关于asa8.4以上nat映射内部主机多个端口问题
看网上有人这样写:object network inside-serverhost 192.168.1.1
object network outside-maphost 202.100.1.1
object server P-MAP
service tcp destination range 3000 5000
nat (outside,inside) source static any any destination static outside-map inside-server service P-MAP P-MAP
但是我是要映射内网的某几个端口,建了一个 object-group service XX ,调用几个端口的object service YY ZZ ,在内网主机的object nat(红色,难道不能映射service组?)应用时提示有问题。我再实验实验。。但问题还得解决。于是乎……
百度半天没有,看老外的解决方法,这也行。反正解决问题了。。。(蓝色部分)
object service tcp-1.1
service tcp destination range 100 101
object service udp-1.1
service udp destination range 100 101
object service tcp-1.2
service tcp destination range 200 201
object network obj-1.1.1.1-a
host 1.1.1.1
object network obj-1.1.1.1-1-b
host 1.1.1.1
object network obj-1.1.1.1-1-c
host 1.1.1.1
object network obj-192.168.1.1-a
host 192.168.1.1
nat (inside,outside) source static obj-192.168.1.1-a obj-1.1.1.1-a service tcp-1.1 tcp-1.1
!
object network obj-192.168.1.1-b
host 192.168.1.1
nat (inside,outside) source static obj-192.168.1.1-b obj-1.1.1.1-b service udp-1.1 udp-1.1
object network obj-192.168.1.2
host 192.168.1.2
nat (inside,outside) source static obj-192.168.1.2 obj-1.1.1.1-b service tcp-1.2 tcp-1.2
{:6_301:}总结一句话,同一个地址起不同名字调用,完事。 {:6_267:} {:6_267:}
页:
[1]