Cisco ASA 8.4 (5) Service port forwarding configuration and tin melt letter, USG configuration diagram
The hottest day in Beijing was invited to debug a ASA5540. The demand is simple, with 10 people surfing the Internet, and the other is VMware external services, that is, tcp443,tcp8443 and evil 4172. Because of the operators to Www,https and other services to restrict, need to apply separately, in order to facilitate so friends want to convert HTTPS to TCP8888 (this is how to make a fortune AH). The following is the configuration, because the version of the different find some information, are not all, so I will be the whole process of record for everyone to put forward criticism. Step one: Establish an intranet IP object object network 50.30_4172_UDP host 192.168.50.30 Object Network 50.30_8443 host 192.168.50.30 Object Network 50.30_443 host 192.168.50.30 object Network 50.30_22 Host 192.168.50.30 Object Network 50.30_4172_TCP host 192.168.50.30 Step two: conversion process Object Network 50.30_4172 NAT (inside,outside) static 202.202.202.202 service UDP 4172 4172 object n Etwork 50.30_8443 Nat (inside,outside) static 202.202.202.202 service TCP 8443 8443 object Network 50.30_443 Nat (Inside,outside) static 202.202.202.202 service TCP HTTPS 8888 Object Network 50.30_22 NAT (Inside,o utside) static 202.202.202.202 SERvice TCP SSH Object Network 50.30_4172_tcp nat (inside,outside) static 202.202.202.202 service TCP 4172 4 172 Step Three: Access list Access-list 101 extended permit TCP any host 192.168.5 0.30 eq 4172 access-list 101 extended permit UDP any host 192.168.50.30 eq 4172 access-list 101 Extended p Ermit TCP any host 192.168.50.30 EQ 8443 access-list 101 extended Permit TCP any host 202.202.202.202 eq 8888 Access-list 101 Extended Permit TCP any host 202.202.202.202 EQ 8443 access-list 101 Extended permit UDP any H OST 202.202.202.202 EQ 4172 access-list 101 extended Permit TCP any host 202.202.202.202 eq 4172 access-li St 101 Extended permit TCP any host 192.168.50.30 eq HTTPS fourth step: App list Acce Ss-group 101 in interface outside later tested, where 4172 ports were both TCP and UDP, unexpectedly. The list section is unexpected and belongs to the test results. The same application if the letter on the day of the configuration, a lot of convenience.
The name destination address for self-outside corresponds to 202.202.202.202,self corresponding to 192.168.50.30. Create a tcp8888.
在华为的USG上更加方便。
推荐有条件还是选择国产吧,确实方便很多。谢谢
Cisco ASA 8.4 (5) Service port forwarding configuration and tin melt letter, USG configuration diagram