中国网管论坛's Archiver

hellohjt 发表于 2008-5-15 14:21

asa 5510 端口映射问题

asa双ISP,外网访问没问题,现在电信端口上做端口映射,感觉应该配置都没问题,可还是不行,各位大侠帮我分析一下。下面是关键配置

interface Ethernet0/0
description to chinanet
nameif outside
security-level 0
ip address 60.191.*.* 255.255.255.240

interface Ethernet0/1
description to chinacnc
nameif wt
security-level 0
ip address 221.12.*.* 255.255.255.248

interface Ethernet0/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

access-list 110 extended permit ip any any
access-list 110 extended permit icmp any any
access-list 110 extended permit tcp any any
access-list 110 extended permit tcp any host 192.168.1.87 eq ftp
access-list 111 extended permit ip any any

global (outside) 1 interface
global (wt) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 60.191.*.*  ftp 192.168.1.87 ftp netmask 255.255.255.255
access-group 110 in interface outside
access-group 111 in interface wt

route outside 0.0.0.0 0.0.0.0 60.191.*.*  1
route wt 0.0.0.0 0.0.0.0 221.12.*.* 254

hellohjt 发表于 2008-5-16 09:09

没人知道吗?

yonx 发表于 2008-5-16 13:59

ftp?除了TCP 21端口还需要TCP 20端口。

hellohjt 发表于 2008-5-16 17:29

[quote]原帖由 [i]yonx[/i] 于 2008-5-16 13:59 发表 [url=http://bbs.bitscn.com/redirect.php?goto=findpost&pid=1623135&ptid=170328][img]http://bbs.bitscn.com/images/common/back.gif[/img][/url]
ftp?除了TCP 21端口还需要TCP 20端口。 [/quote]
试了下其他端口,好像也不行唉

yonx 发表于 2008-5-17 09:16

static (inside,outside) tcp 192.168.1.87 FTP 60.191.*.* FTP netmask 255.255.255.255

conduit permit tcp 192.168.1.87 eq FTP any

常务副村长 发表于 2008-5-17 09:44

路过~~~~~~~~~~~~~:lol

hellohjt 发表于 2008-5-17 12:53

[quote]原帖由 [i]yonx[/i] 于 2008-5-17 09:16 发表 [url=http://bbs.bitscn.com/redirect.php?goto=findpost&pid=1624489&ptid=170328][img]http://bbs.bitscn.com/images/common/back.gif[/img][/url]
static (inside,outside) tcp 192.168.1.87 FTP 60.191.*.* FTP netmask 255.255.255.255

conduit permit tcp 192.168.1.87 eq FTP any [/quote]

asa 没有conduit命令:(:

yonx 发表于 2008-5-17 13:10

哦,不好意思,看错了

static (inside,outside) tcp interface ftp 192.168.1.87 ftp netmask 255.255.255.255

hellohjt 发表于 2008-5-17 21:33

[quote]原帖由 [i]yonx[/i] 于 2008-5-17 13:10 发表 [url=http://bbs.bitscn.com/redirect.php?goto=findpost&pid=1624840&ptid=170328][img]http://bbs.bitscn.com/images/common/back.gif[/img][/url]
哦,不好意思,看错了

static (inside,outside) tcp interface ftp 192.168.1.87 ftp netmask 255.255.255.255 [/quote]
呵呵,搞定了,多谢版主:victory:

页: [1]

Powered by Discuz! Archiver 6.1.0  © 1999-2008 bbs.bitsCN.com