拓扑很简单.
一台Cisco ASA 5510配置了2个接口,1个inside口(10.0.0.0/8),1个dmz口(20.0.0.0/8),两个接口下各接了一台PC地址为10.0.0.2和20.0.0.2,配置如下:
interface Ethernet0/2
nameif dmz
security-level 50
ip address 20.0.0.1 255.0.0.0
interface Ethernet0/3
nameif inside
security-level 100
ip address 10.0.0.1 255.0.0.0
nat-control
access-list 100 permit icmp any any
access-group 100 in interface dmz
nat (inside) 1 0 0
global (dmz) 1 20.0.0.10-20.0.0.20 netmask 255.0.0.0
上面两条命令为允许高安全级别到低安全级别的访问
static (dmz,inside) 10.0.0.10 20.0.0.2
access-list dmz extended permit ip any any
access-group dmz in interface inside
上面三条命令允许低安全级别到高安全级别的访问
Cisco ASA 5510 从inside访问DMZ
内容版权声明:除非注明,否则皆为本站原创文章。
转载注明出处:http://www.heiqu.com/67ece93a23125656f40a57416e50877e.html