Basic information:
WAN: 221.221.147.195 Gateway: 221.221.147.200 LAN: 192.168.0.1
There is a server in the Intranet, and the address is 192.168.0.10 port: 8089
Fault description: The Intranet can be normally connected to the server, and the Internet cannot be connected. Port ing has a problem.
Solution: a command line error has been fixed.
Key Issue: Use "static (inside, outside) 221.221.147.195 192.168.0.10 tcp 8089" ing.
The current configuration is as follows:
ASA Version 7.2 (2)
!
Hostname ciscoasa
Enable password 8Ry2YjIyt7RRXU24 encrypted
Names
!
Interface Vlan1
Nameif inside
Security-level 100
Ip address 192.168.0.1 255.255.255.0
!
Interface Vlan2
Nameif outside
Security-level 0
Ip address 221.221.147.195 255.255.255.252
!
Interface Ethernet0/0
Switchport access vlan 2
!
Interface Ethernet0/1
!
Interface Ethernet0/2
!
!
Interface Ethernet0/4
!
Interface Ethernet0/5
!
Interface Ethernet0/6
!
Interface Ethernet0/7
!
Passwd 2KFQnbNIdI. 2 KYOU encrypted
Ftp mode passive
Access-list 101 extended permit tcp any host 221.221.147.195 eq 8089
Access-list 101 extended permit icmp any
Access-list 101 extended permit tcp any
Access-list 101 extended permit udp any
Pager lines 24
Logging asdm informational
Mtu inside 1500
Mtu outgoing side 1500
Icmp unreachable rate-limit 1 burst-size 1
No asdm history enable
Arp timeout 14400
Global (outside) 1 interface
Static (inside, outside) 221.221.147.195 192.168.0.10 netmask 255.255.255.255 tcp 8089 0
Access-group 101 in interface outside
Route outside 0.0.0.0 0.0.0.0 221.221.147.200 1
Timeout xlate 3:00:00
Timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
Timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
Timeout uauth 0:05:00 absolute
Http server enable
No snmp-server location
No snmp-server contact
Snmp-server enable traps snmp authentication linkup linkdown coldstart
Telnet timeout 5
Ssh timeout 5
Console timeout 0
Dhcpd auto_config outside
!
!
Class-map inspection_default
Match default-inspection-traffic
!
Policy-map type inspect dns preset_dns_map
Parameters
Message-length max imum 512
Policy-map global_policy
Class inspection_default
Inspect dns preset_dns_map
Inspect ftp
Inspect h323 h225
Inspect h323 ras
Inspect rsh
Inspect rtsp
Inspect esmtp
Inspect sqlnet
Inspect skinny
Inspect sunrpc
Inspect xdmcp
Inspect sip
Inspect netbios
Inspect tftp
!
Service-policy global_policy global
Prompt hostname context
Cryptochecksum: 30e219cbc04a4c919e7411de55e14a64
: End
Ciscoasa (config )#
------------------------------------------------------------
When looking for a solution, some friends made an important prompt, using: static (inside, outside) int 192.168.0.10 tcp 8089 for ing, but there is a warning:
WARNING: static redireting all traffics at outside interface;
WARNING: all services terminating at outside interface are disabled.
Later, I changed the command to static (inside, outside) 221.221.147.195 192.168.0.10 tcp 8089.