配置NAT规则

启动NAT控制，配置NAT规则实现：配置动态NAT实现R1访问R3
                                 配置NAT豁免实现R1和R2互访
                                   配置静态NAT实现R3访问R2

ASA(config)# interface ethernet 0/0
ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# ip address 172.16.1.2 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# interface ethernet 0/1
ASA(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ASA(config-if)# ip address 10.1.1.2 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# interface ethernet 0/2
ASA(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ASA(config-if)# security-level 50
ASA(config-if)# ip address 192.168.1.2 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit

R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 172.16.1.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit

ASA(config)# nat (inside) 1 10.1.1.0 255.255.255.0
ASA(config)# global (outside) 1 172.16.1.5-172.16.1.10
ASA(config)# nat-control
ASA(config)# nat (inside) 0 10.1.1.0 255.255.255.0
nat 0 10.1.1.0 will be identity translated for outbound
ASA(config)# nat (dmz) 0 192.168.1.0 255.255.255.0
nat 0 192.168.1.0 will be identity translated for outbound
ASA(config)# access-list 100 permit tcp host 192.168.1.1 host 10.1.1.1   
ASA(config)# access-group 100 in interface dmz
ASA(config)# static (dmz,outside) 172.16.1.100 192.168.1.1
ASA(config)# access-list 100 permit ip host 172.16.1.1 host 172.16.1.100
ASA(config)# access-group 100 in interface outside
R3#telnet 172.16.1.100
Trying 172.16.1.100 ... Open

Password required, but none set

转载于:https://blog.51cto.com/xiaoayu/1852961