pc Server
192.168.3.3
255.255.255.0
dns : 192.168.3.3 / smk-komam.com
pc 0
192.168.2.2
255.255.255.0
192.168.2.1
192.168.3.3
pc 1 (dhcp client)
cmd : ssh -l admin 192.168.1.1
Router
en
conf t
int fa0/0
ip add 100.200.10.2 255.0.0.0
no shu
exit
int fa0/1
ip add 192.168.2.1 255.255.255.0
no shu
====================================
cisco asa konfigurasi
ciscoasa>enable
Password:(kosong tanpa password langusng enter)
ciscoasa#conf t
ciscoasa(config)#enable password ciscoenpa55
ciscoasa(config)#interface vlan 1
ciscoasa(config-if)#nameif inside
ciscoasa(config-if)#ip address 192.168.1.1 255.255.255.0
ciscoasa(config-if)#security-level 100
ciscoasa(config-if)#exit
ciscoasa(config)#interface vlan 2
ciscoasa(config-if)#nameif outside
ciscoasa(config-if)#ip address 100.200.10.1 255.0.0.0
ciscoasa(config-if)#security-level 0
ciscoasa(config-if)#show interface ip brief
ciscoasa(config-if)#show ip address
ciscoasa(config-if)#show switch vlan
ciscoasa(config-if)#show run
ciscoasa(config-if)#exit
ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 100.200.10.2
ciscoasa(config)#show route
ciscoasa(config)#object network inside-net
ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface
ciscoasa(config-network-object)#end
ciscoasa#configure terminal
ciscoasa(config)#class-map inspection_default
ciscoasa(config-cmap)#match default-inspection-traffic
ciscoasa(config-cmap)#exit
ciscoasa(config)#policy-map global_policy
ciscoasa(config-pmap)#class inspection_default
ciscoasa(config-pmap-c)#inspect icmp
ciscoasa(config-pmap-c)#exit
ciscoasa(config)#service-policy global_policy global
ciscoasa(config)#dhcpd address 192.168.1.3-192.168.1.15 inside
ciscoasa(config)#dhcpd dns 192.168.3.3 interface inside
ciscoasa(config)#dhcpd enable inside
ciscoasa(config)#username admin password adminpa55
ciscoasa(config)#aaa authentication ssh console LOCAL
ciscoasa(config)#crypto key generate rsa modulus 1024
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.
Do you really want to replace them? [yes/no]: no
ERROR: Failed to create new RSA keys named <Default-RSA-Key>
ciscoasa(config)#ssh 192.168.1.0 255.255.255.0 inside
ciscoasa(config)#ssh 192.168.2.3 255.255.255.255 outside
ciscoasa(config)#ssh timeout 10
ciscoasa(config)#interface vlan 3
ciscoasa(config-if)#ip address 192.168.3.1 255.255.255.0
ciscoasa(config-if)#no forward interface vlan 1
ciscoasa(config-if)#nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ciscoasa(config-if)#security-level 70
ciscoasa(config-if)#interface ethernet0/2
ciscoasa(config-if)#switchport access vlan 3
ciscoasa(config-if)# interface ethernet0/3
ciscoasa(config-if)#switchport access vlan 3
ciscoasa(config-if)#exit
ciscoasa(config)#object network dmz-server
ciscoasa(config-network-object)#host 192.168.3.3
ciscoasa(config-network-object)#nat (dmz,outside) static 100.200.10.3
ciscoasa(config-network-object)#exit
ciscoasa#configure terminal
ciscoasa(config)#access-list OUTSIDE-DMZ permit icmp any host 192.168.3.3
ciscoasa(config)#access-list OUTSIDE-DMZ permit tcp any host 192.168.3.3 eq 80
ciscoasa(config)#access-group OUTSIDE-DMZ in interface outside
.jpg)
