求解gns3上模拟asa的nat问题？

xuehaiwuya · 发表于 2015-9-18 11:19:34

$`8(F5@R{GP@_NR}S)Q}CXM0.png$
R2当做pc用但ping不通防火墙，网关也ping不通，防火墙也ping不到R1上，求解.......
asa的配置
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 20.1.1.1 255.255.255.0
!
ftp mode passive
object network inside
subnet 20.1.1.0 255.255.255.0
access-list nat extended permit ip any any

!
object network inside
nat (inside,outside) dynamic interface
access-group nat out interface outside
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1

!

R1的配置

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip route 20.1.1.0 255.255.255.0 10.1.1.2
!

R2的配置
interface FastEthernet0/0
ip address 20.1.1.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 20.1.1.1
no ip http server
no ip http secure-server

xuehaiwuya · 发表于 2015-9-18 14:49:27

研究了半天，删除了所有路由条目，改变了一下object network outside的地址，R2可以ping通asa了，asa也可以ping通R1了，就剩下nat的问题了。
asa的配置如下
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 20.1.1.1 255.255.255.0
!

!

object network inside
range 20.1.1.1 20.1.1.10
object network outside
host 10.1.1.3
access-list inside extended permit ip any any

!
object network inside
nat (inside,outside) dynamic 10.1.1.3
access-group inside out interface outside

klinuxe · 发表于 2015-9-21 10:05:54

从高到低级别可以ping通的，你的ICMP策略应用方向反了

账号		自动登录	找回密码
密码			论坛注册

求解gns3上模拟asa的nat问题？

浏览过的版块

客服中心

投诉建议