- Cisco Router 透過usb備份的話,是用 copy running-config usbflash1:
- Cisco ASA 透過usb備份的話,是用 copy running-config disk1:
還原出廠預設值
ciscoasa#conf t
ciscoasa(config)#configure factory-default
ciscoasa(config)# reload
System config has been modified. Save? [Y]es/[N]o: y
Cryptochecksum: cbae301c 8cea4e21 022b5873 ec551723
2709 bytes copied in 0.780 secs
Proceed with reload? [confirm]
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
第一次進入特權模式會提醒
***************************** NOTICE *****************************
Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall
Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: A
No input detected, recording Ask later.
You will be reminded again in 7 days.
If you would like to enable this feature, issue the command
"call-home reporting anonymous".
設定Cisco ASA 機器名稱
ciscoasa(config)# hostname ASA #字數要小於64
顯示目前interface
#show interface ip brief
設定WAN IP
ciscoasa# conf t
ciscoasa(config)# interface gigabitEthernet 0/0
ciscoasa(config-if)# ip address A.B.C.D 255.255.255.0 #設定WAN IP
ciscoasa(config-if)# nameif outside #設定路由會用到
ciscoasa(config-if)# no shutdown
設定路由
ciscoasa(config)# route outside 0.0.0.0 0.0.0.0 Gateway
設定ASA可以用SSH登入
ciscoasa(config)# enable password Password
ciscoasa(config)# username adminstrator password 1234567890
ciscoasa(config)# ssh External_IP 255.255.255.255 outside
ciscoasa(config)# ssh version 2
ciscoasa(config)# aaa authentication ssh console LOCAL
ciscoasa(config)# crypto key generate rsa modulus 4096
WARNING: You have a RSA keypair already defined named .
Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait...
在MAC裡,需要設定用ssh 指令可以登入,
~/.ssh/config
HOST asa
HostName FQDN or IP
User administrator
KexAlgorithms +diffie-hellman-group1-sha1
or
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 IP
Reference:
沒有留言:
張貼留言