同样的配置,一直都好好的,突然其中一台内网地址为10.1.1.108的82,21,8181,8101,80五个口映射到外网地址为222.75.160.116的82,21,8181,8101,80五个口的服务器的80口从外边访问是无响应,其他四个口的应用能打开, M7 b" s$ Z& Z! R1 y0 i
这是什么原因啊) x) I4 B7 R% l
配置如下9 W# ?2 Y s4 A6 }+ z3 |" j
nxgov-pix# show run
+ Q, `9 u' k; U8 }+ s! f; p: Saved
( Z0 K) x* I/ ]. {: c& n9 @:
7 s0 w) ]% q; H* J/ J n! kPIX Version 6.3(4)
7 o+ G, {; Y! C3 i9 G1 q2 ~interface ethernet0 auto
% R& w* F/ ? \ t9 x, Uinterface ethernet1 auto
, w ^9 N1 {1 U3 t/ w1 J7 \' inameif ethernet0 outside security0
" ~- o$ b A0 w" y) q, t9 Ynameif ethernet1 inside security100; Q9 c" Z* z( _
enable password 11111111111111111111 encrypted5 w U# r' _' v+ W; F. U
passwd 111111111111111111111111111 encrypted
! y7 n [; Z6 C' \4 ehostname nxgov-pix! q- E5 E0 A9 ~$ t* P: z
domain-name nxgov" A9 z3 y/ n, L( H
fixup protocol dns maximum-length 5122 e$ C0 J% V5 L4 Q
fixup protocol ftp 21
0 h; {- q* m- F! Ofixup protocol h323 h225 1720
% P/ }7 |+ j/ N1 r- o- ffixup protocol h323 ras 1718-1719
/ |2 Z) m! G7 b' }6 t- ?; Y5 ?. Sfixup protocol http 809 y1 Q6 Q4 Z9 I+ x. r( }* I
fixup protocol pptp 1723# i! F' }/ V1 v- k8 t- Y* k. e
fixup protocol rsh 514; t0 n7 @7 Z) b+ F& Z: \
fixup protocol rtsp 554
; W& G8 U9 b+ f- r4 K: Ufixup protocol sip 5060
9 [5 o; v( ]& Ifixup protocol sip udp 5060; @, Z5 i$ d; Z8 ^1 S
no fixup protocol skinny 2000
' }# Q" M! W$ @8 F* ino fixup protocol smtp 25
) _' t/ Z: |: y7 W0 d2 vfixup protocol sqlnet 1521% R# [ V1 B5 d. T
fixup protocol tftp 69
! w0 S+ _% p* L$ d knames# B& W- ]8 H& A. c" q* n
access-list 100 permit ip any any , P4 n5 O0 Z7 S. u/ @
access-list 200 permit tcp any host 222.75.160.114 eq telnet # N5 r/ t, @. O$ A. G% O
access-list 200 permit tcp any any eq smtp - t) u: [9 G Q0 v
access-list 200 permit tcp any any eq 161 ( B+ p+ A$ h. A9 Q7 e! Z8 B
access-list 200 permit tcp any host 222.75.160.114 eq 3389 1 G9 X* M7 U# i4 a& m
pager lines 24! V+ Z6 \" M, x* b5 @3 \) v8 c
mtu outside 1500
! M! S3 X& u( G4 jmtu inside 1500+ P* u# Q0 p% \
ip address outside 222.75.160.114 255.255.255.240
$ G4 ]& Y+ Y& S9 O1 p: eip address inside 10.1.2.254 255.255.255.02 J8 |: F: |" |+ x& ?
