服务器 Gind.cn
  1. 服务器 Gind.cn
  3. ASA 5505 vLAN路由 – 2 LAN 1 WAN
Intereting Posts
文件组不能删除,因为它不是空的错误,没有文件 与专家系统pipe理员,是Windows和Linux平等的安全 如何防止bash $replace? 只有在请求中存在某个标题的情况下才能使用基本身份validation? 在SQL Server Management Studio中使用Subversion 从gpsd设置ntp时间 yum更新升级 软件RAID 10arrays中的设备:清洁,降级。 哎哟? 如何使用apc.php的一个副本监控多个网站? 如何使xxx.one.com从yyy.two.com加载内容 适用于小型服务器集群的networking交换机 备用方法通过MIFI连接一个VPN Netcat输出pipe道,jsonparsing HaProxy放下CONNECT请求 挖掘超时选项不起作用

ASA 5505 vLAN路由 – 2 LAN 1 WAN

我正在使用基本许可证设置Cisco ASA 5505。

TCP / UDP通信从内部 – >外部,外部 – >内部,内部 – >安全,这是我所希望的交通安全。

从内部 – >安全工作,HTTP,SSH和其他访问,但我不能从内部 – >安全(192.168.110.0主机到192.168.7.1或192.168.7.0主机)。

我如何启用ICMP?

组态: 

interface Vlan1 nameif inside security-level 100 ip address 192.168.110.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group birdie ip address removedIP 255.255.255.255 pppoe ! interface Vlan3 no forward interface Vlan1 nameif secure security-level 50 ip address 192.168.7.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 switchport access vlan 3 ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! ftp mode passive clock timezone EST -5 clock summer-time EDT recurring access-list Outside-In extended permit icmp any any access-list Outside-In extended permit tcp any any eq www access-list Outside-In extended permit tcp any any eq https access-list Outside-In extended permit tcp any any eq 5969 access-list inside_nat0_outbound extended permit ip any 192.168.111.0 255.255.255.224 access-list standardUser_splitTunnelAcl1 extended permit ip 192.168.111.0 255.255.255.0 any access-list standardUser_splitTunnelAcl1 extended permit ip 192.168.110.0 255.255.255.0 any access-list inside_in extended permit icmp any any access-list inside_in extended permit ip any any access-list secure_in extended permit icmp any any access-list secure_in extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1492 mtu outside 1492 mtu secure 1500 ip local pool vpnuser 192.168.111.5-192.168.111.20 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 nat (secure) 1 192.168.7.0 255.255.255.0 static (inside,outside) tcp interface https 192.168.110.6 https netmask 255.255.255.255 static (inside,outside) tcp interface www 192.168.110.6 www netmask 255.255.255.255 static (inside,outside) tcp interface 5969 192.168.110.12 5969 netmask 255.255.255.255 static (inside,secure) 192.168.110.0 192.168.110.0 netmask 255.255.255.0 access-group inside_in in interface inside access-group Outside-In in interface outside access-group secure_in in interface secure route outside 0.0.0.0 0.0.0.0 RemovedIP 1

在你的configuration中唯一看起来很奇怪的是static(inside,secure)语句。 由于映射的和真实的地址是相同的,所以似乎是不可操作的。 在我的configuration中,我也有一个dmztypes的networking,没有static(inside,dmz)语句。 (我有static(dmz,outside) ...对于外部暴露的服务)。

无论如何,尝试删除该静态,看看有什么影响。