學習啦>學習電腦>網(wǎng)絡知識>網(wǎng)絡技術>

cisco asa5505防火墻地址映射

時間: 權威724 分享

  cisco思科是全球領先的大品牌,相信很多人也不陌生,那么你知道Cisco ASA 5505防火墻地址映射問題嗎?下面是學習啦小編整理的一些關于Cisco ASA 5505防火墻地址映射問題的相關資料,供你參考。

  Cisco ASA 5505防火墻地址映射問題:

  基本情況

  WAN: 221.221.147.195 Gateway: 221.221.147.200 LAN: 192.168.0.1

  內網(wǎng)中有一臺服務器,地址: 192.168.0.10 端口: 8089

  故障描述: 內網(wǎng)可正常連接至服務器,外網(wǎng)無法連接. 端口映射出現(xiàn)問題.

  解決方法: 命令行錯誤, 已更正并解決.

  問題重點: 采用"static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089" 映射.

  目前配置如下:

  ASA Version 7.2(2)

  !

  hostname ciscoasa

  enable password 8Ry2YjIyt7RRXU24 encrypted

  names

  !

  interface Vlan1

  nameif inside

  security-level 100

  ip address 192.168.0.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  ip address 221.221.147.195 255.255.255.252

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passwd 2KFQnbNIdI.2KYOU encrypted

  ftp mode passive

  access-list 101 extended permit tcp any host 221.221.147.195 eq 8089

  access-list 101 extended permit icmp any any

  access-list 101 extended permit tcp any any

  access-list 101 extended permit udp any any

  pager lines 24

  logging asdm informational

  mtu inside 1500

  mtu outside 1500

  icmp unreachable rate-limit 1 burst-size 1

  no asdm history enable

  arp timeout 14400

  global (outside) 1 interface

  static (inside,outside) 221.221.147.195 192.168.0.10 netmask 255.255.255.255 tcp 8089 0

  access-group 101 in interface outside

  route outside 0.0.0.0 0.0.0.0 221.221.147.200 1

  timeout xlate 3:00:00

  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

  timeout uauth 0:05:00 absolute

  http server enable

  no snmp-server location

  no snmp-server contact

  snmp-server enable traps snmp authentication linkup linkdown coldstart

  telnet timeout 5

  ssh timeout 5

  console timeout 0

  dhcpd auto_config outside

  !

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  policy-map type inspect dns preset_dns_map

  parameters

  message-length maximum 512

  policy-map global_policy

  class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  !

  service-policy global_policy global

  prompt hostname context

  Cryptochecksum:30e219cbc04a4c919e7411de55e14a64

  : end

  ciscoasa(config)#

  ------------------------------------------------------------

  在找尋解決方案過程中,有朋友做了重要提示, 采用: static (inside,outside) int 192.168.0.10 tcp 8089 做映射,但出現(xiàn)警告提示:

  WARNING: static redireting all traffics at outside interface;

  WARNING: all services terminating at outside interface are disabled.

  后來將命令改成: static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089 問題解決.

  看過文章“Cisco ASA 5505防火墻地址映射問題”的人還看了:

  1.cisco思科路由器設置

  2.思科路由器怎么進入 思科路由器怎么設置

  3.思科路由器控制端口連接圖解

  4.思科路由器基本配置教程

  5.如何進入cisco路由器

  6.cisco怎么進端口

  7.cisco如何看未接來電

  8.cisco常用命令

  9.詳解思科route print

  10.思科路由器恢復出廠配置的方法有哪些

cisco asa5505防火墻地址映射

cisco思科是全球領先的大品牌,相信很多人也不陌生,那么你知道Cisco ASA 5505防火墻地址映射問題嗎?下面是學習啦小編整理的一些關于Cisco ASA 5505防火墻地址映射問題的相關資料,供你參考。 Cisco ASA 5505防火墻地址映射問題: 基本
推薦度:
點擊下載文檔文檔為doc格式
594798