添加Cisco ASA5550后，我的服务器无法访问互联网

这是我的networking基础设施。

我的networking中有一个问题。

服务器M，A，B，C，D都有公网IP地址。 在我的networking之外的人可以在任何地方ping服务器M，但是他们不能访问服务器M.服务器M可以ping任何在互联网上的ip地址，但是它不能访问任何在我的networking之外的ip。

• input数据包丢弃
• 在我无法更改的局域网中为站点到站点服务添加思科RV084设备
• 路由器或防火墙或服务器作为VPN服务器
• 多个接口：将数据包路由到特定的接口
• 如何禁用Linux 2.6.18-164.2.1.el5上的“慢启动”

服务器M可以访问服务器A，B，C，D，而A，B，C，D也可以访问M.A，B，C，D工作正常。 人们可以在任何地方访问它们。

当我在我的networking中交换A和M时。 我只是改变他们的IP信息。 新的A工作正常。 所以我确定服务器M的configuration是可以的。

我的问题是关于服务器M.我认为ASA5550有什么问题，但我不知道这种情况。 看起来ASA5550在服务器M上不能做任何事情，它们在同一个networking上。

谢谢。

这里是asa5550configuration。 出于安全原因，我已经隐藏了真正的ip：

**asa01# sh config** : Saved : Written by admin at 17:03:21.222 PST Thu Jan 3 2013 ! ASA Version 8.4(3) ! hostname asa01 domain-name abcd.com enable password r7t8ty9u0io encrypted passwd s8d8r7u5k3j encrypted names ! interface GigabitEthernet0/0 duplex full nameif outside security-level 0 ip address *.*.*.162 255.255.255.248 ! interface GigabitEthernet0/1 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/2 nameif LAN_IDC security-level 50 ip address 192.168.10.5 255.255.255.0 ! interface GigabitEthernet0/3 duplex full shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! interface GigabitEthernet1/0 nameif wxc_webservice security-level 50 ip address *.*.*.1 255.255.255.0 ! interface GigabitEthernet1/1 nameif wxc_ecommerce security-level 50 ip address *.*.*.1 255.255.255.0 ! interface GigabitEthernet1/2 shutdown nameif wxc_hosting security-level 50 ip address *.*.*.193 255.255.255.192 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! boot system disk0:/asa843-k8.bin ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup outside dns server-group DefaultDNS name-server 8.8.8.8 name-server 4.2.2.1 domain-name abcd.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network 10.xxx subnet 10.0.0.0 255.0.0.0 object network 172.16.xx-172.31.xx subnet 172.16.0.0 255.240.0.0 object network 192.168.xx subnet 192.168.0.0 255.255.0.0 object network localhosts-192.168.10.x subnet 192.168.10.0 255.255.255.0 object network office_gateway host *.*.*.* object-group service webmin tcp description web base management port-object eq 10000 object-group network privateNetworks network-object object 10.xxx network-object object 172.16.xx-172.31.xx network-object object 192.168.xx object-group service DM_INLINE_SERVICE_1 service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq domain object-group network China description Some unfriendly IP network-object 1.192.0.0 255.248.0.0 object-group network HOST description Outside Servers object-group network HighHit network-object 1.224.0.0 255.224.0.0 network-object 126.19.86.0 255.255.255.0 network-object host 175.124.121.53 network-object host 182.16.11.4 network-object host 219.90.122.125 network-object host 50.46.148.219 network-object host 70.31.17.70 network-object host 76.65.157.22 network-object host 85.92.159.84 object-group network Trusted network-object object office_gateway object-group network BlackList group-object HighHit group-object privateNetworks object-group service mysql tcp port-object eq 3306 object-group service DM_INLINE_TCP_1 tcp group-object mysql port-object eq ftp port-object eq ftp-data access-list local extended permit ip any any log errors access-list wxc_webservice_access_in extended deny ip object-group privateNetworks any access-list wxc_webservice_access_in extended permit ip *.*.*.0 255.255.255.0 any log errors access-list wxc_webservice_access_in extended permit ip object-group HOST any access-list wxc_hosting_access_in extended deny ip object-group privateNetworks any access-list wxc_hosting_access_in extended permit ip *.*.*.192 255.255.255.192 any log errors access-list wxc_hosting_access_in extended permit ip object-group HOST any access-list wxc_ecommerce_access_in extended deny ip object-group privateNetworks any access-list wxc_ecommerce_access_in extended permit ip *.*.*.0 255.255.255.0 any log errors access-list wxc_ecommerce_access_in extended permit ip object-group HOST any access-list outside_access_in extended deny ip object-group BlackList any log errors access-list outside_access_in extended permit tcp object-group HOST any object-group DM_INLINE_TCP_1 log errors access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any log errors access-list outside_access_in extended permit icmp any any log errors inactive access-list LAN_IDC_access_in extended permit ip object localhosts-192.168.10.x any access-list global_access extended permit ip object-group Trusted any pager lines 24 logging enable logging monitor emergencies logging trap warnings logging asdm emergencies mtu outside 1500 mtu LAN_IDC 1500 mtu management 1500 mtu wxc_webservice 1500 mtu wxc_ecommerce 1500 mtu wxc_hosting 1500 ip verify reverse-path interface outside ip verify reverse-path interface wxc_webservice ip verify reverse-path interface wxc_ecommerce ip verify reverse-path interface wxc_hosting no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-647.bin no asdm history enable arp timeout 60 nat (LAN_IDC,outside) source static any any unidirectional nat (LAN_IDC,wxc_ecommerce) source static any any unidirectional nat (LAN_IDC,wxc_hosting) source static any any unidirectional nat (LAN_IDC,wxc_webservice) source static any any unidirectional access-group outside_access_in in interface outside access-group LAN_IDC_access_in in interface LAN_IDC access-group wxc_webservice_access_in in interface wxc_webservice access-group wxc_ecommerce_access_in in interface wxc_ecommerce access-group wxc_hosting_access_in in interface wxc_hosting access-group global_access global route outside 0.0.0.0 0.0.0.0 *.