对于cisco ASA5520防火墙我这边有固定的外网IP如何使内部交换机cisco2970内网机器上网？

外网配置ip地址，并命名为“outside”，内网设置私有ip,如192.168.1，并命名为“inside”，最后再做网络地址转换即可。楼主可参考下面：
1.进入外接口：
nameif outside
ip add 固定IP地址
no shutdown
2.进入内接口：
nameif inside
ip add 私有IP地址
no shutdown
3.NAT（网络地址转换）：
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 0.0.0.0 0.0.0.0 netmask 0.0.0.0

下面的是我之前的配置文件
你可以按照你那边的IP地址重新配置一下就可以了。
ASA Version 7.0(8)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

dns-guard

!

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 10.52.10.102 255.255.255.0

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 10.52.2.45 255.255.255.0

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

<--- More --->

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

access-list outside extended permit tcp any interface outside

access-list ping extended permit icmp any any

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

no failover

icmp permit any echo-reply outside

icmp permit any echo outside

icmp permit any echo-reply inside

icmp permit any echo inside

asdm image disk0:/asdm-508.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group outside in interface outside

route outside 0.0.0.0 0.0.0.0 10.52.10.250 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username test password P4ttSyrm33SV8TYp encrypted privilege 15

http server enable

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny
inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:238fb0d7e9602332386d93bc0a5312a7

: end
ciscoasa(config)#

外网IP地址连接ASA5520的ethernet 0 ，ethernet1连接cisco2970的交换机，电脑连接cisco2970的设备，然后再ASA5520上做相关的设定，比如NAT、DHCP、static route等等设定，就可以上网啦。

ASA上做个NAT就好了呀