После добавления Cisco ASA5550 мой сервер не может получить доступ к Интернету

Вот моя сетевая инфраструктура.

введите описание здесь

в моей сети проблема

Сервер M,A,B,C,D имеет публичный IP-адрес. люди, находящиеся вне моей сети, могут пинговать сервер M в любом месте, но они не могут получить доступ к серверу M. сервер M может пинговать любой ip-адрес в Интернете, но он не может получить доступ к любому ip-адресу, который находится за пределами моей сети.

Сервер M может получить доступ к серверу A, B, C, D и A, B, C, D также может получить доступ к M. A, B, C, D работает хорошо. люди могут получить к ним доступ в любом месте.

когда я обмениваю А и М в моей сети. Я просто меняю информацию о ip на них. новый А работает отлично. поэтому я убедился, что с настройкой сервера М все в порядке.

Моя проблема связана с сервером М. Я думаю, что на ASA5550 что-то не так, но я не имею ни малейшего представления об этой ситуации. Похоже, ASA5550 не может ничего сделать на сервере М. они находятся в одной сети.

Благодарю.

Вот как настроить asa5550. по соображениям безопасности я скрыл настоящий ip:

**asa01# sh config**
: Saved
: Written by admin at 17:03:21.222 PST Thu Jan 3 2013
!
ASA Version 8.4(3) 
!

hostname asa01
domain-name abcd.com
enable password r7t8ty9u0io encrypted
passwd s8d8r7u5k3j encrypted
names
!
interface GigabitEthernet0/0
 duplex full
 nameif outside
 security-level 0
 ip address *.*.*.162 255.255.255.248 
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 nameif LAN_IDC
 security-level 50
 ip address 192.168.10.5 255.255.255.0 
!
interface GigabitEthernet0/3
 duplex full
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
interface GigabitEthernet1/0
 nameif wxc_webservice
 security-level 50
 ip address *.*.*.1 255.255.255.0 
!
interface GigabitEthernet1/1
 nameif wxc_ecommerce
 security-level 50
 ip address *.*.*.1 255.255.255.0 
!
interface GigabitEthernet1/2
 shutdown
 nameif wxc_hosting
 security-level 50
 ip address *.*.*.193 255.255.255.192 
!
interface GigabitEthernet1/3
 shutdown
 no nameif
 no security-level
 no ip address
!
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 4.2.2.1
 domain-name abcd.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network 10.x.x.x
 subnet 10.0.0.0 255.0.0.0
object network 172.16.x.x-172.31.x.x
 subnet 172.16.0.0 255.240.0.0
object network 192.168.x.x
 subnet 192.168.0.0 255.255.0.0
object network localhosts-192.168.10.x
 subnet 192.168.10.0 255.255.255.0
object network office_gateway
 host *.*.*.*

object-group service webmin tcp
 description web base management
 port-object eq 10000
object-group network privateNetworks
 network-object object 10.x.x.x
 network-object object 172.16.x.x-172.31.x.x
 network-object object 192.168.x.x
object-group service DM_INLINE_SERVICE_1
 service-object tcp destination eq domain 
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object udp destination eq domain 
object-group network China
 description Some unfriendly IP
 network-object 1.192.0.0 255.248.0.0
object-group network HOST
 description Outside Servers
object-group network HighHit
 network-object 1.224.0.0 255.224.0.0
 network-object 126.19.86.0 255.255.255.0
 network-object host 175.124.121.53
 network-object host 182.16.11.4
 network-object host 219.90.122.125
 network-object host 50.46.148.219
 network-object host 70.31.17.70
 network-object host 76.65.157.22
 network-object host 85.92.159.84
object-group network Trusted
 network-object object office_gateway
object-group network BlackList
 group-object HighHit
 group-object privateNetworks
object-group service mysql tcp
 port-object eq 3306
object-group service DM_INLINE_TCP_1 tcp
 group-object mysql
 port-object eq ftp
 port-object eq ftp-data
access-list local extended permit ip any any log errors 
access-list wxc_webservice_access_in extended deny ip object-group privateNetworks any 
access-list wxc_webservice_access_in extended permit ip *.*.*.0 255.255.255.0 any log errors 
access-list wxc_webservice_access_in extended permit ip object-group HOST any 
access-list wxc_hosting_access_in extended deny ip object-group privateNetworks any 
access-list wxc_hosting_access_in extended permit ip *.*.*.192 255.255.255.192 any log errors 
access-list wxc_hosting_access_in extended permit ip object-group HOST any 
access-list wxc_ecommerce_access_in extended deny ip object-group privateNetworks any 
access-list wxc_ecommerce_access_in extended permit ip *.*.*.0 255.255.255.0 any log errors 
access-list wxc_ecommerce_access_in extended permit ip object-group HOST any 
access-list outside_access_in extended deny ip object-group BlackList any log errors 
access-list outside_access_in extended permit tcp object-group HOST any object-group DM_INLINE_TCP_1 log errors 
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any log errors 
access-list outside_access_in extended permit icmp any any log errors inactive 
access-list LAN_IDC_access_in extended permit ip object localhosts-192.168.10.x any 
access-list global_access extended permit ip object-group Trusted any 
pager lines 24
logging enable
logging monitor emergencies
logging trap warnings
logging asdm emergencies
mtu outside 1500
mtu LAN_IDC 1500
mtu management 1500
mtu wxc_webservice 1500
mtu wxc_ecommerce 1500
mtu wxc_hosting 1500
ip verify reverse-path interface outside
ip verify reverse-path interface wxc_webservice
ip verify reverse-path interface wxc_ecommerce
ip verify reverse-path interface wxc_hosting
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 60
nat (LAN_IDC,outside) source static any any unidirectional
nat (LAN_IDC,wxc_ecommerce) source static any any unidirectional
nat (LAN_IDC,wxc_hosting) source static any any unidirectional
nat (LAN_IDC,wxc_webservice) source static any any unidirectional
access-group outside_access_in in interface outside
access-group LAN_IDC_access_in in interface LAN_IDC
access-group wxc_webservice_access_in in interface wxc_webservice
access-group wxc_ecommerce_access_in in interface wxc_ecommerce
access-group wxc_hosting_access_in in interface wxc_hosting
access-group global_access global
route outside 0.0.0.0 0.0.0.0 *.*.*.161 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
aaa authorization command LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.10.0 255.255.255.0 LAN_IDC
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 LAN_IDC
ssh timeout 30
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 69.25.96.13 source outside
ntp server 216.75.62.9 source outside
ntp server 216.171.124.36 source outside
ntp server 24.56.178.140 source outside
webvpn
username admin password s7d7f8gh9kie4 encrypted privilege 15
!
!
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context 
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email [email protected]
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:77568a5955343072d670a4b1cfdeaaf2

0 ответов

Другие вопросы по тегам