3,581
社区成员
发帖
与我相关
我的任务
分享Cisco Pix 525 问题:内网映射访问不了外网,帮忙!!!!!!!!!
Cisco Pix 525配置如下:
内网地址:130.53.193.250
外网一个地址:211.96.209.145
我配置内网一个 IP 130.53.193.214 可以访问外网的 211.96.31.232
,但是怎么也访问不了。
测试过外网的IP 接口网线等都正常。 请帮忙。
========================================================================================
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd ZY5DARf0icR3Cf2i encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list ha permit tcp any host 211.96.209.145 eq 8008
access-list ha permit tcp any host 211.96.209.145 eq 8881
access-list ha permit tcp any host 211.96.209.145 eq 8018
access-list ha permit tcp any host 211.96.209.145 eq www
access-list ha permit icmp any host 211.96.209.145
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 211.96.209.145 255.255.255.0
ip address inside 130.53.193.250 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 130.53.193.214 255.255.255.255 0 0
static (inside,outside) interface 130.53.193.214 netmask 255.255.255.255 0 0
access-group ha in interface outside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 211.96.209.146 1
route inside 130.0.0.0 255.0.0.0 130.53.193.252 1
route outside 211.96.31.232 255.255.255.255 211.96.209.146 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:
0:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 130.53.193.214 255.255.255.255 inside
telnet 130.53.193.213 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
========================================================================================
内网地址:130.53.193.250
外网一个地址:211.96.209.145
我配置内网一个 IP 130.53.193.214 可以访问外网的 211.96.31.232
,但是怎么也访问不了。
测试过外网的IP 接口网线等都正常。 请帮忙。
========================================================================================
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd ZY5DARf0icR3Cf2i encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list ha permit tcp any host 211.96.209.145 eq 8008
access-list ha permit tcp any host 211.96.209.145 eq 8881
access-list ha permit tcp any host 211.96.209.145 eq 8018
access-list ha permit tcp any host 211.96.209.145 eq www
access-list ha permit icmp any host 211.96.209.145
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 211.96.209.145 255.255.255.0
ip address inside 130.53.193.250 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 130.53.193.214 255.255.255.255 0 0
static (inside,outside) interface 130.53.193.214 netmask 255.255.255.255 0 0
access-group ha in interface outside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 211.96.209.146 1
route inside 130.0.0.0 255.0.0.0 130.53.193.252 1
route outside 211.96.31.232 255.255.255.255 211.96.209.146 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:
0:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 130.53.193.214 255.255.255.255 inside
telnet 130.53.193.213 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
========================================================================================
...全文
请发表友善的回复…
发表回复
silentwins 2005-03-03
- 打赏
- 举报
http://www.pcworld.com.cn/issue/2003/0304/0405.asp
