Tweet
Port Forwarding với ASA 5505
Hi all,
Tôi có network như sau
LAN ---> Cisco ASA 5505 ---> Internet
giờ có 1 web server trong LAN, muốn map port 80 từ ASA vào LAN nhưng không được. Cấu hình hiện tại như sau:
Nhờ mọi người check giúp xem sai gì mà không access được Web server? Sai cấu hình NAT ?
Xin cám ơn !
Tôi có network như sau
LAN ---> Cisco ASA 5505 ---> Internet
giờ có 1 web server trong LAN, muốn map port 80 từ ASA vào LAN nhưng không được. Cấu hình hiện tại như sau:
Code:
: Saved : ASA Version 8.0(3)6 ! hostname ciscoasa domain-name mydomain.com enable password <deleted> encrypted passwd <deleted> encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group MyISP ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone ICT 7 dns server-group DefaultDNS domain-name mydomain.com same-security-traffic permit intra-interface object-group protocol TCPUDP protocol-object udp protocol-object tcp access-list outside_access_in extended permit tcp any host 117.x.x.x eq www pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 dns static (inside,outside) tcp interface www 192.168.0.2 www netmask 255.255.255.255 dns static (outside,inside) tcp 192.168.0.2 www 117.x.x.x www netmask 255.255.255.255 dns access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group MyISP request dialout pppoe vpdn group MyISP localname MyUserName vpdn group MyISP ppp authentication pap vpdn username MyUserName password ********* dhcpd address 192.168.0.2-192.168.0.254 inside ! threat-detection basic-threat threat-detection statistics ntp server 210.138.109.164 source outside prefer ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:<deleted> : end
Xin cám ơn !
Comment