您好,登錄后才能下訂單哦!
cisco asa 5520 8.4 NAT轉(zhuǎn)換配置
1)定義nat轉(zhuǎn)換規(guī)則
object network 192.168.3.233_18096 #定義網(wǎng)絡(luò)對(duì)象名
host 192.168.3.233 #定義內(nèi)網(wǎng)IP
nat (dmz,outside) static xxx.17.xxx.36 service tcp 18096 18096 #轉(zhuǎn)換規(guī)則,把內(nèi)網(wǎng)主機(jī)192.168.3.233映射到外網(wǎng)xxx.17.xxx.36.
2)定義訪問(wèn)列表
方式一
access-list outside_access_in_1 extended permit tcp any
object 192.168.3.233_18096 eq 18096 #注意:目的地址為定義的NAT對(duì)象.
方式二
a. object service tcp_18096_acl #定義服務(wù)對(duì)象
service tcp source range 1 65535 destination eq 18096 #源端口任意端口,目的端口 #為18096
b. access-list outside_access_in_1 extended permit
object tcp_18096_acl any object 192.168.3.233_18096
4)應(yīng)用訪問(wèn)列表
access-group outside_access_in_1 in interface outside
-----------------------------------------------------------
如下是8.4版官方配置示例:
This section includes typical configuration examples for permitting or denying network access.
The following example adds a network object for inside server 1, performs static NAT for the server, and enables access to from the outside for inside server 1.
hostname(config)# object network inside-server1
hostname(config)# host 10.1.1.1
hostname(config)# nat (inside,outside) static 209.165.201.12
hostname(config)# access-list outside_access extended permit tcp any object inside-server1 eq www
hostname(config)# access-group outside_access in interface outside
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_rules.html
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。