Depois de adicionar o Cisco ASA5550, meu servidor não pode acessar a internet
1
Aqui está minha infra-estrutura de rede.
há um problema na minha rede.
o servidor M, A, B, C, D tem endereço IP público. as pessoas que estão fora da minha rede podem fazer ping no servidor M em qualquer lugar, mas não podem acessar o servidor M. servidor M pode pingar qualquer endereço IP na internet, mas não pode acessar nenhum ip que esteja fora da minha rede.
o servidor M pode acessar o Servidor A, B, C, D e A, B, C, D também pode acessar M. A, B, C, D funciona bem. as pessoas podem acessá-los em qualquer lugar.
quando eu troco A e M na minha rede. Eu apenas mudo a informação do ip neles. o novo A funciona bem. então eu tenho certeza que a configuração do servidor M está OK.
Meu problema é sobre o Servidor M. Acho que há algo errado no ASA5550, mas não tenho idéia com essa situação. Parece que o ASA5550 não pode fazer nada no servidor M. eles estão na mesma rede.
Obrigado.
Aqui está o as5550 configure. por razões de segurança, eu escondi o ip real:
**asa01# sh config**
: Saved
: Written by admin at 17:03:21.222 PST Thu Jan 3 2013
!
ASA Version 8.4(3)
!
hostname asa01
domain-name abcd.com
enable password r7t8ty9u0io encrypted
passwd s8d8r7u5k3j encrypted
names
!
interface GigabitEthernet0/0
duplex full
nameif outside
security-level 0
ip address *.*.*.162 255.255.255.248
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
nameif LAN_IDC
security-level 50
ip address 192.168.10.5 255.255.255.0
!
interface GigabitEthernet0/3
duplex full
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
interface GigabitEthernet1/0
nameif wxc_webservice
security-level 50
ip address *.*.*.1 255.255.255.0
!
interface GigabitEthernet1/1
nameif wxc_ecommerce
security-level 50
ip address *.*.*.1 255.255.255.0
!
interface GigabitEthernet1/2
shutdown
nameif wxc_hosting
security-level 50
ip address *.*.*.193 255.255.255.192
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.1
domain-name abcd.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network 10.x.x.x
subnet 10.0.0.0 255.0.0.0
object network 172.16.x.x-172.31.x.x
subnet 172.16.0.0 255.240.0.0
object network 192.168.x.x
subnet 192.168.0.0 255.255.0.0
object network localhosts-192.168.10.x
subnet 192.168.10.0 255.255.255.0
object network office_gateway
host *.*.*.*
object-group service webmin tcp
description web base management
port-object eq 10000
object-group network privateNetworks
network-object object 10.x.x.x
network-object object 172.16.x.x-172.31.x.x
network-object object 192.168.x.x
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
service-object udp destination eq domain
object-group network China
description Some unfriendly IP
network-object 1.192.0.0 255.248.0.0
object-group network HOST
description Outside Servers
object-group network HighHit
network-object 1.224.0.0 255.224.0.0
network-object 126.19.86.0 255.255.255.0
network-object host 175.124.121.53
network-object host 182.16.11.4
network-object host 219.90.122.125
network-object host 50.46.148.219
network-object host 70.31.17.70
network-object host 76.65.157.22
network-object host 85.92.159.84
object-group network Trusted
network-object object office_gateway
object-group network BlackList
group-object HighHit
group-object privateNetworks
object-group service mysql tcp
port-object eq 3306
object-group service DM_INLINE_TCP_1 tcp
group-object mysql
port-object eq ftp
port-object eq ftp-data
access-list local extended permit ip any any log errors
access-list wxc_webservice_access_in extended deny ip object-group privateNetworks any
access-list wxc_webservice_access_in extended permit ip *.*.*.0 255.255.255.0 any log errors
access-list wxc_webservice_access_in extended permit ip object-group HOST any
access-list wxc_hosting_access_in extended deny ip object-group privateNetworks any
access-list wxc_hosting_access_in extended permit ip *.*.*.192 255.255.255.192 any log errors
access-list wxc_hosting_access_in extended permit ip object-group HOST any
access-list wxc_ecommerce_access_in extended deny ip object-group privateNetworks any
access-list wxc_ecommerce_access_in extended permit ip *.*.*.0 255.255.255.0 any log errors
access-list wxc_ecommerce_access_in extended permit ip object-group HOST any
access-list outside_access_in extended deny ip object-group BlackList any log errors
access-list outside_access_in extended permit tcp object-group HOST any object-group DM_INLINE_TCP_1 log errors
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any log errors
access-list outside_access_in extended permit icmp any any log errors inactive
access-list LAN_IDC_access_in extended permit ip object localhosts-192.168.10.x any
access-list global_access extended permit ip object-group Trusted any
pager lines 24
logging enable
logging monitor emergencies
logging trap warnings
logging asdm emergencies
mtu outside 1500
mtu LAN_IDC 1500
mtu management 1500
mtu wxc_webservice 1500
mtu wxc_ecommerce 1500
mtu wxc_hosting 1500
ip verify reverse-path interface outside
ip verify reverse-path interface wxc_webservice
ip verify reverse-path interface wxc_ecommerce
ip verify reverse-path interface wxc_hosting
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 60
nat (LAN_IDC,outside) source static any any unidirectional
nat (LAN_IDC,wxc_ecommerce) source static any any unidirectional
nat (LAN_IDC,wxc_hosting) source static any any unidirectional
nat (LAN_IDC,wxc_webservice) source static any any unidirectional
access-group outside_access_in in interface outside
access-group LAN_IDC_access_in in interface LAN_IDC
access-group wxc_webservice_access_in in interface wxc_webservice
access-group wxc_ecommerce_access_in in interface wxc_ecommerce
access-group wxc_hosting_access_in in interface wxc_hosting
access-group global_access global
route outside 0.0.0.0 0.0.0.0 *.*.*.161 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.10.0 255.255.255.0 LAN_IDC
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 LAN_IDC
ssh timeout 30
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 69.25.96.13 source outside
ntp server 216.75.62.9 source outside
ntp server 216.171.124.36 source outside
ntp server 24.56.178.140 source outside
webvpn
username admin password s7d7f8gh9kie4 encrypted privilege 15
!
!
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:77568a5955343072d670a4b1cfdeaaf2
por Wallace
04.01.2013 / 03:15
0 respostas
Tags networking