Shulou(Shulou.com)06/01 Report--

Cisco asa 5520 8.4 NAT conversion configuration

1) define nat conversion rules

Object network 192.168.3.233 definition 18096 # defines the name of a network object

Host 192.168.3.233 # defines private network IP

Nat (dmz,outside) static xxx.17.xxx.36 service tcp 18096 18096 # conversion rules, mapping the internal network host 192.168.3.233 to the external network xxx.17.xxx.36.

2) define access list

Mode one

Access-list outside_access_in_1 extended permit tcp any

Object 192.168.3.233 18096 eq 18096 # Note: the destination address is the defined NAT object.

Mode two

A. Object service tcp_18096_acl # defines service objects

Service tcp source range 1 65535 destination eq 18096 # any source port, destination port # is 18096

B. Access-list outside_access_in_1 extended permit

Object tcp_18096_acl any object 192.168.3.233_18096

4) Application access list

Access-group outside_access_in_1 in interface outside

The following is an example of the official configuration of version 8.4:

Configuration Examples for Permitting or Denying Network Access

This section includes typical configuration examples for permitting or denying network access.

The following example adds a network object for inside server 1, performs static NAT for the server, and enables access to from the outside for inside server 1.

Hostname (config) # object network inside-server1

Hostname (config) # host 10.1.1.1

Hostname (config) # nat (inside,outside) static 209.165.201.12

Hostname (config) # access-list outside_access extended permit tcp any object inside-server1 eq www

Hostname (config) # access-group outside_access in interface outside

Http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_rules.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.