- 积分
- 251
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2012-10-31
- 最后登录
- 1970-1-1
- 阅读权限
- 30
- 听众
- 收听
初级工程师
|
ciscoasa# show run
: Saved
:
ASA Version 8.0(4)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 10
ip address 111.75.211.215 255.255.255.128
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address 822613
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any
access-list inside_access_in extended permit udp any any
access-list inside_nat_outbound extended permit ip 192.168.100.0 255.255.255.0 any
access-list inside_nat_outbound extended permit ip 192.168.16.0 255.255.255.0 any
access-list inside_nat_outbound extended permit ip 192.168.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any host 111.75.211.216
access-list outside_access_in extended permit ip any host 111.75.211.217
access-list outside_access_in extended permit tcp any host 111.75.211.215 eq www
access-list outside_access_in extended permit tcp any host 111.75.211.215 eq 808
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 access-list inside_nat_outbound
static (inside,outside) tcp interface www 192.168.16.210 www netmask 255.255.255.255
static (inside,outside) tcp interface 808 192.168.16.210 808 netmask 255.255.255.255
static (inside,outside) 111.75.211.216 192.168.16.250 netmask 255.255.255.255
static (inside,outside) 111.75.211.217 192.168.100.2 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 111.75.211.129 1
route inside 192.168.1.0 255.255.255.0 192.168.100.2 1
route inside 192.168.16.0 255.255.255.0 192.168.100.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
ssh version 1
console timeout 0
有一台防火墙ASA 5510 配置如上所示,防火墙是外网出口,下连一台交换机,交换机是三层和防火墙互联,内网用户都是192.168.16.0/24网段的,目前有一台服务器 192.168.16.193 做了映射8080 端口到外网 的808端口,外网可以正常访问内部的应用,但是如果我 在想内网输入 外网IP+端口号 确打不开,但是 内网可以,求教 还需要加什么命令吗,!!!!我记得H3C 的设备只需在内网接口下做映射就好了!!!!!!!!
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2013-8-19 16:01:35
置顶卡
喧嚣卡
变色卡
千斤顶
成长值: 57235
楼主
