本帖最后由 suzhouxiaoniu 于 2018-12-25 17:47 编辑 配置路由器路由和远程访问
R1(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1
R2(config)#ip route 192.168.2.0 255.255.255.0 192.168.1.1
R1(config)#line vty 0 4
R1(config-line)#no login
R2(config)#line vty 0 4
R2(config-line)#no login
R2#192.168.2.2
Trying 192.168.2.2 ...Open
R1>
#高级别和访问低级别端口,并且ASA默认维护TCP和UDP的状态化信息
R1#192.168.1.2
Trying 192.168.1.2 ...
% Connection timed out; remotehost not responding
#低级别端口默认不能访问高级别端口
R2#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is2 seconds:
.....
Success rate is 0 percent (0/5)
#ICMP流量默认不放行,抓包验证能出去但是进不来
ASA(config)#access-listpericmp permit icmp any any
ASA(config)#access-grouppericmp in interface outside
#outside接口放行ICMP流量
R2#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is2 seconds:
!!!!!
Success rate is 100 percent(5/5), round-trip min/avg/max = 0/0/1 ms
思考:
1:以上ACL是否可以这样写?
ASA(config)#access-list pericmp permit icmp any anyecho-reply
ASA(config)#access-group pericmpin interface outside
2:如何让R1可以telnet R2?
ASA(config)#access-list pericmp per tcphost 192.168.2.2 host 192.168.1.2
ASA(config)#access-group pericmp in interface outside
3:如何实现telnet直接进入特权模式
R1(config)#line vty 0 4
R1(config-line)#no login
R1(config-line)#pri 15