Type help or '?' for a list of available commands.ciscoasa> enaPassword: *****ciscoasa# show run: Sa
..Type help or '?' for a list of available commands...ciscoasa> ena..Password: *****..ciscoasa# show run..: Saved..:..ASA Version 8.6(1) ..!..hostname ciscoasa..enable password 2KFQnbNIdI.2KYOU encrypted..passwd 2KFQnbNIdI.2KYOU encrypted..names..!..interface GigabitEthernet0/0.. nameif outside.. security-level 0.. ip address 60.223.25.3 255.255.255.224 ..!..红色部分为主线接入的配置..interface GigabitEthernet0/1.. nameif inside.. security-level 100.. ip address 10.10.1.2 255.255.255.0 ..!..interface GigabitEthernet0/2.. nameif backup.. security-level 10.. ip address 219.147.3.12 255.255.255.252 ..备份接口配置..!..interface GigabitEthernet0/3.. shutdown .. no nameif.. no security-level.. no ip address..!..interface GigabitEthernet0/4.. shutdown.. no nameif.. no security-level.. no ip address..!..interface GigabitEthernet0/5.. shutdown.. no nameif.. no security-level.. no ip address..!..interface Management0/0.. nameif management.. security-level 100.. ip address 192.168.1.1 255.255.255.0 .. management-only..!..boot system disk0:/asa861-smp-k8.bin..ftp mode passive..object network inside-outside-any.. subnet 0.0.0.0 0.0.0.0..nat转换地址组..object network static-host.. host 10.10.12.3..object network inside-backup-nat.. subnet 0.0.0.0 0.0.0.0..备份接口地址组..access-list 101 extended permit ip any any ..access-list 101 extended permit icmp any any ..访问控制..pager lines 24..logging enable..logging buffered debugging..logging asdm informational..mtu outside 1500..mtu inside 1500..mtu management 1500..mtu backup 1500..icmp unreachable rate-limit 1 burst-size 1..asdm p_w_picpath disk0:/asdm-66124.bin..no asdm history enable..arp timeout 14400..!..object network inside-outside-any.. nat (inside,outside) dynamic interface..object network static-host.. nat (inside,outside) static interface service tcp ..object network inside-backup-nat.. nat (inside,backup) dynamic interface 备份接口nat转换..access-group 101 in interface outside..access-group 101 in interface backup..route outside 0.0.0.0 0.0.0.0 60.223.25.3 1主线路由..route backup 0.0.0.0 0.0.0.0 219.147.3.12 2 备份接口路由..route inside 10.10.0.0 255.255.0.0 10.10.1.1 1..route inside 192.168.0.0 255.255.0.0 10.10.1.1 1..timeout xlate 3:00:00..timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02..timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00..timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00..timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute..timeout tcp-proxy-reassembly 0:01:00..timeout floating-conn 0:00:00..dynamic-access-policy-record DfltAccessPolicy..user-identity default-domain LOCAL..http server enable..http 192.168.1.0 255.255.255.0 management..http 0.0.0.0 0.0.0.0 inside..http 0.0.0.0 0.0.0.0 outside..http 10.10.0.0 255.255.0.0 inside..no snmp-server location..no snmp-server contact..snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart..sla monitor 123.. type echo protocol ipIcmpEcho 60.223.25.3 interface outside.. num-packets 3.. frequency 10..sla monitor schedule 123 life forever start-time now..!..track 1 rtr 123 reachability..主备网络切换配置..telnet 0.0.0.0 0.0.0.0 inside..telnet timeout 5..ssh 0.0.0.0 0.0.0.0 outside..ssh timeout 30..ssh version 1..console timeout 0..dhcpd address 192.168.1.2-192.168.1.254 management..dhcpd enable management..!..threat-detection basic-threat..threat-detection statistics access-list..no threat-detection statistics tcp-intercept..web***..username fsmy password VR.4DDD2WzHDSS5w encrypted..username cisco password 3USUcOPFUiMCO4Jk encrypted..!..class-map inspection_default.. match default-inspection-traffic..!..!..policy-map type inspect dns preset_dns_map.. parameters.. message-length maximum client auto.. message-length maximum 512..policy-map global_policy.. class inspection_default.. inspect dns preset_dns_map .. inspect ftp .. inspect h323 h225 .. inspect h323 ras .. inspect rsh .. inspect rtsp .. inspect esmtp .. inspect sqlnet .. inspect skinny .. inspect sunrpc .. inspect xdmcp .. inspect sip .. inspect netbios .. inspect tftp .. inspect ip-options ..!..service-policy global_policy global..prompt hostname context ..no call-home reporting anonymous..Cryptochecksum:c9732308134879f998456453b6afada3..: end..
