ASA 5510 配置案例(解决端口映射问题).doc

ASA 5510 配置案例(解决端口映射问题).txt老公如果你只能在活一天，我愿用我的生命来延续你的生命，你要快乐的生活在提出分手的时候请不要说还爱我。Cisco ASA 5505防火墙端口映射问题解决 基本情况: WAN: 221.221.147.195 Gateway: 221.221.147.200 LAN: 192.168.0.1 内网中有一台服务器,地址: 192.168.0.10 端口: 8089 故障描述: 内网可正常连接至服务器,外网无法连接. 端口映射出现问题. 解决方法: 命令行错误, 已更正并解决. 问题重点: 采用 "static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089" 映射. 目前配置如下: ASA Version 7.2(2) ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 221.221.147.195 255.255.255.252 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive access-list 101 extended permit tcp any host 221.221.147.195 eq 8089 access-list 101 extended permit icmp any any access-list 101 extended permit tcp any any access-list 101 extended permit udp any any pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface static (inside,outside) 221.221.147.195 192.168.0.10 netmask 255.255.255.255 tcp 8089 0 access-group 101 in interface outside route outside 0.0.0.0 0.0.0.0 221.221.147.200 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! ! class-map inspection_default match default-inspection-traffic ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:30e219cbc04a4c919e7411de55e14a64 : end ciscoasa(config)# ------------------------------------------------------------ 在找寻解决方案过程中,有朋友做了重要提示, 采用: static (inside,outside) int 192.168.0.10 tcp 8089 做映射,但出现警告提示: WARNING: static redireting all traffics at outside interface; WARNING: all services terminating at outside interface are disabled. 后来将命令改成: static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089 问题解决. 这几天又配置一个asa5505的防火墙 采用 static (inside,outside) 221.221.147.195 192.168.0.10 tcp 8089 不通。 后采用 static (inside,outside) tcp interface 8089 192.168.0.10 3389 netmask 255.255.255.255