紧急情况,在线等.急急急!!!!!!!!!!!
拓扑结构:外网——5510防火墙——2960——10台服务器
新购置一ASA5510,安装到现正在运行的机房里.做的NAT映射出去,现在213.109.196.8-213.109.196.19中只有213.109.196.12这个IP空闲,其他都有服务器在跑。我把正在运行服务器的IP改为相对应内网IP后,发现服务器无法上网,映射出不去,数据包只有发出没有收到!改为其他IP也出不去,只有10.10.10.12这个IP可以,郁闷死了,高手帮帮忙了,机房冷死了!!
ASA Version 7.0(7)
!
hostname ciscoasa
domain-name ****.com
enable password DpMHtlcUIeUCjFMv encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 213.109.196.8 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.10.10.254 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif guanli
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd 0De783WjGzuk3Tk/ encrypted
ftp mode passive
access-list net-in extended permit tcp any host 213.109.196.9 eq 1433
access-list net-in extended permit tcp any host 213.109.196.10 eq 1433
access-list net-in extended permit tcp any host 213.109.196.11 eq 1433
access-list net-in extended permit tcp any host 213.109.196.12 eq 1433
access-list net-in extended permit tcp any host 213.109.196.13 eq 1433
access-list net-in extended permit tcp any host 213.109.196.14 eq 1433
access-list net-in extended permit tcp any host 213.109.196.15 eq 1433
access-list net-in extended permit tcp any host 213.109.196.16 eq 1433
access-list net-in extended permit tcp any host 213.109.196.17 eq 1433
access-list net-in extended permit tcp any host 213.109.196.18 eq 1433
access-list net-in extended permit tcp any host 213.109.196.19 eq 1433
access-list net-in extended permit tcp any host 213.109.196.9 eq www
access-list net-in extended permit tcp any host 213.109.196.10 eq www
access-list net-in extended permit tcp any host 213.109.196.11 eq www
access-list net-in extended permit tcp any host 213.109.196.12 eq www
access-list net-in extended permit tcp any host 213.109.196.13 eq www
access-list net-in extended permit tcp any host 213.109.196.14 eq www
access-list net-in extended permit tcp any host 213.109.196.15 eq www
access-list net-in extended permit tcp any host 213.109.196.16 eq www
access-list net-in extended permit tcp any host 213.109.196.17 eq www
access-list net-in extended permit tcp any host 213.109.196.18 eq www
access-list net-in extended permit tcp any host 213.109.196.19 eq www
access-list net-in extended permit tcp any host 213.109.196.9 eq ftp
access-list net-in extended permit tcp any host 213.109.196.10 eq ftp
access-list net-in extended permit tcp any host 213.109.196.11 eq ftp
access-list net-in extended permit tcp any host 213.109.196.12 eq ftp
access-list net-in extended permit tcp any host 213.109.196.13 eq ftp
access-list net-in extended permit tcp any host 213.109.196.14 eq ftp
access-list net-in extended permit tcp any host 213.109.196.15 eq ftp
access-list net-in extended permit tcp any host 213.109.196.16 eq ftp
access-list net-in extended permit tcp any host 213.109.196.17 eq ftp
access-list net-in extended permit tcp any host 213.109.196.18 eq ftp
access-list net-in extended permit tcp any host 213.109.196.19 eq ftp
access-list net-in extended permit tcp any host 213.109.196.16 eq 6129
access-list 1 extended permit icmp any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu guanli 1500
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 213.109.196.9 10.10.10.9 netmask 255.255.255.255
static (inside,outside) 213.109.196.10 10.10.10.10 netmask 255.255.255.255
static (inside,outside) 213.109.196.11 10.10.10.11 netmask 255.255.255.255
static (inside,outside) 213.109.196.13 10.10.10.13 netmask 255.255.255.255
static (inside,outside) 213.109.196.15 10.10.10.15 netmask 255.255.255.255
static (inside,outside) 213.109.196.16 10.10.10.16 netmask 255.255.255.255
static (inside,outside) 213.109.196.17 10.10.10.17 netmask 255.255.255.255
static (inside,outside) 213.109.196.18 10.10.10.18 netmask 255.255.255.255
static (inside,outside) 213.109.196.19 10.10.10.19 netmask 255.255.255.255
static (inside,outside) 213.109.196.12 10.10.10.12 netmask 255.255.255.255
static (inside,outside) 213.109.196.14 10.10.10.14 netmask 255.255.255.255
access-group net-in in interface outside
route outside 0.0.0.0 0.0.0.0 213.109.196.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username cisco password 3USUcOPFUiMCO4Jk encrypted
http server enable
http 124.193.197.180 255.255.255.255 outside
http 213.109.196.9 255.255.255.255 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 1
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:f75c7df02edbd8cce65732ffbac72f94
: end
ciscoasa(config)#
