防火墙基本配置文档PIX_ASA.pdfVIP

PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access−list Commands Document ID: 63872 Introduction Prerequisites Requirements Components Used Related Products Conventions Network Diagram Initial Configuration Allow Outbound Access Allow Inside Hosts Access to Outside Networks with NAT Allow Inside Hosts Access to Outside Networks with the use of PAT Restrict Inside Hosts Access to Outside Networks Allow Untrusted Hosts Access to Hosts on Your Trusted Network Use ACLs on PIX Versions 7.0 and Later Disable NAT for Specific Hosts/Networks Port Redirection(Forwarding) with Statics Network Diagram − Port Redirection(Forwarding) Partial PIX Configuration − Port Redirection Limit TCP/UDP Session using Static Time Based Access List Information to Collect if You Open a Technical Support Case NetPro Discussion Forums − Featured Conversations Related Information Introduction In order to maximize security when you implement Cisco PIX Security Appliance version 7.0, it is important to understand how packets pass between higher security interfaces and lower security interfaces when you use the nat−control, nat, global, static, access−list and access−group commands. This document explains the differences between these commands and how to configure Port Redirection(Forwarding) and the outside Network Address Translation (NAT) features in PIX software version 7.x, with the use of the command line interface or the Adaptive Security Device Manager (ASDM). Note: Some options in ASDM 5.2 and later can appear different than the options in ASDM 5.1. Refer to the ASDM documentation for more information. Prerequisites Requirements Refer to Allowing HTTPS Access for ASDM in order to allow the device to be configu