891rpm

Posted on 15.12.2011 Tech articles

Разные варианты NAT на Cisco ASA

* One-to-One (aka two-way) NAT (ASA 5510, ASAOS 7.2.1)

The syntax for this can be confusing. Here is a generic example:
static (outside interface name, inside interface name) inside ip, outside ip netmask 255.255.255.255

static (internet,office) 192.168.77.101 216.142.200.221 netmask 255.255.255.255
static (internet,office) 192.168.77.102 216.142.200.222 netmask 255.255.255.255
static (internet,office) 192.168.77.103 216.142.200.223 netmask 255.255.255.255
static (test,office) 192.168.77.104 172.30.11.14 netmask 255.255.255.255
static (test,office) 192.168.77.105 172.30.11.15 netmask 255.255.255.255

* Simple Many-to-One (aka one-way) NAT (ASA 5510, ASAOS 7.2.1)

global (outside) 1 216.142.200.220 netmask 255.255.255.255
nat (inside) 1 192.168.77.0 255.255.255.0 0 0

* Complex Many-to-One (aka one-way) NAT (ASA 5510, ASAOS 7.2.1)

access-list skip-nat-inside permit ip any host 192.168.6.11
access-list skip-nat-inside permit ip any host 192.168.6.12
access-list skip-nat-inside permit ip any 192.168.222.0 255.255.255.0

global (outside) 1 216.142.200.220 netmask 255.255.255.255
global (outside) 2 216.142.200.221 netmask 255.255.255.255
nat (inside) 0 access-list skip-nat-inside
nat (inside) 1 10.1.1.0 255.255.255.0 0 0
nat (inside) 1 172.66.3.0 255.255.255.0 0 0
nat (inside) 1 192.168.5.0 255.255.255.0 0 0
nat (inside) 2 192.168.77.0 255.255.255.0 0 0

Добавить комментарий Отменить ответ