- 论坛徽章:
- 0
|
下边是我的配置:
: Saved
:
ASA Version 7.0(7)
!
hostname zw
domain-name abc.com.cn
enable password xxxxxx encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 222.222.59.150 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.39.10.254 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
passwd xxxxxx encrypted
ftp mode passive
access-list to_inside extended permit tcp host 111.111.185.226 host 222.222.59.12
1 eq 1433
access-list to_inside extended permit tcp host 111.111.185.226 host 222.222.59.12
4 eq 5900
access-list to_inside extended permit tcp host 111.111.185.226 host 222.222.59.12
4 eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.39.10.0 255.255.255.0
static (inside,outside) 222.222.59.121 10.39.10.191 netmask 255.255.255.255
static (inside,outside) 222.222.59.122 10.39.10.192 netmask 255.255.255.255
static (inside,outside) 222.222.59.123 10.39.10.193 netmask 255.255.255.255
static (inside,outside) 222.222.59.124 10.39.10.132 netmask 255.255.255.255
access-group to_inside in interface outside
route outside 0.0.0.0 0.0.0.0 222.222.59.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username xxxxx password xxxxxxencrypted
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 10.39.10.0 255.255.255.0 inside
telnet timeout 5
ssh 111.111.185.226 255.255.255.255 outside
ssh 10.39.10.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:70d58a6e0e60ca2c94f20fb04c66fb02
: end
问题:access-list to_inside extended permit tcp host 11.11.185.226 host 222.222.59.12
4 eq 3389
132这台内网测试没问题.
这个失败!telnet这个口不通!
网上找了一圈,发现好多朋友都有这个问题,请解决的朋友指点一下吖.. |
|