啓動NAT控制,配置NAT規則實現:配置動態NAT實現R1訪問R3
配置NAT豁免實現R1和R2互訪
配置靜態NAT實現R3訪問R2
ASA(config)# interface ethernet 0/0
ASA(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ASA(config-if)# ip address 172.16.1.2 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# interface ethernet 0/1
ASA(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ASA(config-if)# ip address 10.1.1.2 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# interface ethernet 0/2
ASA(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ASA(config-if)# security-level 50
ASA(config-if)# ip address 192.168.1.2 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 192.168.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 172.16.1.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
ASA(config)# nat (inside) 1 10.1.1.0 255.255.255.0
ASA(config)# global (outside) 1 172.16.1.5-172.16.1.10
ASA(config)# nat-control
ASA(config)# nat (inside) 0 10.1.1.0 255.255.255.0
nat 0 10.1.1.0 will be identity translated for outbound
ASA(config)# nat (dmz) 0 192.168.1.0 255.255.255.0
nat 0 192.168.1.0 will be identity translated for outbound
ASA(config)# access-list 100 permit tcp host 192.168.1.1 host 10.1.1.1
ASA(config)# access-group 100 in interface dmz
ASA(config)# static (dmz,outside) 172.16.1.100 192.168.1.1
ASA(config)# access-list 100 permit ip host 172.16.1.1 host 172.16.1.100
ASA(config)# access-group 100 in interface outside
R3#telnet 172.16.1.100
Trying 172.16.1.100 ... Open
Password required, but none set