学习啦>学习电脑>网络知识>网络技术>

cisco asa5505防火墙地址映射

权威分享

  cisco思科是全球领先的大品牌,相信很多人也不陌生,那么你知道Cisco ASA 5505防火墙地址映射问题吗?下面是学习啦小编整理的一些关于Cisco ASA 5505防火墙地址映射问题的相关资料,供你参考。

  Cisco ASA 5505防火墙地址映射问题:

  基本情况

  WAN: 221.221.147.195 Gateway: 221.221.147.200 LAN: 192.168.0.1

  内网中有一台服务器,地址: 192.168.0.10 端口: 8089

  故障描述: 内网可正常连接至服务器,外网无法连接. 端口映射出现问题.

  解决方法: 命令行错误, 已更正并解决.

  问题重点: 采用"static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089" 映射.

  目前配置如下:

  ASA Version 7.2(2)

  !

  hostname ciscoasa

  enable password 8Ry2YjIyt7RRXU24 encrypted

  names

  !

  interface Vlan1

  nameif inside

  security-level 100

  ip address 192.168.0.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  ip address 221.221.147.195 255.255.255.252

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passwd 2KFQnbNIdI.2KYOU encrypted

  ftp mode passive

  access-list 101 extended permit tcp any host 221.221.147.195 eq 8089

  access-list 101 extended permit icmp any any

  access-list 101 extended permit tcp any any

  access-list 101 extended permit udp any any

  pager lines 24

  logging asdm informational

  mtu inside 1500

  mtu outside 1500

  icmp unreachable rate-limit 1 burst-size 1

  no asdm history enable

  arp timeout 14400

  global (outside) 1 interface

  static (inside,outside) 221.221.147.195 192.168.0.10 netmask 255.255.255.255 tcp 8089 0

  access-group 101 in interface outside

  route outside 0.0.0.0 0.0.0.0 221.221.147.200 1

  timeout xlate 3:00:00

  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

  timeout uauth 0:05:00 absolute

  http server enable

  no snmp-server location

  no snmp-server contact

  snmp-server enable traps snmp authentication linkup linkdown coldstart

  telnet timeout 5

  ssh timeout 5

  console timeout 0

  dhcpd auto_config outside

  !

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  policy-map type inspect dns preset_dns_map

  parameters

  message-length maximum 512

  policy-map global_policy

  class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

  !

  service-policy global_policy global

  prompt hostname context

  Cryptochecksum:30e219cbc04a4c919e7411de55e14a64

  : end

  ciscoasa(config)#

  ------------------------------------------------------------

  在找寻解决方案过程中,有朋友做了重要提示, 采用: static (inside,outside) int 192.168.0.10 tcp 8089 做映射,但出现警告提示:

  WARNING: static redireting all traffics at outside interface;

  WARNING: all services terminating at outside interface are disabled.

  后来将命令改成: static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089 问题解决.

  看过文章“Cisco ASA 5505防火墙地址映射问题”的人还看了:

  1.cisco思科路由器设置

  2.思科路由器怎么进入 思科路由器怎么设置

  3.思科路由器控制端口连接图解

  4.思科路由器基本配置教程

  5.如何进入cisco路由器

  6.cisco怎么进端口

  7.cisco如何看未接来电

  8.cisco常用命令

  9.详解思科route print

  10.思科路由器恢复出厂配置的方法有哪些

    594798