ممكن مساعده في برمجة جهاز asa5510

**insert** · 22-09-2011, 22:18

السلام عليكم
اخواني انا لديه جهاز cisco asa 5510 ولكن بي نقص واعتقد في NAT واخطاء ممكن حد يحلياه وجزاكم كل خير
ciscoasa>
ciscoasa>
ciscoasa>
ciscoasa> en
Password: ********
Invalid password
Password: *****
ciscoasa# sh ru
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 172.16.2.11 Application-Server
name 172.16.2.10 Oracle-Server
name 172.16.3.0 VLAN3-Voice
name 172.16.4.0 VLAN4-Internet
name 172.16.2.0 VLAN2-Servers
name 172.16.8.0 VLAN8-Users
name 172.16.3.100 VTC-Private
name 172.16.0.0 Internal-Network
name 172.16.2.5 Exchange-Private
name 123.123.123.126 VTC-Public
name 123.123.123.125 Exchange-Public
name 123.123.123.124 Application-Public
name 172.16.1.0 VLAN1-CiscoDevice
!
interface Ethernet0/0
description "Connected to Core Switch port g4/1"
nameif inside
security-level 100
ip address 172.16.100.1 25net0/1
description "Connected to Core Switch port g4/2"
nameif outside
security-level 0
ip address 123.123.123.123 255.255.255.240
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
object-group network Internet-Group
network-object VLAN1-CiscoDevice 255.255.255.0
network-object VLAN2-Servers 255.255.255.0
network-object VLAN4-Internet 255.255.252.0
network-object host VTC-Private
object-group service Exchange-Services
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service Necessary-Traffic
service-object icmp echo
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq sip
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq h323
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object tcp destination eq telnet
service-object tcp
service-object icmp echo-reply
service-object tcp destination eq echo
service-object icmp
access-list 200 extended permit tcp any any eq www
access-list 200 extended permit tcp any any eq https
access-list 200 extended permit tcp any any eq 8080
access-list Inside_access_in extended permit object-group Necessary-Traffic obje
ct-group Internet-Group any
access-list outside_access_in extended permit icmp any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group Inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 123.123.123.122 1
route inside Internal-Network 255.255.0.0 172.16.100.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password Sbnb3ErjQF6z6mO/ encrypted
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:795a6f39f8386f06bfe5e24388ee2f89
: end
ciscoasa#

**sherif-magdy** · 23-09-2011, 00:15

لا ارى اى اعدادات لل NAT
اخبرنى كيف تريد ان تقوم بتطبيق النات و انا اكتب لك الاوامر

**insert** · 24-09-2011, 10:58

السلام عليكم....
اخي ارجو مراجعته ومعرفه النقص . كذلك الـ NAT انا شخص اخبرني بان الNAT غير موجوده
انا اريد ان اجعل الجهاز asa تطبق عليه هذا الكونفكريشن لان انا لدي شبكه في شركه وبها سيرفرات وحاسبات وشكراً

**sherif-magdy** · 25-09-2011, 00:36

طيب هو ايه نوع النات الذى تريده ؟

لو انت عايز تعمل نات لاى حد يخرج من ال Outside انترفيس طبق الاتى :-
nat (inside) 1 0 0
global (outside) 1 interface

وبكده اى حد هيحاول يخرج هيأخد الاى بى الخاص بالانترفيس

لو فيه تفاصيل اخرى تريدها اخبرنى بها