ip audit info action alarm
% [+ G& u8 F- n6 X* [5 Kip audit attack action alarm
) a/ _/ z+ o9 a ~) _5 ]( e8 Gno failover/ Y2 ^* S+ O/ `( k! D
failover timeout 0:00:002 r s; O, ~ [( X8 P$ U4 P
failover poll 15
. m! m# j9 s/ g* Z/ R6 M* Nno failover ip address outside
; Y# V @+ T- Tno failover ip address inside( Y1 ^9 y' X% a# B
pdm history enable
+ ^) z. Y; z: A g. h4 varp timeout 14400
6 }7 D( _. ~8 _4 sglobal (outside) 1 interface
! R0 S2 f% }( h, T5 G2 F1 O5 Knat (inside) 1 0.0.0.0 0.0.0.0 0 0
+ q6 V2 E' z+ A4 T; y" D3 `2 S4 ~ [% sstatic (inside,outside) tcp 222.75.160.114 telnet 192.168.0.254 telnet netmask 255.255.255.255 0 0 1 S$ x. ?/ n# `
static (inside,outside) tcp 222.75.160.114 3389 10.1.2.199 3389 netmask 255.255.255.255 0 0 * o$ D+ h* N+ ]* l$ X
static (inside,outside) tcp 222.75.160.114 7000 10.1.2.199 7000 netmask 255.255.255.255 0 0
) G! C4 q& t* b% y2 ]static (inside,outside) tcp 222.75.160.114 7100 10.1.2.199 7100 netmask 255.255.255.255 0 0
6 R4 w4 j0 x( _+ C8 Wstatic (inside,outside) tcp 222.75.160.114 7200 10.1.2.199 7200 netmask 255.255.255.255 0 0
( S7 U( u/ O5 l" jstatic (inside,outside) tcp 222.75.160.114 7210 10.1.2.199 7210 netmask 255.255.255.255 0 0
/ a9 F* F- p8 N/ @+ s7 N# Gstatic (inside,outside) tcp 222.75.160.114 7220 10.1.2.199 7220 netmask 255.255.255.255 0 0 ! \# @0 [4 \" {: k2 l" Q
static (inside,outside) tcp 222.75.160.120 https 10.1.1.152 https netmask 255.255.255.255 0 0 9 |* J: p2 g" x6 ^" i: X3 O( B
static (inside,outside) tcp 222.75.160.120 4899 192.168.21.219 4899 netmask 255.255.255.255 0 0 & F1 @ Y# d/ Q7 @6 Q
static (inside,outside) tcp 222.75.160.120 www 10.1.1.143 www netmask 255.255.255.255 0 0
9 g2 m, [. p4 {& a! d5 [' O& G! Qstatic (inside,outside) tcp 222.75.160.120 3389 10.1.1.143 3389 netmask 255.255.255.255 0 0 # S- t) Q2 q: b: V/ U
static (inside,outside) tcp 222.75.160.121 www 10.1.1.101 www netmask 255.255.255.255 0 0
/ w: v: r! L) t7 y; j( Bstatic (inside,outside) tcp 222.75.160.121 smtp 10.1.1.101 smtp netmask 255.255.255.255 0 0 R( ~2 r; P, ?; O: s
static (inside,outside) tcp 222.75.160.121 pop3 10.1.1.101 pop3 netmask 255.255.255.255 0 0 , F0 E# A- o w+ b' L" h: `
static (inside,outside) tcp 222.75.160.122 www 10.1.1.201 www netmask 255.255.255.255 0 0
, _% o& q5 T+ e9 Fstatic (inside,outside) tcp 222.75.160.122 3389 10.1.1.201 3389 netmask 255.255.255.255 0 0
u; g* q0 o: \! \! o- k3 o3 a/ y. `static (inside,outside) tcp 222.75.160.121 3389 10.1.1.197 3389 netmask 255.255.255.255 0 0 9 M+ @( g2 q f
static (inside,outside) tcp 222.75.160.126 8080 10.1.1.106 8080 netmask 255.255.255.255 0 0
) Z0 Q! X2 d( n1 Zstatic (inside,outside) tcp 222.75.160.120 6001 10.1.1.93 6001 netmask 255.255.255.255 0 0
( h9 Z+ Z5 A6 h- i5 _static (inside,outside) tcp 222.75.160.120 6002 10.1.1.93 6002 netmask 255.255.255.255 0 0 ' \4 ]% _" B+ V+ h* _+ K' x
static (inside,outside) tcp 222.75.160.120 6003 10.1.1.93 6003 netmask 255.255.255.255 0 0 # f$ d& ]* p2 [" O8 e/ Z8 z
static (inside,outside) tcp 222.75.160.125 www 10.1.1.131 www netmask 255.255.255.255 0 0
! Q. [, f; B5 ~" r2 V2 z! Dstatic (inside,outside) tcp 222.75.160.120 7001 10.1.1.121 3389 netmask 255.255.255.255 0 0
# x; V# H. ~& c9 t( d: }static (inside,outside) tcp 222.75.160.120 7002 10.1.1.122 3389 netmask 255.255.255.255 0 0
$ O$ a/ L7 K4 s& estatic (inside,outside) tcp 222.75.160.120 7003 10.1.1.124 3389 netmask 255.255.255.255 0 0 - }6 n! g1 w7 {0 I* X2 X) U6 K( j
