In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
one。 Test Topology
R1---Outside----ASA842----Inside-R2
| |
DMZ
| |
R3
two。 Test idea
Use the twice nat of ASA to access the public network address of DMZ and turn to the real address of DMZ.
three。 Basic configuration
A.R1:
Interface FastEthernet0/0
Ip address 202.100.1.1 255.255.255.0
No shut
B.R2:
Interface FastEthernet0/0
Ip address 10.1.1.1 255.255.255.0
No shut
Ip route 0.0.0.0 0.0.0.0 10.1.1.10
C.R3:
Interface FastEthernet0/0
Ip address 192.168.1.1 255.255.255.0
No shut
Ip route 0.0.0.0 0.0.0.0 192.168.1.10
Line vty 0 4
Password cisco
Login
D.ASA842:
Interface GigabitEthernet0
Nameif Outside
Security-level 0
Ip address 202.100.1.10 255.255.255.0
No shut
Interface GigabitEthernet1
Nameif DMZ
Security-level 50
Ip address 192.168.1.10 255.255.255.0
No shut
Interface GigabitEthernet2
Nameif Inside
Security-level 100
Ip address 10.1.1.10 255.255.255.0
No shut
IV. ASA static NAT,twice-NAT and policy configuration
a. Define objects:
Object network R3-dmz
Host 192.168.1.1
Object network R3-outside
Host 202.100.1.8
Object network Inside-net
Subnet 10.1.1.0 255.255.255.0
b. Configure static NAT from DMZ to Outside:
Object network R3-dmz
Nat (DMZ,Outside) static R3-outside
c. Configure twice-nat from inside to DMZ:
Nat (Inside,DMZ) source static Inside-net Inside-net destination static R3-outside R3-dmz
d. Configure and apply outside interface policies:
-Inside access DMZ default release
Access-list Outside extended permit ip any object R3-dmz
Access-group Outside in interface Outside
five。 Verify:
a. Access the public network address of DMZ from Ouside:
R1#telnet 202.100.1.8
Trying 202.100.1.8... Open
User Access Verification
Password:
R3 > show users
Line User Host (s) Idle Location
0 con 0 idle 00:14:22
* 2 vty 0 idle 00:00:00 202.100.1.1
Interface User Mode Idle Peer Address
R3 >
b. Access the public network address of DMZ from Inside:
R2#telnet 202.100.1.8
Trying 202.100.1.8... Open
User Access Verification
Password:
R3 > show users
Line User Host (s) Idle Location
0 con 0 idle 00:16:37
* 2 vty 0 idle 00:00:00 10.1.1.1
Interface User Mode Idle Peer Address
R3 >
c. Access the DMZ real address from Inside:
R2#telnet 192.168.1.1
Trying 192.168.1.1... Open
User Access Verification
Password:
R3 > show users
Line User Host (s) Idle Location
0 con 0 idle 00:17:03
* 2 vty 0 idle 00:00:00 10.1.1.1
Interface User Mode Idle Peer Address
R3 >
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
