防火墙NAT（防火墙nat模式）

防火墙NAT（防火墙nat模式）

拓扑图如下：

配置命令如下：

动态NAT配置ciscoasa(config)#object network out-poolciscoasa(config-network-object)#range 200.1.1.10 200.1.1.20ciscoasa(config-network-object)#exitciscoasa(config)#object network in-ldciscoasa(config-network-object)#subnet 172.16.88.0 255.255.255.0ciscoasa(config-network-object)#exitciscoasa(config)#object network in-xd ciscoasa(config-network-object)#subnet 172.16.1.0 255.255.255.0 ciscoasa(config-network-object)#exitciscoasa(config)#object network dmz-1ciscoasa(config-network-object)# ciscoasa(config-network-object)#subnet 192.168.0.0 255.255.255.0ciscoasa(config-network-object)#exitciscoasa(config)#object network dmz-2ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0ciscoasa(config-network-object)#exitciscoasa(config)#object-group network in-lanciscoasa(config-network-object-group)#network-object object in-ldciscoasa(config-network-object-group)#network-object object in-xdciscoasa(config-network-object-group)#exitciscoasa(config)#object-group network dmz-lanciscoasa(config-network-object-group)#network-object object dmz-1 ciscoasa(config-network-object-group)#network-object object dmz-2 ciscoasa(config-network-object-group)#exit

指定PATciscoasa(config)#object network out-poolciscoasa(config-network-object)#range 200.1.1.10 200.1.1.20ciscoasa(config-network-object)#exitciscoasa(config)#object network out-pat3ciscoasa(config-network-object)#host 200.1.1.3ciscoasa(config-network-object)#exitciscoasa(config)# ciscoasa(config)#object-group network out-natciscoasa(config-network-object-group)#network-object object out-pat3ciscoasa(config-network-object-group)#network-object object out-poolciscoasa(config-network-object-group)#exitciscoasa(config)#nat source dynamic in-lan out-nat

静态NAt（一对一）ciscoasa(config)#object network webciscoasa(config-network-object)#host 200.1.1.21ciscoasa(config-network-object)#exitciscoasa(config)#object network dmz-webciscoasa(config-network-object)#host 192.168.1.11ciscoasa(config-network-object)#exitciscoasa(config)#access-list web extended permit tcp any host 192.168.1.11ciscoasa(config)#nat source static dmz-web web

端口一对一ciscoasa(config)#object network teldmzciscoasa(config-network-object)#host 200.1.1.22ciscoasa(config-network-object)# ciscoasa(config-network-object)#object network dmz-webciscoasa(config-network-object)#host 192.168.1.11ciscoasa(config-network-object)#exitciscoasa(config)#object service telnetciscoasa(config-service-object)#service tcp source eq telnet ciscoasa(config-service-object)#exitciscoasa(config)#nat source static dmz-web teldmz service telnet telnet

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。