求解gns3上模拟asa的nat问题?
R2当做pc用但ping不通防火墙,网关也ping不通,防火墙也ping不到R1上,求解.......
asa的配置
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 20.1.1.1 255.255.255.0
!
ftp mode passive
object network inside
subnet 20.1.1.0 255.255.255.0
access-list nat extended permit ip any any
!
object network inside
nat (inside,outside) dynamic interface
access-group nat out interface outside
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1
!
R1的配置
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip route 20.1.1.0 255.255.255.0 10.1.1.2
!
R2的配置
interface FastEthernet0/0
ip address 20.1.1.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 20.1.1.1
no ip http server
no ip http secure-server
研究了半天,删除了所有路由条目,改变了一下object network outside的地址,R2可以ping通asa了,asa也可以ping通R1了,就剩下nat的问题了。
asa的配置如下
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 20.1.1.1 255.255.255.0
!
!
object network inside
range 20.1.1.1 20.1.1.10
object network outside
host 10.1.1.3
access-list inside extended permit ip any any
!
object network inside
nat (inside,outside) dynamic 10.1.1.3
access-group inside out interface outside 从高到低级别可以ping通的,你的ICMP策略应用方向反了
页:
[1]