d*****s
发帖数: 173 | 1 T1给了5个ip 50.20.38.106-50.20.38.110
asa5510 0/0口绑定了地址50.20.38.110,0/1接内部网络
想要从外部通过50.20.38.106访问内部web server 192.168.1.110
我参考cisco文档配置了static nat,但是还是无法访问,请问哪里出了问题,谢谢!
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_objects.html#wp1119793
asa版本是8.3
附上我的配置
ASA Version 8.3(1)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password b4RZzua6LpNOeJCF encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-... 阅读全帖 |
|
a***n
发帖数: 262 | 2 I did not see the static nat.
apply access-group 100 in outside
then try to use packet-tracer utility
T1给了5个ip 50.20.38.106-50.20.38.110
asa5510 0/0口绑定了地址50.20.38.110,0/1接内部网络
想要从外部通过50.20.38.106访问内部web server 192.168.1.110
我参考cisco文档配置了static nat,但是还是无法访问,请问哪里出了问题,谢谢!
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_objects.html#wp1119793
asa版本是8.3
附上我的配置
ASA Version 8.3(1)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password b4RZzua6LpNOeJCF encry... 阅读全帖 |
|
z**r
发帖数: 17771 | 3 NH应该是far end PE loopback,这个肯定是从IGP得到,同时也应该在LFIB里,你不激
活ipv4 neighbor,同时看一下show mpls for?
刚才俺也做了个实验,果然不需要在add ipv4下激活ipv4 neighbor,只需要在add
ipv6下激活ipv4 neighbor就可以送ipv6扩展了。
R1----R2----R3----R4
R1 and R4 are dual stack, R2 and R3 are IPv4 only, LDP enabled on all
interface
相关配置如下
!
!
!
ip cef
no ip domain lookup
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Loopback1
no ip address
ipv6 address 2001::1/128
!
interface Ethernet0/0
no ip address
... 阅读全帖 |
|
x*********n
发帖数: 28013 | 4 interface Vlan1
description *** Lan Segment ***
nameif inside
security-level 100
ip address 192.168.1.91 255.255.255.0
interface Ethernet0/0
description ** Interface => Outside switch via VK Router ***
switchport access vlan 2
shutdown
!
interface Ethernet0/1
shutdown
现在outside口定义了用vlan 2,
但是inside口没有定义用哪个,
是不是by default,任何一个ethernet port都可以用作inside呢?
还是我必须定义的? |
|
