内网有台SSL VPN设备需要放到互相网,端口用的14430,内网测试是好的,互联网访问不了,ASA配置如下:object network sslvpn
host 10.125.4.2
object network sslvpn
nat (inside,outside) static interface service tcp 14430 14430
access-list wenjian extended permit tcp any host 10.125.4.2 eq 14430
access-group wenjian in interface outside
感觉配置没问题,但是就是不通。
show nat 如下:
4 (inside) to (outside) source static sslvpn interface service tcp 14430 14430
translate_hits = 0, untranslate_hits = 50
Source - Origin: 10.125.4.2/32, Translated: 61.XXX.XXX.XXX/30
show access-list如下:
access-list wenjian line 2 extended permit tcp any host 10.125.4.2 eq 14430 (hitcnt=50) 0x16a0350e