Cisco ASA 8.4 NAT&***总结

yanfangsheng123 · 发表于 2018-7-10 11:11:47

　　Dynamic NAT
　　object network my-range-obj
　　range 10.2.2.1 10.2.2.10
　　object network my-inside-net
　　subnet 192.168.2.0 255.255.255.0
　　nat (inside,outside) dynamic my-range-obj
　　-------------------------------------------------------------
　　Dynamic NAT with dynamic PAT backup!!
　　object network nat-range1
　　range 10.10.10.10 10.10.10.20
　　object network pat-ip1
　　host 10.10.10.21
　　object-group network nat-pat-grp
　　network-object object nat-range1
　　network-object object pat-ip1
　　object network my_net_obj5
　　subnet 10.76.11.0 255.255.255.0
　　nat (inside,outside) dynamic nat-pat-grp interface
　　--------------------------------------------------------------
　　Dynamic PAT!!
　　object network my-inside-net
　　subnet 192.168.2.0 255.255.255.0
　　nat (inside,outside) dynamic 10.2.2.2
　　Dynamic PAT,Interface!!
　　object network my-inside-net
　　subnet 192.168.2.0 255.255.255.0
　　nat (inside,outside) dynamic interface
　　--------------------------------------------------------------
　　The following example configures static NAT for the real host 10.1.1.1 on the inside to 10.2.2.2 on the
　　outside with DNS rewrite enabled.
　　object network my-host-obj1
　　host 10.1.1.1
　　nat (inside,outside) static 10.2.2.2 dns
　　--------------------------------------------------------------
　　The following example configures static NAT for the real host 10.1.1.1 on the inside to 2.2.2.2 on the
　　outside using a mapped object.
　　object network my-mapped-obj
　　host 10.2.2.2
　　object network my-host-obj1
　　host 10.1.1.1
　　nat (inside,outside) static my-mapped-obj
　　---------------------------------------------------------------
　　The following example configures static NAT-with-port-translation for 10.1.1.1 at TCP port 21 to the
　　outside interface at port 2121.
　　object network my-ftp-server
　　host 10.1.1.1
　　nat (inside,outside) static interface service tcp 21 2121
　　---------------------------------------------------------------
　　Identity NAT:
　　object network my-host-obj1
　　host 10.1.1.1
　　nat (inside,outside) static 10.1.1.1
　　object network my-host-obj1-identity
　　host 10.1.1.1
　　object network my-host-obj1
　　host 10.1.1.1
　　nat (inside,outside) static my-host-obj1-identity
　　---------------------------------------------------------------
　　L2TP Over IPSec:
　　crypto ikev1 enable outside
　　crypto ikev1 policy 10
　　authentication pre-share
　　encryption 3des
　　hash sha
　　group 2
　　lifetime 86400
　　crypto ipsec ikev1 transform-set my-transform-set-ikev1 esp-des esp-sha-hmac
　　crypto ipsec ikev1 transform-set my-transform-set-ikev1 mode transport
　　ip local pool sales_addresses 209.165.202.129-209.165.202.158
　　tunnel-group DefaultRAGroup general-attributes
　　default-group-policy sales_policy
　　address-pool sales_addresses
　　tunnel-group DefaultRAGroup ipsec-attributes
　　pre-shared-key *
　　tunnel-group DefaultRAGroup ppp-attributes
　　no authentication pap
　　authentication chap
　　authentication ms-chap-v1
　　authentication ms-chap-v2
　　group-policy sales_policy internal
　　group-policy sales_policy attributes
　　wins-server value 209.165.201.3 209.165.201.4
　　dns-server value 209.165.201.1 209.165.201.2
　　***-tunnel-protocol l2tp-ipsec
　　crypto dynamic-map dyno 10 set ikev1 transform-set trans
　　crypto map *** 20 ipsec-isakmp dynamic dyno
　　crypto map *** interface outside
　　---------------------------------------------------------------
　　Romote ***:
　　interface ethernet0
　　ip address 10.10.4.200 255.255.0.0
　　nameif outside
　　no shutdown
　　crypto ikev1 policy 1
　　authentication pre-share
　　encryption 3des
　　hash sha
　　group 2
　　lifetime 43200
　　crypto ikev1 outside
　　ip local pool testpool 192.168.0.10-192.168.0.15
　　username testuser password 12345678
　　crypto ipsec ikev1 transform set FirstSet esp-3des esp-md5-hmac
　　tunnel-group testgroup type remote-access
　　tunnel-group testgroup general-attributes
　　address-pool testpool
　　tunnel-group testgroup ipsec-attributes
　　ikev1 pre-shared-key 44kkaol59636jnfx
　　crypto dynamic-map dyn1 1 set ikev1 transform-set FirstSet
　　crypto dynamic-map dyn1 1 set reverse-route
　　crypto map mymap 1 ipsec-isakmp dynamic dyn1
　　crypto map mymap interface outside
　　write memory

账号		自动登录	找回密码
密码			立即注册

wirelessnetview好用的无线分析工具

Red Hat RHCE 8 (EX294) Cert Guide

亿图图示专家(EDraw Max) V7.9 中文破解版

zabbix3.4.1安装部署+微信推送信息+大屏显

Red Hat OpenShift I: Containers & Kubern

2025 年，C++ 还能“硬核”多久？

RH199 RHCSA Rapid Track

[经验分享] Cisco ASA 8.4 NAT&***总结

浏览过的版块

扫码加入运维网微信交流群