cisco 506E防火牆,局域網內電腦連不到STATIC出去的外部地址。
配置如下。用<br>static (inside,outside) 218.4.205.150 10.0.0.2 netmask 255.255.255.255 0 0 <br>
static (inside,outside) 218.4.205.149 10.0.0.11 netmask 255.255.255.255 0 0<br>
static (inside,outside) 218.4.205.148 10.0.0.203 netmask 255.255.255.255 0 0<br>
為內網茉台電腦指定固定IP,問題是:<br>
1:內網內任一臺電腦都PING不到218.4.205.150(149,148),也連不上。卻能PING到其它公司的固定IP。<br>
2:其它公司的朋友也能PING到218.4.205.150(149,148).<br>
請幫忙分析,如何解決。謝謝<br>
<br>
<br>
ccandc(config)# sh conf<br>
: Saved<br>
: Written by enable_15 at 18:13:42.464 UTC Tue May 16 2006<br>
PIX Version 6.3(5)<br>
interface ethernet0 auto<br>
interface ethernet1 auto<br>
nameif ethernet0 outside security0<br>
nameif ethernet1 inside security100<br>
enable password 8Ry2YjIyt7RRXU24 encrypted<br>
passwd SLmIScw186k/ygud encrypted<br>
hostname ccandc<br>
domain-name 61.177.7.1<br>
fixup protocol dns maximum-length 512<br>
fixup protocol ftp 20<br>
fixup protocol ftp 21<br>
fixup protocol h323 h225 1720<br>
fixup protocol h323 ras 1718-1719<br>
fixup protocol http 80<br>
fixup protocol rsh 514<br>
fixup protocol rtsp 554<br>
fixup protocol sip 5060<br>
fixup protocol sip udp 5060<br>
fixup protocol skinny 2000<br>
fixup protocol smtp 25<br>
fixup protocol sqlnet 1521<br>
fixup protocol tftp 69<br>
names<br>
pager lines 24<br>
mtu outside 1500<br>
mtu inside 1500<br>
ip address outside 218.4.205.147 255.255.255.240<br>
ip address inside 10.0.0.254 255.0.0.0<br>
ip audit info action alarm<br>
ip audit attack action alarm<br>
pdm history enable<br>
arp timeout 14400<br>
global (outside) 1 218.4.205.151 netmask 255.255.255.240<br>
global (outside) 2 218.4.205.152 netmask 255.255.255.240<br>
global (outside) 3 218.4.205.153 netmask 255.255.255.240<br>
global (outside) 4 218.4.205.154 netmask 255.255.255.240<br>
nat (inside) 1 10.0.0.0 255.255.255.192 0 0<br>
nat (inside) 2 10.0.0.64 255.255.255.192 0 0<br>
nat (inside) 3 10.0.0.128 255.255.255.192 0 0<br>
nat (inside) 4 10.0.0.192 255.255.255.192 0 0<br>
static (inside,outside) 218.4.205.150 10.0.0.2 netmask 255.255.255.255 0 0<br>
static (inside,outside) 218.4.205.149 10.0.0.11 netmask 255.255.255.255 0 0<br>
static (inside,outside) 218.4.205.148 10.0.0.203 netmask 255.255.255.255 0 0<br>
conduit permit icmp any any<br>
conduit permit tcp host 218.4.205.150 eq www any<br>
conduit permit tcp host 218.4.205.150 eq ftp any<br>
conduit permit tcp host 218.4.205.150 eq smtp any<br>
conduit permit tcp host 218.4.205.150 eq pop3 any<br>
conduit permit tcp host 218.4.205.148 eq ftp any<br>
conduit permit tcp host 218.4.205.148 eq ftp-data any<br>
conduit permit tcp host 218.4.205.149 any<br>
route outside 0.0.0.0 0.0.0.0 218.4.205.145 1<br>
timeout xlate 1:00:00<br>
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00<br>
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00<br>
timeout sip-disconnect 0:02:00 sip-invite 0:03:00<br>
timeout uauth 0:05:00 absolute<br>
aaa-server TACACS+ protocol tacacs+<br>
aaa-server TACACS+ max-failed-attempts 3<br>
aaa-server TACACS+ deadtime 10<br>
aaa-server RADIUS protocol radius<br>
aaa-server RADIUS max-failed-attempts 3<br>
aaa-server RADIUS deadtime 10<br>
aaa-server LOCAL protocol local<br>
no snmp-server location<br>
no snmp-server contact<br>
snmp-server community public<br>
no snmp-server enable traps<br>
floodguard enable<br>
telnet timeout 5<br>
ssh timeout 5<br>
console timeout 0<br>
terminal width 80<br>
Cryptochecksum:77439790733445dcad8f138e9c173a8c<br>
ccandc(config)# *** 作者被禁止或删除 内容自动屏蔽 *** 连不到是属于正常的。如果需要在内网访问,那么你可以使用alias或内部的DNS进行解决。 确实如LZ所讲,只能通过别名或者DNS来解决此问题了!因为PIX515E 默认不支持双NAT转换!! 用alias的方式指令该如何写?我试了好多次都不行~~:Q PIX515E 默认不支持双NAT转换 路过看看,学习下
页:
[1]