interface GigabitEthernet0/0nameif outside_40Msecurity-level 0ip address x.x.x.x 255.255.255.252!int
.
interface GigabitEthernet0/0
nameif outside_40M
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet0/1
nameif outside_10M
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet0/2
description Conn-LAN
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
route outside_40M 0.0.0.0 0.0.0.0 x.x.x.x 1
route outside_10M 0.0.0.0 0.0.0.0 y.y.y.y 2
route inside 192.168.2.0 255.255.255.0 192.168.10.1 1
route inside 192.168.3.0 255.255.255.0 192.168.10.1 1
route inside 192.168.4.0 255.255.255.0 192.168.10.1 1
route inside 192.168.5.0 255.255.255.0 192.168.10.1 1
route inside 192.168.6.0 255.255.255.0 192.168.10.1 1
route inside 192.168.7.0 255.255.255.0 192.168.10.1 1
route inside 192.168.8.0 255.255.255.0 192.168.10.1 1
route inside 192.168.9.0 255.255.255.0 192.168.10.1 1
route outside_10M 223.5.20.0 255.255.255.0 x.x.x.x 1
NAT:
static (inside,outside_40M) tcp x.x.x.x 3333 192.168.6.63 3389 netmask 255.255.255.255
access-list Policy_Outside_40M extended permit tcp any host x.x.x.x eq 3333
增加×××用户:
LB-F1-FW-01# conf t
LB-F1-FW-01(config)# username bobo365 password XXXXXX
LB-F1-FW-01(config)# username bobo365 attributes
LB-F1-FW-01(config-username)# ***-group-policy ReMote×××
LB-F1-FW-01(config-username)# exit
LB-F1-FW-01(config)# exit
LB-F1-FW-01# wr
