设为首页收藏本站language 语言切换
开启辅助访问 切换到宽版

鸿鹄论坛

 找回密码
 论坛注册

QQ登录

先注册再绑定QQ

鸿鹄论坛»鸿鹄论坛 ≡□≡思科认证≡□≡ CCNP求助答疑 不同网段通过防火墙不能互访
返回列表 发新帖
查看: 3166|回复: 11
收起左侧

[求助] 不同网段通过防火墙不能互访

[复制链接]
liangshengtao
发表于 2016-8-24 01:54:37 | 显示全部楼层 |阅读模式
3鸿鹄币
哪位大神帮解决下,公司网络拓扑如图,现在需要192.168.11.112这台主机能访问到10.250.250.0、10.250.251.0、10.250.252.0 这三个网段的主机,192.168.11.112主机的地址为防火墙DHCP分配的,具体设备配置如下:
二层交换机未做任何配置,
防火墙ASA5520 :
ASA5520#                        
ASA5520#
ASA5520#
ASA5520#
ASA5520#
ASA5520# show
INFO: % Type "show ?" for a list of subcommands
ASA5520#
ASA5520#
ASA5520# show run
ASA5520# show running-config
: Saved
:
ASA Version 8.2(1)11
!
hostname ASA5520
domain-name fire
enable password gLHONcojuZPm/2W1 encrypted
passwd OSq7yHiRPe1KMQuM encrypted
names
name 172.16.100.0 test-group description use-for-test
name 112.90.138.0 A-112.90.138.0 description QQ-2
name 219.133.60.0 A-219.133.60.0 description QQ
name 219.133.63.0 A-219.133.63.0 description QQ-1
dns-guard
!
interface GigabitEthernet0/0
description ChinaNet
nameif outside
security-level 0
ip address 219.159.71.16 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.11.254 255.255.255.0
!            
interface GigabitEthernet0/2
description RailCom
nameif outside_RailCom
security-level 0
pppoe client vpdn group RC
ip address pppoe setroute
!
interface GigabitEthernet0/3
nameif DMZ
security-level 75
ip address 192.168.16.254 255.255.255.0
!
interface Management0/0
nameif guanli
security-level 0
ip address 172.16.1.1 255.255.255.0
!
ftp mode passive
clock timezone Beijing 8
dns server-group DefaultDNS
domain-name fire
object-group service CW tcp
port-object eq 7001
port-object eq 9600
port-object eq 9604
port-object eq 9888
port-object eq 8888
port-object eq 7889
port-object eq 7888
object-group service NetBIOS tcp
port-object range 137 netbios-ssn
port-object eq 445
object-group network Limit_IP_grp
network-object host 192.168.11.9
network-object host 192.168.11.10
network-object host 192.168.11.11
network-object host 192.168.11.12
network-object host 192.168.11.13
network-object host 192.168.11.14
network-object host 192.168.11.15
network-object host 192.168.11.28
network-object host 192.168.11.30
network-object host 192.168.11.109
object-group service Limit_IP_srv
service-object tcp eq ftp
service-object tcp eq ftp-data
service-object tcp eq www
service-object tcp eq https
service-object tcp eq imap4
service-object tcp eq kerberos
service-object tcp eq lotusnotes
service-object tcp eq pop3
service-object tcp eq smtp
service-object tcp eq sqlnet
service-object tcp eq ssh
service-object tcp eq telnet
service-object udp eq domain
service-object udp eq isakmp
service-object udp eq kerberos
service-object udp eq ntp
service-object tcp eq 7001
service-object tcp eq 7888
service-object tcp eq 7889
service-object tcp eq 8888
service-object tcp eq 9600
service-object tcp eq 9604
service-object tcp eq 9889
service-object udp eq 8000
service-object tcp eq 3374
service-object tcp eq 7708
service-object tcp eq 19588
service-object tcp eq 4433
object-group network Chinanet_IP
description Chinanet_IP
network-object host 202.103.224.68
network-object host 202.103.225.68
network-object 125.71.208.0 255.255.255.0
network-object 58.60.191.32 255.255.255.224
network-object 218.69.130.108 255.255.255.252
network-object 117.141.4.136 255.255.255.248
object-group service Network_server
service-object udp eq ntp
service-object tcp eq 3389
service-object tcp eq sqlnet
service-object tcp eq ssh
service-object tcp eq telnet
service-object tcp eq 221
service-object udp eq 4500
service-object udp eq isakmp
service-object tcp eq 4433
service-object gre
object-group network test_server
description Outside_CMCC Server_Group
network-object host 192.168.11.237
object-group network 192.168.11.14
access-list inside_access_in extended permit ip object-group test_server any inactive
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 object-group Chinanet_IP
access-list inside_access_in extended permit ip object-group Limit_IP_grp any
access-list inside_access_in extended permit udp 192.168.11.0 255.255.255.0 any eq domain
access-list inside_access_in extended permit udp any any eq 8000
access-list inside_access_in remark ICQ
access-list inside_access_in extended permit udp 192.168.11.0 255.255.255.0 any eq 4000
access-list inside_access_in remark FTP
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq ftp
access-list inside_access_in remark FTP
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq ftp-data
access-list inside_access_in remark HTTP
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq www
access-list inside_access_in remark HTTPS
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq https
access-list inside_access_in remark MSN
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq 1863
access-list inside_access_in remark POP3
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq pop3
access-list inside_access_in remark SMTP
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq smtp
access-list inside_access_in remark CW
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any object-group CW
access-list inside_access_in remark Notes
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq lotusnotes
access-list inside_access_in remark Web_Spacial
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq 8080
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 interface inside inactive
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq 8000
