取消
显示结果 
搜索替代 
您的意思是: 
cancel
5199
查看次数
0
有帮助
5
回复

ASA5510 - NAT,发布网站

Roquette-cisco
Level 1
Level 1
求助:
目前内网有一个网站 http://192.168.100.22:8072/login/login.php
目的是:想在任何一台外网电脑上输入 http://www.info.xxx.com.cn 进入这个网站
目前有外网地址:219.92.31.152/28, 其中ASA WAN口使用的 158地址
已解析219.92.31.154到http://www.info.xxx.com.cn
请问在ASA5510如何做NAT,还有其他的要配置的吗
谢谢了
5 条回复5

兄弟,你看看这个文档配置NAT配置示例是不是你想要的:
Basic ASA NAT Configuration: Web Server in the DMZ in ASA Version 8.3 and Later
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html
BR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

YilinChen
Spotlight
Spotlight
本帖最后由 YilinChen 于 2019-12-30 09:13 编辑
看楼上需求,实现目的是 只要外网(互联网)用户能正常访问,内网用户的访问不用考虑;
那只需要端口映射就可以了;参考配置如下:
/30 公网IP下,端口映射+PAT (服务器建议处于DMZ区域)
object network WWW
host 192.168.2.2
nat (inside,outside) static interface service tcp www www
object network INSIDE
range 192.168.2.3 192.168.2.254
nat (inside,outside) dynamic interface
access-list WWW extended permit tcp any host 192.168.2.2 eq www
access-group WWW in interface outside

Rockyw
Spotlight
Spotlight
楼主可以参考一下下面的文档
Create NAT rule and security policies for port 443/80 on a Cisco ASA 5510
https://serverfault.com/questions/39354/create-nat-rule-and-security-policies-for-port-443-80-on-a-cisco-asa-5510
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !

kongchao2013
Level 1
Level 1
以下配置,按照你的真实IP和案列写出的:可以直接粘贴复制
object network 192.168.100.22
host 192.168.100.22
nat (inside,outside) static 219.92.31.152 service tcp 8072 www (内网8072,外网80)
access-list xxx extended permit tcp any host 192.168.100.22 eq 8072 (创建名字为xxx的acl)
access-group xxx in interface outside (调用xxx的acl挂在outside接口的in方向)
另外,如果在外网电脑上使用http://www.info.xxx.com.cn:8072访问,上面的NAT配置修改如下:
object network 192.168.100.22
host 192.168.100.22
nat (inside,outside) static 219.92.31.152 service tcp 8072 8072 (内网8072,外网8072)
结束~~~

LxL9905
Level 1
Level 1
回答的很精辟,坐等配置结局
将来的你,
   将要感谢现在努力拼搏奋斗的自己!
快捷链接