*.*.161 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authorization command LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 192.168.10.0 255.255.255.0 LAN_IDC no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh 192.168.10.0 255.255.255.0 LAN_IDC ssh timeout 30 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! ! tls-proxy maximum-session 1000 ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 69.25.96.13 source outside ntp server 216.75.62.9 source outside ntp server 216.171.124.36 source outside ntp server 24.56.178.140 source outside webvpn username admin password s7d7f8gh9kie4 encrypted privilege 15 ! ! privilege cmd level 3 mode exec command perfmon privilege cmd level 3 mode exec command ping privilege cmd level 3 mode exec command who privilege cmd level 3 mode exec command logging privilege cmd level 3 mode exec command failover privilege cmd level 3 mode exec command vpn-sessiondb privilege cmd level 3 mode exec command packet-tracer privilege show level 5 mode exec command import privilege show level 5 mode exec command running-config privilege show level 3 mode exec command reload privilege show level 3 mode exec command mode privilege show level 3 mode exec command firewall privilege show level 3 mode exec command asp privilege show level 3 mode exec command cpu privilege show level 3 mode exec command interface privilege show level 3 mode exec command clock privilege show level 3 mode exec command dns-hosts privilege show level 3 mode exec command access-list privilege show level 3 mode exec command logging privilege show level 3 mode exec command vlan privilege show level 3 mode exec command ip privilege show level 3 mode exec command ipv6 privilege show level 3 mode exec command failover privilege show level 3 mode exec command asdm privilege show level 3 mode exec command arp privilege show level 3 mode exec command route privilege show level 3 mode exec command ospf privilege show level 3 mode exec command aaa-server privilege show level 3 mode exec command aaa privilege show level 3 mode exec command eigrp privilege show level 3 mode exec command crypto privilege show level 3 mode exec command ssh privilege show level 3 mode exec command vpn-sessiondb privilege show level 3 mode exec command vpn privilege show level 3 mode exec command dhcpd privilege show level 3 mode exec command blocks privilege show level 3 mode exec command wccp privilege show level 3 mode exec command dynamic-filter privilege show level 3 mode exec command webvpn privilege show level 3 mode exec command service-policy privilege show level 3 mode exec command module privilege show level 3 mode exec command uauth privilege show level 3 mode exec command compression privilege show level 3 mode configure command interface privilege show level 3 mode configure command clock privilege show level 3 mode configure command access-list privilege show level 3 mode configure command logging privilege show level 3 mode configure command ip privilege show level 3 mode configure command failover privilege show level 5 mode configure command asdm privilege show level 3 mode configure command arp privilege show level 3 mode configure command route privilege show level 3 mode configure command aaa-server privilege show level 3 mode configure command aaa privilege show level 3 mode configure command crypto privilege show level 3 mode configure command ssh privilege show level 3 mode configure command dhcpd privilege show level 5 mode configure command privilege privilege clear level 3 mode exec command dns-hosts privilege clear level 3 mode exec command logging privilege clear level 3 mode exec command arp privilege clear level 3 mode exec command aaa-server privilege clear level 3 mode exec command crypto privilege clear level 3 mode exec command dynamic-filter privilege cmd level 3 mode configure command failover privilege clear level 3 mode configure command logging privilege clear level 3 mode configure command arp privilege clear level 3 mode configure command crypto privilege clear level 3 mode configure command aaa-server prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:77568a5955343072d670a4b1cfdeaaf2