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq 8081
access-list inside_access_in remark RemoteDesktop
access-list inside_access_in remark L2TP_VPN
access-list inside_access_in extended permit object-group Network_server any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in remark 26000
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any eq 26000
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp 192.168.11.0 255.255.255.0 192.168.11.0 255.255.255.0 eq pptp
access-list outside_access_in extended deny ip host 211.138.245.180 any inactive
access-list outside_access_in remark BOOTP_CLIENT
access-list outside_access_in extended permit udp any 192.168.11.0 255.255.255.0 eq bootpc inactive
access-list outside_access_in remark NetBIOS
access-list outside_access_in extended permit tcp any 192.168.11.0 255.255.255.0 object-group NetBIOS inactive
access-list outside_access_in extended permit ip any any inactive
access-list outside_access_in remark BOOTP_CLIENT
access-list outside_access_in remark NetBIOS
access-list outside_access_in remark BOOTP_CLIENT
access-list outside_access_in remark NetBIOS
access-list outside_access_in remark BOOTP_CLIENT
access-list outside_access_in remark NetBIOS
access-list outside_access_in remark BOOTP_CLIENT
access-list outside_access_in remark NetBIOS
access-list outside_access_in remark BOOTP_CLIENT
access-list outside_access_in remark NetBIOS
access-list outside_access_in extended permit tcp any 192.168.11.0 255.255.255.0 eq pptp
access-list outside_access_in extended permit tcp any 192.168.11.0 255.255.255.0 eq 1721
access-list 101 extended permit ip any object-group Chinanet_IP
access-list outside_CMCC_access_in extended permit ip any any inactive
access-list outside_CMCC_access_in extended permit tcp any host 111.12.0.250 eq 221 inactive
access-list outside_CMCC_access_in extended permit icmp any any
access-list outside_CMCC_access_in extended permit tcp any any eq www
access-list outside_CMCC_access_in extended permit tcp any any eq https
access-list outside_CMCC_access_in extended permit tcp any any inactive
access-list inside_nat0_outbound extended permit ip any 192.168.16.0 255.255.255.0
access-list DMZ_access_in extended permit ip any 192.168.11.0 255.255.255.0
access-list outside_mpc remark Mail_Srv
access-list outside_mpc extended permit ip host 219.159.68.79 any
access-list outside_mpc extended permit ip host 221.204.240.161 any
access-list outside_mpc extended permit ip 202.103.252.64 255.255.255.224 any
access-list liuzhao extended permit ip 172.16.95.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging list ppp level debugging class vpdn
logging buffered errors
logging asdm errors
mtu outside 1500
mtu inside 1500
mtu outside_RailCom 1492
mtu DMZ 1500
mtu guanli 1500
ip local pool ipsec_pool 192.168.10.1-192.168.10.50 mask 255.255.255.0
ip verify reverse-path interface inside
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
asdm history enable
arp inside 192.168.11.11 0021.9bf5.c307
arp timeout 14400
global (outside) 300 interface
global (outside_RailCom) 200 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 200 192.168.11.0 255.255.255.0
nat (DMZ) 200 0.0.0.0 0.0.0.0
static (inside,outside_RailCom) tcp interface ftp 192.168.11.135 ftp netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside_RailCom
access-group DMZ_access_in in interface DMZ
!
route-map inside-policy permit 10
match ip address 101
!
route outside 0.0.0.0 0.0.0.0 219.159.71.1 10 track 125
route inside 192.168.41.0 255.255.255.0 192.168.11.67 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no snmp-server enable
sla monitor 2
type echo protocol ipIcmpEcho 219.159.71.1 interface outside
num-packets 3
timeout 800
threshold 1000
frequency 2
sla monitor schedule 2 life forever start-time now
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set liuzhao esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map liuzhao 44 match address liuzhao
crypto dynamic-map liuzhao 44 set peer 219.159.82.236
crypto dynamic-map liuzhao 44 set transform-set liuzhao
!
track 123 rtr 1 reachability
!
track 124 rtr 1 reachability
!
track 125 rtr 2 reachability
telnet 192.168.11.0 255.255.255.0 inside
telnet 172.16.0.0 255.255.0.0 inside
telnet 172.18.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group RC request dialout pppoe
vpdn group RC localname 01541558
vpdn group RC ppp authentication pap
vpdn username 01541558 password *********
dhcpd dns 222.52.118.216 211.98.4.1
dhcpd lease 14400
dhcpd auto_config outside_RailCom
!
dhcpd address 192.168.11.110-192.168.11.199 inside
dhcpd dns 222.52.118.216 211.98.4.1 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 61.164.36.105
tftp-server inside 192.168.11.120 e:/tftp
webvpn
username 01541558 password /LAZ9QKnukjsNOGh encrypted
username zhirui password Of5oPStpBPxGtZR2 encrypted
username wenwen password os8h7vEaRh074VUg encrypted
username tommy password 4H9lY7rDV69wFAGm encrypted privilege 15
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
address-pool ipsec_pool
tunnel-group testgroup ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
class-map demo_class
match access-list 101
class-map demo_cla
class-map outside-class
match access-list outside_mpc
!            
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect icmp
  inspect pptp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ae339eb0c3cf8e3c675c559aedf06250
: end
ASA5520#         
[Connection to 192.168.11.254 closed by foreign host]

