在Cisco ASA 5505上打开端口

我正在尝试configuration一个新的5505，但是我打开的端口允许从外面进入。 我的设置是康卡斯特商业调制解调器（W /单静态IP） – > ASA（10.0.0.1） – >（愚蠢）交换机 – > NAS（10.0.0.10）。 我试图打开端口5001的NAS。 我对IOS很新，所以我主要在ASDM工作。 不知道我是否为自己过度复杂，或者我被卡住了。

我的运行configuration是 –

ASA Version 8.2(5) ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 10.0.0.10 MiniSrvr description MiniSrvr ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 10.0.0.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 74.xx249 255.255.255.252 ! ftp mode passive object-group service Syno_HTTPS tcp port-object eq 5001 object-group service DM_INLINE_TCP_1 tcp group-object Syno_HTTPS port-object eq https access-list outside_access_in extended permit tcp any host MiniSrvr object-group DM_INLINE_TCP_1 pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface 5001 MiniSrvr 5001 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 74.xx250 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 10.0.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh 10.0.0.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd dns 75.75.75.75 75.75.76.76 dhcpd lease 38600 ! dhcpd address 10.0.0.100-10.0.0.199 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn anyconnect-essentials username xxx password XTTcBNvipbwHw4hk encrypted privilege 15 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:33ba890463db57b8ad5a2ecbf378b412 : end 

• 是否有Cisco ASA设备的“show cdp neighbors”types命令？
• 如何在Cisco ASA 55xx路由器上允许ICMP回显请求？
• ASA 5505，是否支持BGP？
• 通过VPN进行ASA TFTP备份
• 我如何configuration一个ASA，使我可以使用一个sub-priviledge 15用户从http下载当前configuration？

 access-list outside_access_in extended permit tcp any host MiniSrvr object-group Syno_HTTPS 

 <--snip--> object-group service Syno_HTTPS tcp port-object eq 5001 object-group service DM_INLINE_TCP_1 tcp group-object Syno_HTTPS port-object eq https access-list outside_access_in extended permit tcp any host MiniSrvr object-group DM_INLINE_TCP_1 <--snip--> static (inside,outside) tcp interface 5001 MiniSrvr 5001 netmask 255.255.255.255 access-group outside_access_in in interface outside <--snip--> 

 access-list outside_access_in extended permit tcp any host MiniSrvr object-group Syno_HTTPS