查看: 2828|回复: 3
GNS 模拟ASA5520 做nat
inside内网 无法ping通outside外网
在线时间 小时
阅读权限50
本帖最后由 hoho5000 于
10:39 编辑
nat.png (27.23 KB, 下载次数: 7)
10:22 上传
从R3上ping asa2的outside 口不通，ping asa1的outside口也不通，ping R2的loopback 0也不通；这个实验我上网找了好多资料，有人贴出GNS能做通NAT和ipsecVPN实验，但是我做了好多次都是不通，哪位高手知道是模拟器原因还是GNS就是做不了NAT实验？我实验用的ASA ios是asa802-k8-sing.gz内核是asa802-k8.vmlinuz。版主和大神帮帮忙吧！
ASA1的配置如下：
ASA Version 8.0(2)
hostname ASA1
enable password 8Ry2YjIyt7RRXU24 encrypted
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 120.3.2.21 255.255.255.0
interface Ethernet0/2
no security-level
no ip address
interface Ethernet0/3
shutdown& &&&
no security-level
no ip address
interface Ethernet0/4
no security-level
no ip address
interface Ethernet0/5
no security-level
no ip address
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
pager lines 24
mtu inside 1500
mtu outside 1500
no failover& &
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (inside) 1 192.168.10.0 255.255.255.0 outside
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 120.3.2.21 1
route inside 192.168.0.0 255.255.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
prompt hostname context
Cryptochecksum:
ASA2的配置如下：
ASA Version 8.0(2)
hostname ASA2
enable password 8Ry2YjIyt7RRXU24 encrypted
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 120.3.2.22 255.255.255.0
interface Ethernet0/2
no security-level
no ip address
interface Ethernet0/3
shutdown& &&&
no security-level
no ip address
interface Ethernet0/4
no security-level
no ip address
interface Ethernet0/5
no security-level
no ip address
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
pager lines 24
mtu inside 1500
mtu outside 1500
no failover& &
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 120.3.2.22 1
route inside 192.168.0.0 255.255.0.0 192.168.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!& && && && &
prompt hostname context
Cryptochecksum:
R1配置如下：
Building configuration...
Current configuration : 1579 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
no aaa new-model
ip subnet-zero
no ip domain lookup
ip ssh break-string
!& && && &
no crypto isakmp enable
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet1/0
no ip address
interface FastEthernet1/1
no ip address
interface FastEthernet1/2
no ip address
interface FastEthernet1/3
no ip address
interface FastEthernet1/4
no ip address
interface FastEthernet1/5
no ip address
interface FastEthernet1/6
no ip address
interface FastEthernet1/7
no ip address
interface FastEthernet1/8
no ip address
interface FastEthernet1/9
no ip address
!& && && &
interface FastEthernet1/10
no ip address
interface FastEthernet1/11
no ip address
interface FastEthernet1/12
no ip address
interface FastEthernet1/13
no ip address
interface FastEthernet1/14
no ip address
interface FastEthernet1/15
no ip address
interface Vlan1
ip address 192.168.10.1 255.255.255.0
no ip http server
no ip http secure-server
ip classless
control-plane
!& && && &
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
R2配置如下：
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
ip subnet-zero
no ip domain lookup
ip ssh break-string
!& && && &
no crypto isakmp enable
interface Loopback0
ip address 192.168.20.1 255.255.255.0
interface FastEthernet0/0
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet1/0
no ip address
interface FastEthernet1/1
no ip address
interface FastEthernet1/2
no ip address
interface FastEthernet1/3
no ip address
interface FastEthernet1/4
no ip address
interface FastEthernet1/5
no ip address
interface FastEthernet1/6
no ip address
interface FastEthernet1/7
no ip address
interface FastEthernet1/8
no ip address
!& && && &
interface FastEthernet1/9
no ip address
interface FastEthernet1/10
no ip address
interface FastEthernet1/11
no ip address
interface FastEthernet1/12
no ip address
interface FastEthernet1/13
no ip address
interface FastEthernet1/14
no ip address
interface FastEthernet1/15
no ip address
interface Vlan1
no ip address
no ip http server
no ip http secure-server
ip classless
control-plane
!& && && &
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
R3配置如下：
Building configuration...
Current configuration : 688 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R3
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip routing
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!& && && &
interface FastEthernet0/0
ip address 192.168.10.2 255.255.255.0
no ip route-cache
duplex auto
speed auto
no ip http server
no ip http secure-server
ip forward-protocol nd
control-plane
!& && && &
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
在线时间 小时
阅读权限50
大神在哪啊，怎么没人解答啊
在线时间 小时
阅读权限80
你除了ASA都有路由以外，其余的没一个写路由的，你没路由咋发数据包
在线时间 小时
阅读权限50
哦，确实是没做路由，做了就OK了，谢谢高手啊。
Powered by企业级VPN防火墙 CISCO ASA5520送路由-中关村在线
（中关村在线天津行情）Cisco ASA 5520 自适应安全设备能随着企业网络安全要求的增长而扩展，从而提供了强大的投资保护功能。最多可扩展至 25 名 (ASA 5505) 或 750 名 (ASA 5520) 员工。近日，该机（行货）在商家“天津双鑫汇”售价为24500元（含税），买防火墙送VIVIC无线路由及现场培训！产品特点：·强大的投资保护功能·模块化、高性能的设备图为：Cisco ASA 5520 自适应安全设备凭借一个模块化、高性能的设备，通过安装一个SSL VPN升级许可证，企业能在每个Cisco ASA 5520上支持750个SSL VPN对；基本平台上支持750个IPSec VPN对。为中型企业网络提供了具备主用/主用高可用性和千兆以太网连接的大量安全服务。Cisco ASA 5520的集成VPN集群和负载均衡功能可提高VPN容量和永续性。利用其4个千兆以太网接口和多达100个的VLAN，企业能够轻松地将Cisco ASA 5520部署到网络中的多个分区。Cisco ASA 5520的高级应用层安全和Anti-X防御得到增强。设备类型VPN防火墙并发连接数280000网络吞吐量450Mbps安全过滤带宽225Mbps用户数限制无用户数限制网络端口千兆以太网端口×4、快速以太网端口×1、SSM 扩展插槽×1控制端口consoleVPN支持支持入侵检测DoS管理思科安全管理器 (CS-Manager) ,Web安全标准UL 1950,CSA C22.2 No. 950,EN 60950 IEC 60950,AS/NZS3260,TS001电源100-240VAC，47/63Hz产品尺寸362×200.4×44.5mm产品重量9.07kg适用环境工作温度：0℃-40℃工作湿度：5%-95%(非冷凝)存储温度：-25℃-70℃存储湿度：5%-95% (非冷凝)其他性能既可以实现强大的安全保护，又可以避免在多个地点运行多个设备的高运行成本CISCO ASA5520-BUN-K9[参考价格] 24500元（含税）[商家名称] 天津双鑫汇 王博[联系方式] 022-[商家地址] 天津市南开区鞍山西道信诚大厦2402[店铺链接] 以上报价均为实际购买价格，请各位网友购买时仔细验机确保质量，以保证消费者权益，如果您发现本文中的经销商给出的报价与文中不符，请拨打投诉电话010-2（此电话为投诉专用，概不接受产品咨询或者价格咨询等服务），我们将根据投诉进行调查。由于产品价格变化较快，如非特殊说明，本行情文章的有效期为7天。了解更多精品行情，敬请关注官方微博 @中关村在线全国行情
本周热门应用推荐阅读次数:268
下载次数:0
免责声明：本案例仅供参考不提供专业意见。}