123 / 3 页下一页

CISCO ASA 5520 端口映射问题!! [复制链接]

末路狂奔

稍有积蓄

论坛徽章:: 0

11楼 [报告]

发表于 2008-10-08 07:46 |只看该作者

回复 #10 ssffzz1 的帖子

正常....

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

puding

丰衣足食

论坛徽章:: 0

12楼 [报告]

发表于 2008-10-08 09:57 |只看该作者

可以用ASA抓包，看看是啥情况
capture cap1 access-list to_inside interface outside

show capture cap1 detail

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

末路狂奔

稍有积蓄

论坛徽章:: 0

13楼 [报告]

发表于 2008-10-08 10:15 |只看该作者

回复 #12 puding 的帖子

3 packets captured
1: 19:04:17.380671 00d0.0449.cc0a 0021.554f.2f74 0x0800 62: 111.111.185.226.12568 > 222.222.59.124.3389: S [tcp sum ok] 611720983:611720983(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 120, id 28491)
2: 19:04:20.330869 00d0.0449.cc0a 0021.554f.2f74 0x0800 62: 111.111.185.226.12568 > 222.222.59.124.3389: S [tcp sum ok] 611720983:611720983(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 120, id 28500)
3: 19:04:26.365123 00d0.0449.cc0a 0021.554f.2f74 0x0800 62: 111.111.185.226.12568 > 222.222.59.124.3389: S [tcp sum ok] 611720983:611720983(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 120, id 28513)
3 packets shown

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

hjp0021

富足长乐

论坛徽章:: 0

14楼 [报告]

发表于 2008-10-08 11:33 |只看该作者

Open the port tcp 25 in order to allow the hosts from the outside (Internet) to access the mail server placed in the DMZ network.

The Static command maps the outside address 192.168.5.3 to the real DMZ address 172.16.1.3.

ciscoasa(config)#static (DMZ,Outside) 192.168.5.3 172.16.1.3
netmask 255.255.255.255
ciscoasa(config)#access-list 100 extended permit tcp
any host 192.168.5.3 eq 25
ciscoasa(config)#access-group 100 in interface outside
Open the HTTPS port traffic: Open the port tcp 443 in order to allow the hosts from the outside (Internet) to access the web server (secure) placed in the DMZ network.

ciscoasa(config)#static (DMZ,Outside) 192.168.5.5 172.16.1.5
netmask 255.255.255.255
ciscoasa(config)#access-list 100 extended permit tcp
any host 192.168.5.5 eq 443
ciscoasa(config)#access-group 100 in interface outside
Allow the DNS traffic: Open the port udp 53 in order to allow the hosts from the outside (Internet) to access the DNS server (secure) placed in the DMZ network.

ciscoasa(config)#static (DMZ,Outside) 192.168.5.4 172.16.1.4
netmask 255.255.255.255
ciscoasa(config)#access-list 100 extended permit udp
any host 192.168.5.4 eq 53
ciscoasa(config)#access-group 100 in interface outside