拓扑很简单.
一台5510配置了2个接口,1个inside口(10.0.0.0/8),1个dmz口(20.0.0.0/8),两个接口下各接了一台PC地址为10.0.0.2和20.0.0.2,配置如下:
interface Ethernet0/2
nameif dmz
security-level 50
ip address 20.0.0.1 255.0.0.0
interface Ethernet0/3
nameif inside
security-level 100
ip address 10.0.0.1 255.0.0.0
nat-control
access-list 100 permit icmp any any
access-group 100 in interface dmz
nat (inside) 1 0 0
global (dmz) 1 20.0.0.10-20.0.0.20 netmask 255.0.0.0
上面两条命令为允许高安全级别到低安全级别的访问
static (dmz,inside) 10.0.0.10 20.0.0.2
access-list dmz extended permit ip any any
access-group dmz in interface inside
上面三条命令允许低安全级别到高安全级别的访问
转载于:https://blog.51cto.com/wujingfeng/1072177
267
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
