Shulou(Shulou.com)06/02 Report--

Translation of asa dynamic address and port mapping

Experimental topology diagram

4. Objective: 1. The private network segments 10.1.1.0 and 10.2.2.0 can access the external network ftp server through pat conversion.

two。 Map the web,ftp of the dmaz area of the private network separately so that it can be accessed from the external network.

3. Configure ssh remote login asa

5. Configuration idea: first, plan the ip address of the external network, configure each terminal of the external network with ip address, and then configure acl, port mapping, and ssh.

# procedure:

Based on yesterday's experiment:

# Planning the public network ip address

The available ip address is 200.8.8.1 Murray Murray 6

Gateway: 200.8.8.3 Subnet Mask: 255.255.255.248

Server4-ftp: 200.8.8.2 Subnet Mask: 255.255.255.248

Client 2: 200.8.8.1 Subnet Mask: 255.255.255.248 / / because it is a 29-bit mask 255.255.255.111111000 converted to binary: 255.255.255.248

# the ip address of the private network is the same as yesterday

# dmaz area

Web server address: 192.168.30. 100 subnet mask: 255.255.255.0

Gateway: 192.168.30.254

Ftp server address: 192.168.30.1 subnet mask: 255.255.255.0

Gateway: 192.168.30.254

# Private network inside region:

Client 6: 10.1.1.1 Subnet Mask: 255.255.255.0

Gateway: 10.1.1.254

# client1: 10.2.2.1 Subnet Mask: 255.255.255.0

# configure pat to convert the internal network segments 10.1.1.0 and 10.2.2.0 to the Internet through address translation

# object network inside

Subnet 10.2.2.0 255.255.255.0

Nat (inside,outside) dynamic 200.8.8.4

Verification and testing: as shown in the following figure:

The above experiments show that the test is successful.

# configure port mapping to map the web,ftp in the dmaz area of the private network, so that it can be accessed from the external network

# object network ob- out / / define public network

Host 200.8.8.5

Object network dmaz01

Host 192.168.30. one hundred

Nat (damz, outside) static ob-out service tcp 80 80

Object network dmaz02

Host 192.168.30.1

Nat (damz,outside) static ob-out service tcp 21 21

Access-list out-to-dmz permit tcp any object dmz01 eq http

Access-list out-to dmz permit tcp any object dmz202 eq ftp

Access-group out-to-dmz in interface outside

Verification and testing:

The above tests prove to be successful

3. Configure ssh remote login to the public network:

# hostname asa 842

Domain-name kf.com

Crypto key generate rsa modulus 1024

Ssh 0 0 outside

Username cisco password cisco

Aaa authentication ssh console LOCAL

Testing and verification:

The above diagram shows that the surface is successful.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.