interface GigabitEthernet0/0
nameif outside //指定接口名称
security-level 0 //安全级别设置
ip address 1.1.1.2 255.255.255.248
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 1.1.1.9 255.255.255.248
!
interface GigabitEthernet0/2
nameif inside1
security-level 100
ip address 172.16.1.1 255.255.255.0
!
interface GigabitEthernet0/3
nameif dmz
security-level 80
ip address 192.168.100.1 255.255.255.224
!
安全级别security-level 从0-100.值越大就越安全,也即是说安全级别高的可以访问安全级别低的,安全级别低的访问安全级别高的就需要做ACL来实现。
比如 outside 要访问inside,inside1,dmz 就需要做acl
access-list all extended permit ip any any
access-list all extended permit icmp any any
access-group all in interface outside
如果安全级别一样,那么默认情况下是不能互相访问的,如果要实现安全级别一样的接口间互访必须开
same-security-traffic permit inter-interface