ASA 8.4 nat
! проброс порта во внутрь
interface Vlan3
nameif PBX
security-level 90
ip address 192.168.19.1 255.255.255.0
!
interface Vlan22
nameif DMZ
security-level 90
ip address 192.168.22.253 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address XX.XX.XX.XX 255.255.255.240
object network RDP-SRV
host 192.168.0.6
object network PBX-SRV
host 192.168.19.42
object service SSH_service
service tcp destination eq ssh
object service SSH_ext
service tcp destination eq 2222
object service RDP_service
service tcp destination eq 3389
nat (outside,DMZ) source dynamic any interface destination static interface RDP-SRV service RDP_service RDP_service
nat (outside,PBX) source dynamic any interface destination static interface PBX-SRV service SSH_ext SSH_service
fw-asa# sh xlate
4 in use, 5 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
e - extended
TCP PAT from DMZ:192.168.0.6 3389-3389 to outside:XX.XX.XX.XX 3389-3389
flags srT idle 0:26:11 timeout 0:00:00
TCP PAT from PBX:192.168.19.42 22-22 to outside:XX.XX.XX.XX 2222-2222
flags srT idle 0:05:25 timeout 0:00:00
TCP PAT from outside_intertax:YY.YY.YY.YY/60269 to PBX:192.168.19.1/60269 flags ri idle 0:10:41 timeout 0:00:30
TCP PAT from outside_intertax:YY.YY.YY.YY/32021 to DMZ:192.168.22.253/32021 flags ri idle 0:26:11 timeout 0:00:30
Комментариев нет:
Отправить комментарий