
10金币
本帖最后由 ffoofu415 于 2016-10-9 20:33 编辑 & ~5 {7 O* W; @0 k0 l; _
( v& ^; ~; i1 q S$ r" S' `( |医保专线地址是192.100.132.1/24 网关地址是:192.100.132.254 医保服务default.host=10.85.66.24 default.port=8081) i/ {. _+ M1 ~. g) R- o5 d
}+ p/ q+ Q6 o. d" D2 {& {& r+ l* }4 f" |& I) I
电信外网地址是:115.115.115.138 255.255.255.248 115.115.115.137
) E) R" _0 A) e核心与防火墙的互联地址是172.16.4.2 255.255.255.224
6 }" Q$ _3 ~& Z要求
6 e z' ?, o, r4 k, @% w内网10.4.3.0/24 10.4.4.0/24 访问外网通过电信外网访问 。. U' d( b" v% I3 i3 W- t7 x
10.4.1.0/24 10.4.2.0/24 10.4.4.0/24访问医保走医保专线 7 Y* J6 P& f5 a0 q) m
2 k7 c: {% L; |# L
SAS5525 医院医保和外网分流配置忘赐教
4 C. z$ ]6 R7 K+ [0 I! ?7 H; ^
: ^/ F, f9 K6 S0 j# a
F8 a" A$ [: q$ S& d1 {) k% [下面的配置内网所有VLAN都访问外网
1 m- |1 j$ U/ t6 E5 q$ Q要怎么修改和配置实现上面的要求 忘指教
m# m8 `8 d3 o( _# h) F+ bASA5525配置3 J' R: H$ K- @( B; ^. E. k
show ru
4 j% A8 ]+ H' L+ y! y) [: Saved5 }# W& H h; h% [( t. V
7 F; k8 x8 i; c( o:
a3 K4 e; d+ q: Serial Number: FCH20157H3A
9 q" U9 k. M7 X) U# n: p: Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2393 MHz, 1 CPU (4 cores)
: q8 S: S* P& w h:
) ~+ X9 N9 w. O4 \2 [ASA Version 9.4(1)
8 X( Y! V% T& {- i- e( h1 r8 d4 X% v
interface GigabitEthernet0/0
, A, q! _" P; x9 }& e% x+ ]; L description to_dianxinwaiwang9 v' { |7 M5 A0 y5 i
nameif outside6 ?9 r3 |1 d0 _2 L# o- U9 ?+ U* w
security-level 05 D9 d$ P+ P2 j" K
ip address 115.115.115.138 255.255.255.248
. _. H( m4 n# W( J!3 d, {, ~( t+ K+ t( s$ g0 V
interface GigabitEthernet0/17 W9 N; u" ^* _- u3 P# D/ I" Y
description to_3750_48kou
4 B1 n. _8 J: z3 J; k3 P nameif inside
- S% H% T5 s9 a! w: F security-level 1004 Z# u! o6 J% `! H
ip address 172.16.4.1 255.255.255.224
! j5 v7 E7 V. N0 l' `$ q! _. T* b7 `( \
interface GigabitEthernet0/2; G8 U: T$ h" {
nameif outside27 G; d/ t; Q9 h) |1 s! o
security-level 0$ `5 C9 N( j @' }! L6 Y ~$ x8 b
ip address 192.100.132.1
+ T( i0 q3 z. {% B/ _no shutdown$ _1 |* H! \1 M2 ]* C; ], b% t% c
1 s7 k# N$ o; Pinterface GigabitEthernet0/5
5 [. G2 {8 K- p, V) n! G description tftp_chuangsujiekou
9 G0 G+ D! B; Q9 A2 S& P nameif inside1- p+ M- a- Y! y* Z+ i
security-level 0
7 k' _% M* i. g2 s9 V ip address 10.10.10.10 255.255.255.0 1 O t7 I$ D/ {# |- H- [
: ^1 m/ H: r& i, a- P5 s9 W
interface Management0/0
/ m- f' }( k v management-only
M S- |( a6 w$ [' ~ | nameif management
( P3 {4 ~, F; g security-level 100: o/ z1 ^( S9 T2 `% L
ip address 10.120.120.1 255.255.255.0 # ]1 F" R8 A* A5 K/ p
5 k3 n0 @0 X( \( k5 D1 f; hobject network inside-outside-all
) ]3 {4 @4 b' ^' x) M# U: m: q# S subnet 10.4.0.0 255.255.0.09 E9 Q- l; ^! L. ]9 I* w! Y
object network 1.38 c7 \8 z0 l( ^8 z
host 10.4.1.34 d" A* N% `& |6 C8 |+ z
access-list outside extended permit icmp any any , x0 q& D: ^1 Y* \+ J$ O% G4 h, ]
access-list outside extended permit udp any any
- p$ ]/ R* ?6 Q8 y' w+ gaccess-list outside extended permit tcp any host 10.4.1.3 eq 3389
K/ K# F" H4 |4 Z- h. r" {" T3 ~: e: F8 c0 F0 @3 S V
object network inside-outside-all
% T. M0 k% }( k- ]5 k( ~. h nat (inside,outside) dynamic interface dns) x. N4 o( Z4 g t, b3 I- t" u
object network 1.3
5 x0 D& N; ]" {3 g" u nat (inside,outside) static interface service tcp 3389 8933 0 P% Y ~/ ]5 o/ \
access-group outside in interface outside
& w, Z4 i- f- [3 j& N* _" `& Wroute outside 0.0.0.0 0.0.0.0 115.115.115.137 1
G. N1 f8 F' i% t( Aroute inside 10.4.0.0 255.255.0.0 172.16.4.2 1
- d: I7 G6 M7 l! H4 T7 p' N. y$ }; ^
|
|