Поэтому я взялся за проект по перемещению четырех отдельных сетей в один центр Colo.
В настоящее время я разбил все из четырех сетей на 4 VLANS на ASA 5510. Каждой из них назначены IP-адреса с подсетью / 24.
Я настроил порт e0 / 1 на ASA 5510 с IP-адресом 172.20.0.1 и отправил его на fa0 / 48 на 3550 с использованием IP-адреса 172.20.0.3.
Мне удалось проверить связь с обоими интерфейсами, и я смог настроить маршрут от ASA к Интернету.
Я не уверен, что делать дальше.
Вот демонстрация ASA 5510
mdc-fw01# show run
: Saved
:
ASA Version 9.1(5)
!
hostname mdc-fw01
domain-name mdcommerce.local
enable password F7aoYryYQMUHhnCL encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 216.176.***.*** 255.255.255.240
!
interface Ethernet0/1
duplex full
nameif inside
security-level 100
ip address 172.20.0.1 255.255.255.248
!
interface Ethernet0/1.1
vlan 15
nameif MDCommerce
security-level 100
ip address 192.168.15.1 255.255.255.0
!
interface Ethernet0/1.2
vlan 20
nameif Camber
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/1.3
vlan 10
nameif ASP
security-level 100
ip address 10.0.2.254 255.255.255.0
!
interface Ethernet0/1.4
vlan 201
nameif HSSI
security-level 100
ip address 192.168.201.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 216.176.***.***
name-server 216.176.***.***
domain-name mdcommerce.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu MDCommerce 1500
mtu Camber 1500
mtu ASP 1500
mtu HSSI 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside) dynamic interface
!
router ospf 1
log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 216.176.***.*** 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=mdc-fw01
crl configure
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password XuyJjvRO952UKR8l encrypted
!
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:914f8c23591806b703df3d5c7ad203c6
: end
А вот и мой показ на моем Cisco 3550.
mdc-sw01>enable
mdc-sw01#show run
Building configuration...
Current configuration : 3875 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mdc-sw01
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/10
description HSSI Domain Controller
switchport access vlan 201
switchport mode dynamic desirable
!
interface FastEthernet0/12
description Camber Domain Controller
switchport access vlan 20
switchport mode dynamic desirable
!
interface FastEthernet0/17
description ASP Domain Controller
switchport access vlan 10
switchport mode dynamic desirable
!
interface FastEthernet0/19
description Backup Server Ubuntu
switchport access vlan 20
switchport mode dynamic desirable
!
interface FastEthernet0/21
description MDCommerce Domain Controller
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/48
no switchport
ip address 172.20.0.3 255.255.255.248
!
interface GigabitEthernet0/1
no switchport
no ip address
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
ip address 192.168.15.1 255.255.255.0
!
ip default-gateway 172.20.0.1
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Я понятия не имею, что делать с этого момента. Любые предложения или помощь будут очень приветствоваться.