配置NAT规则

启动NAT控制,配置NAT规则实现:配置动态NAT实现R1访问R3
                                 配置NAT豁免实现R1和R2互访
                                   配置静态NAT实现R3访问R2

wKioL1faSsSza0DBAADjcqF86kA390.jpg-wh_50

ASA(config)# interface ethernet 0/0ASA(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default.ASA(config-if)# ip address 172.16.1.2 255.255.255.0ASA(config-if)# no shutdown ASA(config-if)# exitASA(config)# interface ethernet 0/1ASA(config-if)# nameif insideINFO: Security level for "inside" set to 100 by default.ASA(config-if)# ip address 10.1.1.2 255.255.255.0ASA(config-if)# no shutdown ASA(config-if)# exit ASA(config)# interface ethernet 0/2ASA(config-if)# nameif dmzINFO: Security level for "dmz" set to 0 by default.ASA(config-if)# security-level 50 ASA(config-if)# ip address 192.168.1.2 255.255.255.0ASA(config-if)# no shutdown ASA(config-if)# exitR1(config)#interface fastEthernet 0/0R1(config-if)#ip address 10.1.1.1 255.255.255.0R1(config-if)#no shutdown R1(config-if)#exitR2(config)#interface fastEthernet 0/0R2(config-if)#ip address 192.168.1.1 255.255.255.0R2(config-if)#no shutdown R2(config-if)#exitR3(config)#interface fastEthernet 0/0R3(config-if)#ip address 172.16.1.1 255.255.255.0R3(config-if)#no shutdown R3(config-if)#exitASA(config)# nat (inside) 1 10.1.1.0 255.255.255.0 ASA(config)# global (outside) 1 172.16.1.5-172.16.1.10ASA(config)# nat-control ASA(config)# nat (inside) 0 10.1.1.0 255.255.255.0nat 0 10.1.1.0 will be identity translated for outboundASA(config)# nat (dmz) 0 192.168.1.0 255.255.255.0nat 0 192.168.1.0 will be identity translated for outboundASA(config)# access-list 100 permit tcp host 192.168.1.1 host 10.1.1.1   ASA(config)# access-group 100 in interface dmzASA(config)# static (dmz,outside) 172.16.1.100 192.168.1.1 ASA(config)# access-list 100 permit ip host 172.16.1.1 host 172.16.1.100ASA(config)# access-group 100 in interface outsideR3#telnet 172.16.1.100Trying 172.16.1.100 ... OpenPassword required, but none set

相关文章
相关标签/搜索