1、ASA 5510 配置案例(解决端口映射问题).txt 老公如果你只能在活一天,我愿用我的生命来延续你的生命,你要快乐的生活在提出分手的时候请不要说还爱我。Cisco ASA 5505 防火墙端口映射问题解决基本情况: WAN: 221.221.147.195 Gateway: 221.221.147.200 LAN: 192.168.0.1内网中有一台服务器,地址: 192.168.0.10 端口: 8089 故障描述: 内网可正常连接至服务器,外网无法连接. 端口映射出现问题.解决方法: 命令行错误, 已更正并解决. 问题重点: 采用 “static (inside,outside) 22
2、1.221.147.195 192.168.0.10 tcp 8089“ 映射.目前配置如下: ASA Version 7.2(2)!hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.0.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address 221.221.147.195 255.255.255.2
3、52!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!passwd 2KFQnbNIdI.2KYOU encryptedftp mode passiveaccess-list 101 extended permit tcp any host 221.221.147.195 eq 8089ac
4、cess-list 101 extended permit icmp any anyaccess-list 101 extended permit tcp any anyaccess-list 101 extended permit udp any anypager lines 24logging asdm informationalmtu inside 1500mtu outside 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 i
5、nterfacestatic (inside,outside) 221.221.147.195 192.168.0.10 netmask 255.255.255.255 tcp 8089 0access-group 101 in interface outsideroute outside 0.0.0.0 0.0.0.0 221.221.147.200 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00
6、 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout uauth 0:05:00 absolutehttp server enableno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstarttelnet timeout
7、5ssh timeout 5console timeout 0dhcpd auto_config outside!class-map inspection_defaultmatch default-inspection-traffic!policy-map type inspect dns preset_dns_mapparametersmessage-length maximum 512policy-map global_policyclass inspection_defaultinspect dns preset_dns_mapinspect ftpinspect h323 h225in
8、spect h323 rasinspect rshinspect rtspinspect esmtpinspect sqlnetinspect skinnyinspect sunrpcinspect xdmcpinspect sipinspect netbiosinspect tftp!service-policy global_policy globalprompt hostname contextCryptochecksum:30e219cbc04a4c919e7411de55e14a64: endciscoasa(config)#-在找寻解决方案过程中,有朋友做了重要提示, 采用: st
9、atic (inside,outside) int 192.168.0.10 tcp 8089 做映射,但出现警告提示:WARNING: static redireting all traffics at outside interface;WARNING: all services terminating at outside interface are disabled.后来将命令改成: static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089 问题解决.这几天又配置一个 asa5505 的防火墙 采用static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089 不通。后采用static (inside,outside) tcp interface 8089 192.168.0.10 3389 netmask 255.255.255.255
