Tweet
Chào mọi người,
Em moi install 1 con ASA5510 vào network. Apply allow any any rule. Có điều sau khi lắp đặt, tốc độ truy xuất internet thông qua firewall chậm hẳn (compare với lúc chưa lắp, sau khi tháo firewall ra thì tốc độ truy xuất internet trờ lại bình thường) Em đang để policy allow ip any any. Em có attach network diagram va firewall configuration. Mọi người có ý kiến gì ko, chỉ em với. Em cám ơn nhiều a.
ciscoasa(config)# show run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name lvs
....
names
!
interface Ethernet0/0
duplex full
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/1
nameif insideoff
security-level 100
ip address 172.168.1.254 255.255.255.0
!
interface Ethernet0/2
duplex full
nameif inside
security-level 50
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
!
......
boot config disk0:/disk0
ftp mode passive
dns server-group DefaultDNS
domain-name lvs
same-security-traffic permit inter-interface
access-list in2out extended permit ip any any
access-list in2out extended permit tcp any any
access-list in2out extended permit udp any any
access-list in2out extended permit icmp any any
pager lines 24
logging standby
logging console debugging
logging buffered alerts
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu insideoff 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any insideoff
no asdm history enable
arp timeout 14400
global (outside) 1 10.0.0.3 netmask 255.255.255.0
global (outside) 1 10.0.0.1 netmask 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (insideoff) 1 0.0.0.0 0.0.0.0
static (outside,inside) 10.0.0.2 192.168.1.1 netmask 255.255.255.255
access-group in2out in interface outside
access-group in2out out interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service internal
telnet timeout 5
ssh timeout 5
console timeout 0
!
!
prompt hostname context
.........
: end
ciscoasa(config)#
ciscoasa(config)#
Em moi install 1 con ASA5510 vào network. Apply allow any any rule. Có điều sau khi lắp đặt, tốc độ truy xuất internet thông qua firewall chậm hẳn (compare với lúc chưa lắp, sau khi tháo firewall ra thì tốc độ truy xuất internet trờ lại bình thường) Em đang để policy allow ip any any. Em có attach network diagram va firewall configuration. Mọi người có ý kiến gì ko, chỉ em với. Em cám ơn nhiều a.
ciscoasa(config)# show run
: Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name lvs
....
names
!
interface Ethernet0/0
duplex full
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/1
nameif insideoff
security-level 100
ip address 172.168.1.254 255.255.255.0
!
interface Ethernet0/2
duplex full
nameif inside
security-level 50
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
!
......
boot config disk0:/disk0
ftp mode passive
dns server-group DefaultDNS
domain-name lvs
same-security-traffic permit inter-interface
access-list in2out extended permit ip any any
access-list in2out extended permit tcp any any
access-list in2out extended permit udp any any
access-list in2out extended permit icmp any any
pager lines 24
logging standby
logging console debugging
logging buffered alerts
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu insideoff 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any insideoff
no asdm history enable
arp timeout 14400
global (outside) 1 10.0.0.3 netmask 255.255.255.0
global (outside) 1 10.0.0.1 netmask 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (insideoff) 1 0.0.0.0 0.0.0.0
static (outside,inside) 10.0.0.2 192.168.1.1 netmask 255.255.255.255
access-group in2out in interface outside
access-group in2out out interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service internal
telnet timeout 5
ssh timeout 5
console timeout 0
!
!
prompt hostname context
.........
: end
ciscoasa(config)#
ciscoasa(config)#
Attached Files
Comment