科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网网络频道CBAC and NAT配置举例

CBAC and NAT配置举例

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

来源:路由器技术资讯网 2008年6月10日

关键字: NAT 网络地址转换 什么是nat

  • 评论
  • 分享微博
  • 分享邮件
[[The No.x Picture.]]
  3640 Router
  Current configuration:
  !
  version 12.0
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname sec-3640
  !
  aaa new-model
  aaa group server tacacs+ RTP
  server 171.68.120.214
  !
  aaa authentication login default group RTP none
  aaa authorization exec default group RTP none
  aaa authorization auth-proxy default group RTP
  enable secret 5 $1$pqRI$3TDNFT9FdYT8Sd/q3S0VU1
  enable password ww
  !
  ip subnet-zero
  !
  ip inspect name myfw cuseeme timeout 3600
  ip inspect name myfw ftp timeout 3600
  ip inspect name myfw http timeout 3600
  ip inspect name myfw rcmd timeout 3600
  ip inspect name myfw realaudio timeout 3600
  ip inspect name myfw smtp timeout 3600
  ip inspect name myfw sqlnet timeout 3600
  ip inspect name myfw streamworks timeout 3600
  ip inspect name myfw tftp timeout 30
  ip inspect name myfw udp timeout 15
  ip inspect name myfw tcp timeout 3600
  ip inspect name myfw vdolive
  ip auth-proxy auth-proxy-banner
  ip auth-proxy auth-cache-time 10
  ip auth-proxy name list_a http
  ip audit notify log
  ip audit po max-events 100
  cns event-service server
  !
  interface FastEthernet0/0
  ip address 40.31.1.144 255.255.255.0
  ip access-group 116 in
  no ip directed-broadcast
  ip nat outside
  ip auth-proxy list_a
  no ip route-cache
  no ip mroute-cache
  speed auto
  half-duplex
  no mop enabled
  !
  interface FastEthernet1/0
  ip address 10.14.14.14 255.255.255.0
  no ip directed-broadcast
  ip nat inside
  ip inspect myfw in
  speed auto
  half-duplex
  no mop enabled
  !
  ! --- (interfaces deleted)
  !
  nat pool outsidepool 40.31.1.50 40.31.1.60 netmask 255.255.255.0
  ip nat inside source list 1 pool outsidepool
  ip nat inside source static 10.14.14.15 40.31.1.77
  ip classless
  ip route 0.0.0.0 0.0.0.0 40.31.1.1
  ip route 171.68.118.0 255.255.255.0 40.31.1.1
  ip route 171.68.120.0 255.255.255.0 40.31.1.1
  no ip http server
  !
  access-list 116 permit tcp host 171.68.118.143 host 40.31.1.144 eq www
  access-list 116 deny tcp host 171.68.118.143 any
  access-list 116 deny udp host 171.68.118.143 any
  access-list 116 deny icmp host 171.68.118.143 any
  access-list 116 permit icmp any any
  access-list 116 permit tcp any any
  access-list 116 permit udp any any
  dialer-list 1 protocol ip permit
  dialer-list 1 protocol ipx permit
  !
  tacacs-server host 171.68.120.214
  !
  line con 0
  transport input none
  line aux 0
  line vty 0 4
  password ww
  !
  end
    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章