|
cisco ASA 端口映射
CISCO ASA防火墙不同于CISCO的路由器,CISCO的路由器将整个IP地址映射出去,默认的是将所有端口都映射出去了,但是CISCO ASA防火墙则不是,他需要映射对应的端口才行 1.静态端口映射:
ftp端口映射命令为:
static (inside,outside)tcp 119.119.119.119 ftp 192.168.1.1 ftp netmask 255.255.255.255
www端口映射命令为:
static (inside,outside)tcp 119.119.119.119 www 192.168.1.1 www netmask 255.255.255.255
远程桌面端口映射:
static (inside,outside)tcp 119.119.119.119 3389 192.168.1.1 3389 netmask 255.255.255.255
DMZ区域的邮件收发端口映射:
static(dmz,outside)tcp 119.119.119.119 pop3 192.168.1.1 pop3 netmask 255.255.255.255
static(dmz,outside)tcp 119.119.119.119 smtp 192.168.1.1 smtp netmask 255.255.255.255
2.Pnat映射
global (outside)119.119.119.119 netmask 255.255.255.255
nat (inside)1 192.168.1.0 255.255.255.0
nat (insdie)1 192.168.2.0 255.255.255.0
nat (inside)1 192.168.3.0 255.255.255.0
nat (inside)1 192.168.4.0 255.255.255.0
内网1,2,3,4网段的ip地址都通过外网的119.119.119.199上网
|
|
|
来自: 笑观云卷云舒 > 《cisco ASA防火墙配置》