static (inside,outside) tcp 222.75.160.120 7004 10.1.1.125 3389 netmask 255.255.255.255 0 0 . c, f; p; n& O$ _* K8 _" _
static (inside,outside) tcp 222.75.160.120 7005 10.1.1.126 3389 netmask 255.255.255.255 0 0 $ T0 i! G& a7 k( t# _, G
static (inside,outside) tcp 222.75.160.120 6005 10.1.1.93 6005 netmask 255.255.255.255 0 0 ' v0 V) {% N2 K k+ F
static (inside,outside) tcp 222.75.160.116 82 10.1.1.108 82 netmask 255.255.255.255 0 0
' K$ I' d9 l+ k$ R2 Y3 U: ostatic (inside,outside) tcp 222.75.160.116 ftp 10.1.1.108 ftp netmask 255.255.255.255 0 0 N# b! r. n# M" G" j4 w; s, F
static (inside,outside) tcp 222.75.160.116 8181 10.1.1.108 8181 netmask 255.255.255.255 0 0
6 P9 N* L4 ~7 J2 D# s1 G9 \static (inside,outside) tcp 222.75.160.123 www 10.1.1.162 www netmask 255.255.255.255 0 0
% ]) }) ?" b8 ]" _& c# ostatic (inside,outside) tcp 222.75.160.123 8443 10.1.1.162 8443 netmask 255.255.255.255 0 0 : P- i, t) d: S8 Q8 B- c w" S3 H
static (inside,outside) tcp 222.75.160.123 ssh 10.1.1.162 ssh netmask 255.255.255.255 0 0
9 {3 [' ^9 j. b9 v: w* {. G" wstatic (inside,outside) tcp 222.75.160.116 8101 10.1.1.108 8101 netmask 255.255.255.255 0 0
- W, V, A1 a# H. a6 i1 ^/ nstatic (inside,outside) tcp 222.75.160.126 www 10.1.1.106 www netmask 255.255.255.255 0 0
; w$ d& H2 w2 n C8 B& g9 f( lstatic (inside,outside) tcp 222.75.160.116 www 10.1.1.108 www netmask 255.255.255.255 0 0 $ c. O1 W! |# \' d B7 A+ Z. [# g* e
static (inside,outside) 222.75.160.117 10.1.2.3 netmask 255.255.255.255 0 0 2 d c. Y" m( G* A' z# p3 z
access-group 100 in interface outside c1 F3 R- ?+ d4 a$ y* k/ m
access-group 100 in interface inside
: k! D, f# p$ ]route outside 0.0.0.0 0.0.0.0 222.75.160.113 1
# }2 l# Z4 h4 l! _" vroute inside 10.1.1.0 255.255.255.0 10.1.2.2 1
$ U2 \* i. \+ M, d9 q) Aroute inside 36.2.0.0 255.255.0.0 10.1.2.2 14 w$ n2 I- d7 @; E2 R4 B, A( c
route inside 172.16.1.0 255.255.255.0 10.1.2.2 11 _8 G: D0 Z) e% W
route inside 192.168.0.0 255.255.0.0 10.1.2.2 1/ }" D4 m9 T8 @$ k
timeout xlate 3:00:00$ j. \! @( r9 c( Y
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:001 l6 k5 Y( |: g+ v, j7 J% G) i' ?) g8 a
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
! M/ f( R. q! T# S* Wtimeout uauth 0:05:00 absolute4 |" A" K$ _5 V: g
aaa-server TACACS+ protocol tacacs+
8 W- z2 b; y1 _" @+ Y4 p- Kaaa-server TACACS+ max-failed-attempts 3 . j/ {9 N9 T/ V: e- C, m+ t1 @
aaa-server TACACS+ deadtime 10
% J* G0 O; b7 S+ n+ laaa-server RADIUS protocol radius 4 U' G9 w* l' d
aaa-server RADIUS max-failed-attempts 3
2 u: S% \ @7 I* Z, P0 [aaa-server RADIUS deadtime 10
; @! X& V) F a, l4 x |! Caaa-server LOCAL protocol local
9 c7 s& G" b S$ fhttp server enable+ {- p- s. }7 P2 J# ^+ G" ?; k4 L% \
http 10.1.1.122 255.255.255.255 inside
% T! h$ v7 z& \no snmp-server location
# ^' o# r7 u, S* L; v+ |no snmp-server contact
1 t! s3 A* d" V& |snmp-server community public2 L2 N6 y1 m5 k0 g4 T
no snmp-server enable traps
- Z$ o" a! _% v/ s7 Yfloodguard enable# e& F$ B f7 V
service resetinbound! X3 B' O# F! N" O2 T/ D8 @
service resetoutside
/ _0 I9 k+ j$ rtelnet 10.1.2.0 255.255.255.0 inside
5 v, {: v! p; {telnet timeout 5- a# g$ m7 L9 x1 e' v6 C
ssh timeout 5
" k# |* {5 Q+ Qconsole timeout 0
, \7 e w. v! gterminal width 80% |( f9 L8 W6 |5 A7 B, O
Cryptochecksum:5a735e521e1339e421a43211a717c094
0 y3 v6 J% e. g, `$ R: end |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
