欢迎来到天天文库
浏览记录
ID:52233701
大小:858.29 KB
页数:28页
时间:2020-03-25
《防火墙基本配置文档PIX_ASA.pdf》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库。
1、PIX/ASA:PortRedirection(Forwarding)withnat,global,staticandaccess−listCommandsDocumentID:63872IntroductionPrerequisitesRequirementsComponentsUsedRelatedProductsConventionsNetworkDiagramInitialConfigurationAllowOutboundAccessAllowInsideHostsAccesstoOutsideNetworkswithNATAllowInside
2、HostsAccesstoOutsideNetworkswiththeuseofPATRestrictInsideHostsAccesstoOutsideNetworksAllowUntrustedHostsAccesstoHostsonYourTrustedNetworkUseACLsonPIXVersions7.0andLaterDisableNATforSpecificHosts/NetworksPortRedirection(Forwarding)withStaticsNetworkDiagram−PortRedirection(Forwardin
3、g)PartialPIXConfiguration−PortRedirectionLimitTCP/UDPSessionusingStaticTimeBasedAccessListInformationtoCollectifYouOpenaTechnicalSupportCaseNetProDiscussionForums−FeaturedConversationsRelatedInformationIntroductionInordertomaximizesecuritywhenyouimplementCiscoPIXSecurityAppliancev
4、ersion7.0,itisimportanttounderstandhowpacketspassbetweenhighersecurityinterfacesandlowersecurityinterfaceswhenyouusethenat−control,nat,global,static,access−listandaccess−groupcommands.ThisdocumentexplainsthedifferencesbetweenthesecommandsandhowtoconfigurePortRedirection(Forwarding
5、)andtheoutsideNetworkAddressTranslation(NAT)featuresinPIXsoftwareversion7.x,withtheuseofthecommandlineinterfaceortheAdaptiveSecurityDeviceManager(ASDM).Note:SomeoptionsinASDM5.2andlatercanappeardifferentthantheoptionsinASDM5.1.RefertotheASDMdocumentationformoreinformation.Prerequi
6、sitesRequirementsRefertoAllowingHTTPSAccessforASDMinordertoallowthedevicetobeconfiguredbytheASDM.ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:·CiscoPIX500SeriesSecurityApplianceSoftwareversion7.0andlater·ASDMversion5.xandlaterTheinformationin
7、thisdocumentwascreatedfromthedevicesinaspecificlabenvironment.Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.RelatedProductsYoucanalsousethisconfigurationwithCiscoASASecurityApp
8、lianceversion7.xandlater.Conventi
此文档下载收益归作者所有