真实的国产乱ⅩXXX66竹夫人,五月香六月婷婷激情综合,亚洲日本VA一区二区三区,亚洲精品一区二区三区麻豆

成都創(chuàng)新互聯(lián)網(wǎng)站制作重慶分公司

ASA防火墻DynamicNAT配置

ASA防火墻Dynamic NAT配置
說明:
OUTSIDE模擬外網(wǎng):e/0接口IP:200.200.200.200/24,lo0:8.8.8.8/32,lo10:114.114.114.114/32
INSIDE模擬內(nèi)網(wǎng):vlan 10:10.10.10.1/24,vlan 20:10.10.20.1/24,vlan 30:10.10.30.1/24;默認(rèn)路由指向ASA防火墻-10.10.10.2。
ASA防火墻默認(rèn)路由指向OUTSIDE-200.200.200.200,10.0.0.0/8下一跳指向INSIDE-10.10.10.1。

十多年的鄂托克網(wǎng)站建設(shè)經(jīng)驗(yàn),針對設(shè)計(jì)、前端、開發(fā)、售后、文案、推廣等六對一服務(wù),響應(yīng)快,48小時(shí)及時(shí)工作處理。成都全網(wǎng)營銷的優(yōu)勢是能夠根據(jù)用戶設(shè)備顯示端的尺寸不同,自動(dòng)調(diào)整鄂托克建站的顯示方式,使網(wǎng)站能夠適用不同顯示終端,在瀏覽器中調(diào)整網(wǎng)站的寬度,無論在任何一種瀏覽器上瀏覽網(wǎng)站,都能展現(xiàn)優(yōu)雅布局與設(shè)計(jì),從而大程度地提升瀏覽體驗(yàn)。創(chuàng)新互聯(lián)從事“鄂托克網(wǎng)站設(shè)計(jì)”,“鄂托克網(wǎng)站推廣”以來,每個(gè)客戶項(xiàng)目都認(rèn)真落實(shí)執(zhí)行。

需求:INSIDE-10.10.10.0/24需要訪問外網(wǎng)(8.8.8.8)
方法一:動(dòng)態(tài)NAT
1.新建network object
2.在object下做NAT(使用外網(wǎng)接口地址做轉(zhuǎn)換)

object network INSIDE-10.10.10.0
subnet 10.10.10.0 255.255.255.0
nat (inside,outside) dynamic interface
exit

access-list OUT-TO-INSIDE extended permit ip any 10.10.10.0 255.255.255.0 //模擬器需要作此策略,真實(shí)設(shè)備不需要
access-group OUT-TO-INSIDE in interface outside //模擬器需要作此策略,真實(shí)設(shè)備不需要

測試
INSIDE#ping 8.8.8.8 source vlan 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

查看ASA防火墻的NAT轉(zhuǎn)換:
ASA(config)# show xlate
1 in use, 3 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net

ICMP PAT from inside:10.10.10.1/22 to outside:200.200.200.1/22 flags ri idle 0:00:01 timeout 0:00:30

方法二:動(dòng)態(tài)NAT
1.新建network object
2.在object下做NAT(使用單獨(dú)的外網(wǎng)IP做轉(zhuǎn)換)

object network INSIDE-10.10.10.0
subnet 10.10.10.0 255.255.255.0
nat (inside,outside) dynamic 200.200.200.10
exit

access-list OUT-TO-INSIDE extended permit ip any 10.10.10.0 255.255.255.0 //模擬器需要作此策略,真實(shí)設(shè)備不需要
access-group OUT-TO-INSIDE in interface outside //模擬器需要作此策略,真實(shí)設(shè)備不需要

測試:
INSIDE#ping 8.8.8.8 source vlan 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/7 ms

ASA# show xlate
1 in use, 4 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net

ICMP PAT from inside:10.10.10.1/27 to outside:200.200.200.10/27 flags ri idle 0:00:00 timeout 0:00:30


網(wǎng)頁名稱:ASA防火墻DynamicNAT配置
文章地址:http://weahome.cn/article/gijisd.html

其他資訊

在線咨詢

微信咨詢

電話咨詢

028-86922220(工作日)

18980820575(7×24)

提交需求

返回頂部