资源描述:
《cisco asa 8.2与8.4的nat区别》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、1.NAT(nat-control,8.2有这条命令,开了的话没有nat是不通的)1.8.2(PAT转换)global(outside)10201.100.1.100nat(inside)1010.1.1.0255.255.255.0ASA/pri/act(config)#showxlate1inuse,1mostusedPATGlobal201.100.1.100(1024)Local10.1.1.1(11298)8.4objectnetworknatsubnet10.1.1.0255.255.255.0
2、objectnetworknatnat(inside,outside)dynamic201.100.1.100ASA8-4#showxlate1inuse,2mostusedFlags:D-DNS,i-dynamic,r-portmap,s-static,I-identity,T-twiceTCPPATfrominside:10.1.1.1/53851tooutside:201.100.1.100/5810flagsriidle0:00:04timeout0:00:302.8.2(动态的一对一转换)nat(
3、inside)1010.1.1.0255.255.255.0global(outside)10201.100.1.110-201.100.1.120netmask255.255.255.0ASA/pri/act#showxlatedetail2inuse,2mostusedFlags:D-DNS,d-dump,I-identity,i-dynamic,n-norandom,r-portmap,s-staticNATfrominside:10.1.1.1tooutside:201.100.1.110flags
4、iNATfrominside:10.1.1.2tooutside:201.100.1.111flagsi8.4objectnetworknatsubnet10.1.1.0255.255.255.0objectnetworkoutside-natrange201.100.1.110201.100.1.120objectnetworknatnat(inside,outside)dynamicoutside-natASA8-4#showxlate1inuse,2mostusedFlags:D-DNS,i-dyna
5、mic,r-portmap,s-static,I-identity,T-twiceNATfrominside:10.1.1.1tooutside:201.100.1.115flagsiidle0:01:13timeout3:00:003.8.2(转换成接口地址)nat(inside)1010.1.1.0255.255.255.0global(outside)10interfaceASA/pri/act#showxlatedetail1inuse,2mostusedFlags:D-DNS,d-dump,I-i
6、dentity,i-dynamic,n-norandom,r-portmap,s-staticTCPPATfrominside:10.1.1.1/61971tooutside:201.100.1.10/1024flagsri8.4objectnetworknatsubnet10.1.1.0255.255.255.0objectnetworknatnat(inside,outside)dynamicinterfaceASA8-4(config)#showxlate1inuse,2mostusedFlags:D
7、-DNS,i-dynamic,r-portmap,s-static,I-identity,T-twiceTCPPATfrominside:10.1.1.1/35322tooutside:201.100.1.10/52970flagsriidle0:00:03timeout0:00:301.8.2(不同的内部地址转换成不同的外部地址)nat(inside)91.1.1.0255.255.255.0nat(inside)1010.1.1.0255.255.255.0//排列标准,先看明细,越明细的越在前面,明细
8、相同看IP地址,IP址址小的在前面,在实际作用的时候也是按照这个面序来的。global(outside)10interfaceglobal(outside)9201.100.1.111ASA/pri/act#showxlatedetail2inuse,2mostusedFlags:D-DNS,d-dump,I-identity,i-dynamic,n-norandom,r-portmap,s-staticTCPP