溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
cisco asa 5520 8.4 NAT轉換配置
1)定義nat轉換規則
object network 192.168.3.233_18096 #定義網絡對象名
host 192.168.3.233 #定義內網IP
nat (dmz,outside) static xxx.17.xxx.36 service tcp 18096 18096 #轉換規則,把內網主機192.168.3.233映射到外網xxx.17.xxx.36.
2)定義訪問列表
方式一
access-list outside_access_in_1 extended permit tcp any
object 192.168.3.233_18096 eq 18096 #注意:目的地址為定義的NAT對象.
方式二
a. object service tcp_18096_acl #定義服務對象
service tcp source range 1 65535 destination eq 18096 #源端口任意端口,目的端口 #為18096
b. access-list outside_access_in_1 extended permit
object tcp_18096_acl any object 192.168.3.233_18096
4)應用訪問列表
access-group outside_access_in_1 in interface outside
-----------------------------------------------------------
如下是8.4版官方配置示例:
This section includes typical configuration examples for permitting or denying network access.
The following example adds a network object for inside server 1, performs static NAT for the server, and enables access to from the outside for inside server 1.
hostname(config)# object network inside-server1
hostname(config)# host 10.1.1.1
hostname(config)# nat (inside,outside) static 209.165.201.12
hostname(config)# access-list outside_access extended permit tcp any object inside-server1 eq www
hostname(config)# access-group outside_access in interface outside
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_rules.html
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
