以下指令在8.0版本IOS下測試通過,較老版本IOS指令可能有差異。
pix(config)#vpdn group ChengDu request dialout pppoe
//為ADSL撥号建立虛拟專用撥号網絡組(VPDN Group),ChengDu為組名,随便填你自己喜歡的
pix(config)#vpdn group ChengDu localname (ADSL賬号名)
pix(config)#vpdn group ChengDu ppp authentication pap/chap //啟用驗證方式
pix(config)#vpdn username (ADSL賬号名) password (賬号密碼) //就是ISP給你的帳号和密碼
------以下是啟用PPPoE會話指令------
進入外網接口:
pix515E(config)# int e0
pix515E(config-if)# ip add pppoe setroute //啟動撥号,如果沒有配預設路由,則必須加上
附件中是一篇從百度文庫上摘抄的配置文檔可供參考
ASA5505# show run
: Saved
:
ASA Version 7.2(2)
!
hostname ASA5505
enable password 9jNfZuG3TC5tCVH0 encrypted
names
interface Vlan1
nameif inside
security-level 100
ipaddress 192.168.1.1 255.255.255.0
interface Vlan2
nameif ADSL//定義接口的名字
security-level 0//定義接口的安全級别
pppoe client vpdn group adsl//定義pppoe用戶端的組的名字
ip address pppoe setroute//定義IP位址的類型
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone GMT 8
pager lines 24
logging enable
logging monitor emergencies
logging buffered debugging
mtu inside 1500
mtu ADSL 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat-control
global (ADSL) 1 interface//定義全局轉換位址
nat (inside) 1 0.0.0.00.0.0.0//定義内部轉換位址
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h2251:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username gefangliang password.Xk/Clh/p4BiEWeV encrypted
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authenticationlinkup linkdown coldstart
crypto ipsec transform-set myset esp-desesp-md5-hmac
crypto map newmap 10 match address 102
crypto map newmap 10 set peer 58.56.11.90
crypto map newmap 10 set transform-setmyset
crypto map newmap 10 set reverse-route
crypto isakmp policy 10
authentication pre-share
encryption des
hashmd5
group 2
lifetime 3600
tunnel-group DefaultL2LGroupipsec-attributes
pre-shared-key *
telnet 0.0.0.00.0.0.0 inside
telnet timeout 5
ssh 0.0.0.00.0.0.0 ADSL//在外出口上啟用SSH連接配接
ssh timeout 5
console timeout 0
vpdn group adsl requestdialout pppoe
vpdn group adsl localname053201359805@adsla
vpdn group adsl pppauthentication pap
vpdn username053201359805@adsla password ********* store-local//定義撥号上網的使用者名和密碼
dhcpd dns 219.146.0.130
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:0ff91c11339fc14d254c49dfa1a91b3b
: end
ASA5505#
本文轉自 qq8658868 51CTO部落格,原文連結:http://blog.51cto.com/hujizhou/1186347,如需轉載請自行聯系原作者
![高防伺服器、高防IP與高防CDN的差別[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)