网络结构:ADSL专线—PIX 515E—三层交换电信给的IP:61.x.x.42-46, 子网掩码:255.255.255.248,网关:61.x.x.41。
515E 内网IP:192.168.6.254,子网掩码:255.255.255.0,网关:192.168.6.250
要求:外网61.x.x.45的110、25、80端口映射到内网192.168.3.1的110、25、80端口;外网61.x.x.46的1234端口映射到内网192.168.1.1的4321端口。
现在的故障:若PIX 515E outside设置为61.x.x.46,PIX 515E断电重启后常出现(不是每一次)61.x.x.45的映射失败,61.x.x.46的映射正常,此时将outside改为61.x..x..45后45、46的映射都正常,再改回46也都正常;若PIX 515E outside设置为61.x.x.45,PIX 515E断电重启后常出现61.x.x.46的映射失败,61.x.x.45的映射正常,此时将outside改为61.x..x..46后45、46的映射都正常,再改回45也都正常;若outside设置为42或43或44断电重启后45、46两个映射都失败,outside改一下就都正常了。
请高手帮忙诊断一下问题出在哪里?
附设置表:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 7fmeOrFDZG9pW9K5 encrypted
passwd 7fmeOrFDZG9pW9K5 encrypted
hostname pix
domain-name xxx.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list 100 permit tcp any host 61.x.x.45 eq www
access-list 100 permit tcp any host 61.x.x.45 eq smtp
access-list 100 permit tcp any host 61.x.x.45 eq pop3
access-list 100 permit tcp any host 61.x.x.46 eq 1234
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any any eq https
access-list 101 permit tcp any any eq www
access-list 101 deny tcp any any
access-list 101 deny ip any any
access-list 101 deny icmp any any
access-list 101 deny igmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 61.x.x.45 255.255.255.248
ip address inside 192.168.6.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.21.0 255.255.255.0 inside
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 61.x.x.46 1234 192.168.1.1 4321 netmask 255.255.255.255 0 0
static (inside,outside) tcp 61.x.x.45 smtp 192.168.3.1 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp 61.x.x.45 pop3 192.168.3.1 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp 61.x.x.45 www 192.168.3.1 www netmask 255.255.255.255 0 0
access-group 100 in interface outside
access-group 101 in interface inside
route outside 0.0.0.0 0.0.0.0 61.x.x.41 1
route inside 192.168.0.0 255.255.0.0 192.168.6.250 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.3.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:a0515eee9694ba7fe92cc2ac85f891d3
请高手帮忙解答,万分感谢!自己顶我看你就是高手了。我 现在手中有台pix515e,但我不知道怎么下手?唉,我晕!access-list 100 permit tcp any host 61.x.x.45 eq www ---》什么意思?mtu outside 1500 ---------------------------------------》什么意思?
nat (inside) 10 0.0.0.0 0.0.0.0 0 0 -----------------------》0 0 代表什么?
请解答,我是新手,虚心向你请教 !谢谢!
[ 关闭窗口 ]