In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Type of NAT
The configuration of NAT on ASA is more complicated than that of routers. NAT on ASA has four types of dynamic NAT: dynamic NAT, dynamic PAT, static NAT and static NAT: many-to-many translation, mapping multiple private networks to multiple public networks dynamic PAT: many-to-one translation, mapping multiple private networks to a public network address, using more extensive static NAT: one-to-one translation maps one private network to another public network address. Hide internal address static PAT: one-to-one translation, mapping one IP address and port to another IP address and port, publishing internal server
Simple configuration of dynamic NAT
1) specify the network segment that requires address translation
ASA (config) # nat (inside) 1 10.1.1.0 255.255.255.0
2) define a global address pool
ASA (config) # global (outside) 1 172.16.1.100-172.16.1.200
3) use show xlate detail to view the NAT conversion table (I stands for dynamic NAT)
ASA#show xlate detail
4) clear the address translation list
ASA (config) # clear xlate detail
5) implement dynamic NAT on all network segments in the inside area
ASA (config) # nat (inside) 100 simple configuration of dynamic PAT
1) configure PAT based on IP address
ASA (config) # nat (inside) 1 10.1.1.0 255.255.255.0
ASA (config) # global (outside) 1 172.16.1.200
2) configure interface-based PAT
ASA (config) # nat (inside) 100 translates any network inside
ASA (config) # global (outside) 1 interface maps the internal network to the external interface
3) use the show xlate detail command to view the xlatetable (flags ri represents the dynamic PAT used)
ASA#show xlate detail simple configuration of static NAT
By default, the host PC3 in the DMZ can access the host PC4 in the outside zone, while the host PC4 needs to configure ACL to access the host PC3.
Configure static NAT
Configure ACL
Use the show xlate detail command to view the xlatetable (flags s stands for static NAT)
ASA#show xlate detail
DMZ has web and smtp servers, which require a single mapped address 172.16.1.201 to provide different services and simply configure PAT
Use the show xlate detail command to view the xlatetable (flags sr stands for static PAT)
ASA (config) # show xlate detailNAT control and NAT exemption disable NAT control
No nat-control enables NAT control
Nat-control
* simple configuration of NAT exemption
NAT exemption allows two-way communication
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
