Open a loopback port on the outside:
Lo 0 1.1.1.1
Open a loopback port on the inside:
Lo 0 2.2.2.2
Allow 2.2.2.2--1.1.1.1 to Ping, Telnet
ASA configuration:
Route Outside 1.1.1.1 255.255.255.255 202.100.1.1 1
Route Inside 2.2.2.2 255.255.255.255 10.1.1.1 1
Access-list out_in Permit TCP any host 2.2.2.2 eq telnet
access-list out_in permit ICMP host 1.1.1.1 host 2.2.2.2
Access-group out_in in Interface Outside
Test:
Outside.r1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
inside.r2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The test failed.
By grasping the packet analysis:
650) this.width=650; "height=" 283 "src=" http://b119.photo.store.qq.com/psb?/dd6cf90d-9cf5-423f-a387-c4b5be2610ea/ e9eejzxoxztdd28n6bzjcwqrsmmhbiy4ofrji4.s7yw!/b/dfha.0zbbqaa&ek=1&kp=1&pt=0&bo=igmnaqaaaaabaig! &t=5&su=0239992865&sce=0-12-12&rf=2-9 "width=" 870 "style=" margin:0px;padding:0px;border-width:0 px;border-style:none;vertical-align:top;width:847px;height:275.518px; "Alt=" dfha.0zbbqaa&ek=1&kp=1& Pt=0&bo=igmnaqaaa "/>
Found SRC is 202.100.1.1
Immediately understand:
outside.r1#ping 2.2.2.2 Source Loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 16/25/40 ms
Inside.r2#ping 1.1.1.1 Source Loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is percent (5/5), round-trip Min/avg/max = 16/29/52 ms
650) this.width=650; "height=" 267 "src=" http://b120.photo.store.qq.com/psb?/dd6cf90d-9cf5-423f-a387-c4b5be2610ea/ dlvozczlscdjzhctoecwxopask19azfbmwrbrivvjoq!/b/dgpjlecbagaa&ek=1&kp=1&pt=0&bo=rwmiaqaaaaabakg! &t=5&su=0236836369&sce=0-12-12&rf=2-9 "width=" 870 "style=" margin:0px;padding:0px;border-width:0 px;border-style:none;vertical-align:top;width:847px;height:259.941px; "Alt=" dgpjlecbagaa&ek=1&kp=1& Pt=0&bo=rwmiaqaaa "/>
This article from "Fan tea" blog, declined reprint!
ASA Firewall Experiment (II)