [ENTER ISP USERNAME HERE] password [ENTER ISP PASSWORD HERE]
    dhcpd auto_config outside
    !
    dhcpd address 192.168.1.1-192.168.1.32 inside
    dhcpd dns [ENTER ISP DNS ADDRESS HERE] interface inside
    dhcpd enable inside
    !
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    Lưu ý: Nhớ cấu hình Outside MTU =1492. Vì mất 8 byte cho PPPoE.
    Last edited by lamvantu; 19-11-2011, 10:26 PM.
    Lâm Văn Tú
    Email :
    cntt08520610@gmail.com
    Viet Professionals Co. Ltd. (VnPro)
    149/1D Ung Văn Khiêm P25 Q.Bình thạnh TPHCM
    Tel: (08) 35124257 (5 lines)
    Fax (08) 35124314
    Tập tành bước đi....


Working...
X