投稿
  1. 云编程开发首页
  2. 系统运维
  3. 网络/安全

ASA8.4的Inside区域同时访问DMZ公网地址和真实地址测试

2723741405 网络/安全 阅读 63

一.测试拓扑 R1—Outside—-ASA842—-Inside—–R2 | DMZ | R3

二.测试思路 利用ASA的twice nat实现访问DMZ的公网地址时转向DMZ的真实地址。
三.基本配置A.R1:interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
no shutB.R2:interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shutip route 0.0.0.0 0.0.0.0 10.1.1.10C.R3:interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shutip route 0.0.0.0 0.0.0.0 192.168.1.10line vty 0 4password ciscologin
D.ASA842:interface GigabitEthernet0
nameif Outside
security-level 0
ip address 202.100.1.10 255.255.255.0
no shut
interface GigabitEthernet1
nameif DMZ
security-level 50
ip address 192.168.1.10 255.255.255.0
no shut
interface GigabitEthernet2
nameif Inside
security-level 100
ip address 10.1.1.10 255.255.255.0
no shut四.ASA静态NAT,twice-NAT和策略配置A.定免费云主机域名义对象:object network R3-dmz
host 192.168.1.1
object network R3-outside
host 202.100.1.8
object network Inside-net
subnet 10.1.1.0 255.255.255.0B.配置DMZ到Outside的静态NAT:object network R3-dmz
nat (DMZ,Outside) static R3-outsideC.配置inside到DMZ的的twice-nat:nat (Inside,DMZ) source static Inside-net Inside-net destination static R3-outside R3-dmzD.配置并应用outside接口策略:—–Inside访问DMZ默认放行access-list Outside extended permit ip any object R3-dmz
access-group Outside in interface Outside五.验证:A.从Ouside访问DMZ的公网地址:R1#telnet 202.100.1.8
Trying 202.100.1.8 … Open

User Access Verification

Password:
R3>show users
Line User Host(s) Idle Location
0 con 0 idle 00:14:22
* 2 vty 0 idle 00:00:00 202.100.1.1

Interface User Mode Idle Peer Address

R3>B.从Inside访问DMZ的公网地址:R2#telnet 202.100.1.8
Trying 202.100.1.8 … Open

User Access Verification

Password:
R3>show users
Line User Host(s) Idle Location
0 con 0 idle 00:16:37
* 2 vty 0 idle 00:00:00 10.1.1.1

Interface User Mode Idle Peer Address

R3>C.从Inside访问DMZ真实地址:R2#telnet 192.168.1.1
Trying 192.168.1.1 … Open

User Access Verification

Password:
R3>show users
Line User Host(s) Idle Location
0 con 0 idle 00:17:03
* 2 vty 0 idle 00:00:00 10.1.1.1

Interface User Mode Idle Peer Address

R3>

相关推荐: 解决 Cydia 不能联网 支持所有系统版本

国行手机比美版、港版、韩版手机新增了网络授权的功能,iOS 10 及以上系统版本,任何应用首次打开,如果有请求网络的行为,都会提示网络请求授权的对话框。首次打开 Cydia 并没有提示网络请求授权的对话框,这就是导致国行手机 Cydia 不能上网的原因。允许上…

免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。

(0)
打赏 微信扫一扫 微信扫一扫
27237414052723741405
0 0
上一篇 01/28 21:30
下一篇 01/28 21:30