思科下一代模拟器EVE-NG做一个ASA防火墙简单小实验

Posted 2022-01-30 gsls200808

本文参考：EVE环境下做一个ASA防火墙简单小实验_哔哩哔哩_bilibili

跟视频不同的是，两个路由器换成了VPC

EVE里的拓扑图如下

 ASAv配置

#主机名，网卡ip配置
hostname ASA 
interface GigabitEthernet0/0
 nameif Outside
 security-level 0
 ip address 202.100.1.10 255.255.255.0

 no shutdown

interface GigabitEthernet0/1
 nameif Inside
 security-level 100
 ip address 10.1.1.10 255.255.255.0
 no shutdown

#路由配置
route outside 0 0 202.100.1.1
route Inside 10.1.0.0 255.255.0.0 10.1.1.1

#允许ping配置
access-list OUTSIDE_IN_ACL permit icmp any any echo-reply
access-group OUTSIDE_IN_ACL in interface outside

#保存
wr

#重启
reload

Outside区域VPC1配置

#VPC1
ip 202.100.1.1/24 202.100.1.10
show ip
#保存
save

Inside区域VPC2配置

#VPC2
ip 10.1.1.1/24 10.1.1.10
show ip
#保存
save

VPC2pingVPC1结果，ping成功

 VPC1pingVPC2结果，ping失败