2151| 18
|
[安全Sec] 思科防火墙安全文档-ASA防火墙8.3与7.0各种操作配置区别详解 思科ASA防火墙文档 |
思科防火墙安全文档-ASA防火墙8.3与7.0各种操作配置区别详解
节选:Network Object NAT配置介绍 1.Dynamic NAT(动态NAT,动态一对一) 实例一: 传统配置方法: nat (Inside) 1 10.1.1.0 255.255.255.0 global (Outside) 1 202.100.1.100-202.100.1.200 新配置方法(Network Object NAT) object network Outside-Nat-Pool range 202.100.1.100 202.100.1.200 object network Inside-Network subnet 10.1.1.0 255.255.255.0 object network Inside-Network nat (Inside,Outside) dynamic Outside-Nat-Pool 实例二: object network Outside-Nat-Pool range 202.100.1.100 202.100.1.200 object network Outside-PAT-Address host 202.100.1.201 object-group network Outside-Address network-object object Outside-Nat-Pool network-object object Outside-PAT-Address object network Inside-Network (先100-200动态一对一,然后202.100.1.201动态PAT,最后使用接口地址动态PAT) nat (Inside,Outside) dynamic Outside-Address interface 教主认为这种配置方式的好处是,新的NAT命令绑定了源接口和目的接口,所以不会出现传统配置影响DMZ的问题(当时需要nat0 + acl来旁路) 2.Dynamic PAT (Hide)(动态PAT,动态多对一) 传统配置方式: nat (Inside) 1 10.1.1.0 255.255.255.0 global(outside) 1 202.100.1.101 新配置方法(Network Object NAT) object network Inside-Network subnet 10.1.1.0 255.255.255.0 object network Outside-PAT-Address host 202.100.1.101 object network Inside-Network nat (Inside,Outside) dynamic Outside-PAT-Address or nat (Inside,Outside) dynamic 202.100.1.102 3.Static NAT or Static NAT with Port Translation(静态一对一转换,静态端口转换) 实例一:(静态一对一转换) 传统配置方式: static (Inside,outside) 202.100.1.101 10.1.1.1 新配置方法(Network Object NAT) object network Static-Outside-Address host 202.100.1.101 object network Static-Inside-Address host 10.1.1.1 object network Static-Inside-Address nat (Inside,Outside) static Static-Outside-Address or nat (Inside,Outside) static 202.100.1.102 <dns> 实例二:(静态端口转换) 传统配置方式: static (inside,outside) tcp 202.100.1.102 2323 10.1.1.1 23 新配置方法(Network Object NAT) object network Static-Outside-Address host 202.100.1.101 object network Static-Inside-Address host 10.1.1.1 object network Static-Inside-Address nat (Inside,Outside) static Static-Outside-Address service tcp telnet 2323 or nat (Inside,Outside) static 202.100.1.101 service tcp telnet 2323 4.Identity NAT 传统配置方式: nat (inside) 0 10.1.1.1 255.255.255.255 新配置方法(Network Object NAT) object network Inside-Address host 10.1.1.1 object network Inside-Address nat (Inside,Outside) static Inside-Address 回复下载:
购买主题
已有 3 人购买
本主题需向作者支付 3 金币 才能浏览
| |
相关帖子 |
|
发表于 2014-1-19 18:59:10
|
显示全部楼层
| ||
发表于 2014-1-21 15:52:18
|
显示全部楼层
| ||
发表于 2014-1-24 16:52:22
|
显示全部楼层
| ||
发表于 2014-3-23 03:11:27
|
显示全部楼层
| ||
发表于 2014-4-11 10:55:59
|
显示全部楼层
| ||
发表于 2015-3-29 15:29:28
|
显示全部楼层
| ||
发表于 2015-4-5 10:52:39
|
显示全部楼层
| ||
发表于 2015-4-5 20:22:16
|
显示全部楼层
| ||