cisco asa 5520 8.4 (一)-- 静态nat-pat
cisco asa 5520 8.4 NAT转换配置1)定义nat转换规则
object network 192.168.3.233_18096 #定义网络对象名
host 192.168.3.233 #定义内网IP
nat (dmz,outside) static xxx.17.xxx.36 service tcp 18096 18096 #转换规则,把内网主机192.168.3.233映射到外网xxx.17.xxx.36.
2)定义访问列表
方式一
access-list outside_access_in_1 extended permit tcp any
object 192.168.3.233_18096 eq 18096 #注意:目的地址为定义的NAT对象.
方式二
a. object service tcp_18096_acl #定义服务对象
service tcp source range 1 65535 destination eq 18096#源端口任意端口,目的端口 #为18096
b. access-list outside_access_in_1 extended permit
object tcp_18096_acl any object 192.168.3.233_18096
4)应用访问列表
access-group outside_access_in_1 in interface outside
-----------------------------------------------------------
如下是8.4版官方配置示例:
Configuration Examples for Permitting or Denying Network Access
This section includes typical configuration examples for permitting or denying network access.
The following example adds a network object for inside server 1, performs static NAT for the server, and enables access to from the outside for inside server 1.
hostname(config)# object network inside-server1
hostname(config)# host 10.1.1.1
hostname(config)# nat (inside,outside) static 209.165.201.12
hostname(config)# access-list outside_access extended permit tcp any object inside-server1 eq www
hostname(config)# access-group outside_access in interface outside
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_rules.html
页:
[1]