三层交换机:
Switch#show run
Switch#show running-config
Building configuration...

Current configuration : 3752 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username cisco
username admin password 0 admin
no aaa new-model
switch 1 provision ws-c3750g-24ts
system mtu routing 1500
ip subnet-zero
ip routing
!
!
crypto pki trustpoint TP-self-signed-3297101568
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3297101568
revocation-check none
rsakeypair TP-self-signed-3297101568
!
!
crypto pki certificate chain TP-self-signed-3297101568
certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323937 31303135 3638301E 170D3933 30333031 30303031
  33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32393731
  30313536 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E774 520D8567 DE9E8325 7471CBB0 BCC135CE EEBCAF39 5003517A 7F9E8438
  B7A5A3E2 A56F542F D3554593 DBD9CAE8 D5FD7DCF 274B4377 08AE8E87 87933121
  28240439 1EF6EA7B C7D20658 07C6D153 B0A18579 7AFC7667 188F7A8F 291221C6
  63FD5D85 B6E79277 FCBD6162 2DC20B67 4F915A8C 9A983E36 CF1672BC 4FB38E7A
  F3510203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
  551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1433CD70
  71F1B2AD 539D8C3F BEA2E076 9B5E583B 25301D06 03551D0E 04160414 33CD7071
  F1B2AD53 9D8C3FBE A2E0769B 5E583B25 300D0609 2A864886 F70D0101 04050003
  8181003E A172E57A 710A8D59 5378F67D A34AC639 D059E6B8 0490599A 75DCC8A5
  80F110A7 AAA5954D BAE2E41B 897A4633 9E998174 199C1B97 805CA47D 6963A1EE
  C68FA256 D02D6145 D59EC520 4199C2C0 67E14698 121F1D5E 595CD223 A2AC0F18
  80F66063 4E79B4D9 D30A47CD 2053ED77 773CCC05 77B322D8 60B2F26F AADFFBAB 2C777E
  quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!         
!
interface GigabitEthernet1/0/1
switchport mode access
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!         
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
no switchport
ip address 192.168.11.67 255.255.255.0
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan250
ip address 10.250.250.254 255.255.255.0
!         
interface Vlan251
ip address 10.250.251.254 255.255.255.0
!
interface Vlan252
ip address 10.250.252.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.11.254
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end      

Switch# wri   
Switch# write
Building configuration...
[OK]
Switch#
Switch#



最佳答案

sboku

查看完整内容

你的10.250服务器应该在内网的吧? 看情况是你的ASA里没有10.250的路由信息。show route看看吧。没有的话,加上再试试
回复

使用道具 举报

sboku
发表于 2016-8-24 01:54:38 | 显示全部楼层
liangshengtao 发表于 2016-8-24 14:26
加了那条命令,还是没解决,后面debug发现从内网主机PING10.250段的服务器的地址都被NAT转换到外网出口的 ...

