PIX7.2下的静态地址转换 映射

用于发布DMZ的服务

 

实验预配置

inside路由器的配置

interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!

ip route 0.0.0.0 0.0.0.0 192.168.10.254

line vty 0 4
no login
!

outside路由器的配置
interface FastEthernet0/0
ip address 218.18.100.1 255.255.255.0
duplex auto
speed auto
!

ip route 0.0.0.0 0.0.0.0 218.18.100.254

line vty 0 4
no login
!

DMZ路由器的配置

interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!

ip route 0.0.0.0 0.0.0.0 10.1.1.254

line vty 0 4
no login
!

PIX上的配置

interface Ethernet0
nameif outside
security-level 0
ip address 218.18.100.254 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
!
interface Ethernet2
nameif DMZ
security-level 50
ip address 10.1.1.254 255.255.255.0
!

DNZ服务发布，本次用telnet测试

static (dmz,outside) 218.18.1.253 10.1.1.1 netmask 255.255.255.255

access-list OUT_ACL extended permit tcp any host 218.18.1.253 eq telnet

access-group OUT_ACL in interface outside

 配置之后会有条静态的xlate

pixfirewall# sho xlate
1 in use, 1 most used
Global 218.18.1.253 Local 10.1.1.1

在外部测试

R3_Outeside#telnet 218.18.1.253
Trying 218.18.1.253 ... Open

R2_DMZ>