Cisco ASA NAT: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=Maskieren auf ausgehende Interface= *ciscoasa(config)# object network obj-lan *ciscoasa(config-network-object)# subnet 172.18.122.0 255.255.255.0 *ciscoasa(c…“) |
Thomas (Diskussion | Beiträge) |
||
| (19 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | =Maskieren auf ausgehende Interface= | + | =Maskieren auf ausgehende Interface (Regular Dynamic PAT)= |
*ciscoasa(config)# object network obj-lan | *ciscoasa(config)# object network obj-lan | ||
*ciscoasa(config-network-object)# subnet 172.18.122.0 255.255.255.0 | *ciscoasa(config-network-object)# subnet 172.18.122.0 255.255.255.0 | ||
*ciscoasa(config-network-object)# nat (if-inside,if-outside) dynamic interface | *ciscoasa(config-network-object)# nat (if-inside,if-outside) dynamic interface | ||
| + | ==Copy and Paste== | ||
| + | <pre> | ||
| + | configure terminal | ||
| + | object network obj-lan | ||
| + | subnet 172.18.122.0 255.255.255.0 | ||
| + | nat (if-inside,if-outside) dynamic interface | ||
| + | end | ||
| + | |||
| + | </pre> | ||
| + | |||
| + | =Nat auf einen Rechner im Lan (Regular Static NAT)= | ||
| + | =Portforwarding auf internen Bastion Host= | ||
| + | ;Webserver | ||
| + | *ciscoasa(config)# object network obj-www | ||
| + | *ciscoasa(config-network-object)# host 172.18.122.101 | ||
| + | *ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface service tcp www www | ||
| + | ;Smtp | ||
| + | *ciscoasa(config)# object network obj-smtp | ||
| + | *ciscoasa(config-network-object)# host 172.18.122.101 | ||
| + | *ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface service tcp smtp smtp | ||
| + | ;Ssh von 8472 auf 22 | ||
| + | *ciscoasa(config)# object network obj-ssh | ||
| + | *ciscoasa(config-network-object)# host 172.18.122.101 | ||
| + | *ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface service tcp ssh 8472 | ||
| + | =Acls bilden= | ||
| + | *ciscoasa(config)# access-list acl-bastion extended permit tcp any object obj-www eq www | ||
| + | *ciscoasa(config)# access-list acl-bastion extended permit tcp any object obj-smtp eq smtp | ||
| + | *ciscoasa(config)# access-list acl-bastion extended permit tcp any object obj-ssh eq ssh | ||
| + | =Acl anwenden= | ||
| + | *ciscoasa(config)# access-group acl-bastion in interface if-outside | ||
Aktuelle Version vom 17. Februar 2016, 09:58 Uhr
Maskieren auf ausgehende Interface (Regular Dynamic PAT)
- ciscoasa(config)# object network obj-lan
- ciscoasa(config-network-object)# subnet 172.18.122.0 255.255.255.0
- ciscoasa(config-network-object)# nat (if-inside,if-outside) dynamic interface
Copy and Paste
configure terminal
object network obj-lan
subnet 172.18.122.0 255.255.255.0
nat (if-inside,if-outside) dynamic interface
end
Nat auf einen Rechner im Lan (Regular Static NAT)
Portforwarding auf internen Bastion Host
- Webserver
- ciscoasa(config)# object network obj-www
- ciscoasa(config-network-object)# host 172.18.122.101
- ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface service tcp www www
- Smtp
- ciscoasa(config)# object network obj-smtp
- ciscoasa(config-network-object)# host 172.18.122.101
- ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface service tcp smtp smtp
- Ssh von 8472 auf 22
- ciscoasa(config)# object network obj-ssh
- ciscoasa(config-network-object)# host 172.18.122.101
- ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface service tcp ssh 8472
Acls bilden
- ciscoasa(config)# access-list acl-bastion extended permit tcp any object obj-www eq www
- ciscoasa(config)# access-list acl-bastion extended permit tcp any object obj-smtp eq smtp
- ciscoasa(config)# access-list acl-bastion extended permit tcp any object obj-ssh eq ssh
Acl anwenden
- ciscoasa(config)# access-group acl-bastion in interface if-outside