你的10.250服务器应该在内网的吧?
看情况是你的ASA里没有10.250的路由信息。show route看看吧。没有的话,加上再试试
沙发 2016-8-24 01:54:38 回复 收起回复
回复

使用道具 举报

liangshengtao
 楼主| 发表于 2016-8-24 02:10:43 | 显示全部楼层
为什么我插入的拓扑图没有出来。。。。
板凳 2016-8-24 02:10:43 回复 收起回复
回复

使用道具 举报

sboku
发表于 2016-8-24 08:41:17 | 显示全部楼层
liangshengtao 发表于 2016-8-24 03:10
为什么我插入的拓扑图没有出来。。。。

也许你需要设定same-security-traffic permit intra-interface。看看命令说明吧。
地板 2016-8-24 08:41:17 回复 收起回复
回复

使用道具 举报

liangshengtao
 楼主| 发表于 2016-8-24 08:51:20 | 显示全部楼层
sboku 发表于 2016-8-24 08:41
也许你需要设定same-security-traffic permit intra-interface。看看命令说明吧。

你的意思是防火墙默认是不允许数据从同一口进出,ASA把数据包丢弃了?那我加那条命令后还需要做ACL吗?
5# 2016-8-24 08:51:20 回复 收起回复
回复

使用道具 举报

lzq8663457
发表于 2016-8-24 09:09:39 | 显示全部楼层
图在哪里呢?
6# 2016-8-24 09:09:39 回复 收起回复
回复

使用道具 举报

lzq8663457
发表于 2016-8-24 09:09:44 | 显示全部楼层
图在哪里呢?
7# 2016-8-24 09:09:44 回复 收起回复
回复

使用道具 举报

lzq8663457
发表于 2016-8-24 09:10:06 | 显示全部楼层
图在哪里呢?
8# 2016-8-24 09:10:06 回复 收起回复
回复

使用道具 举报

liangshengtao
 楼主| 发表于 2016-8-24 09:10:41 | 显示全部楼层
lzq8663457 发表于 2016-8-24 09:09
图在哪里呢?

不懂什么原因图我传上去显示不出来
9# 2016-8-24 09:10:41 回复 收起回复
回复

使用道具 举报

sboku
发表于 2016-8-24 09:38:46 | 显示全部楼层
liangshengtao 发表于 2016-8-24 09:51
你的意思是防火墙默认是不允许数据从同一口进出,ASA把数据包丢弃了?那我加那条命令后还需要做ACL吗?

默认情况下,ASA不允许的。设定了那个命令的话,ACL是不需要的。没有哪个命令的话,设了ACL也是不行的。
10# 2016-8-24 09:38:46 回复 收起回复
回复

使用道具 举报

liangshengtao
 楼主| 发表于 2016-8-24 13:26:25 | 显示全部楼层
sboku 发表于 2016-8-24 09:38
默认情况下,ASA不允许的。设定了那个命令的话,ACL是不需要的。没有哪个命令的话,设了ACL也是不行的。

加了那条命令,还是没解决,后面debug发现从内网主机PING10.250段的服务器的地址都被NAT转换到外网出口的地址了,这个网络搭得有点问题,不优化以后管理还会有更多的问题,我的图怎么就传不上来呢,郁闷
11# 2016-8-24 13:26:25 回复 收起回复
回复

使用道具 举报

liangshengtao
 楼主| 发表于 2016-8-25 15:32:11 | 显示全部楼层
sboku 发表于 2016-8-24 14:10
你的10.250服务器应该在内网的吧?
看情况是你的ASA里没有10.250的路由信息。show route看看吧。没有的 ...

路由是有了,只是从内网192.168.11段过来的IP全部被防火墙NAT掉了,所以一直访问不了,在防火墙从新做策略就可以了,已经解决了现在,只是他们这个组网太不合理了,后续还是改成分区域管理好点,感谢!分给你了
12# 2016-8-25 15:32:11 回复 收起回复
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )  

GMT+8, 2025-5-20 04:24 , Processed in 0.102314 second(s), 22 queries , Redis On.  

  Powered by Discuz!

  © 2001-2025 HH010.COM

快速回复 返回顶部 返回列表