从 Cisco ASA 上的 DMZ 接口访问内部 VLAN

网络工程 局域网 思科-ASA
2022-02-20 18:27:14

我已经在我的 dmz2 接口上设置了一台测试机。我需要访问核心 L3 上配置的内部 VLAN,该 VLAN 具有从 ASA 到核心 L3 的路由。以下是 ASA 上的基本配置:

例如,我需要从 172.25.36.10(源 DMZ2)访问 172.26.119.x(局域网内)。

interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address <public ip> 255.255.255.224 
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 172.26.72.2 255.255.255.0 
!
interface GigabitEthernet0/2
 description ASA DMZ 1
 nameif DMZ1
 security-level 50
 ip address 172.25.43.1 255.255.255.0 
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 description TEST_INT
 nameif DMZ2
 security-level 60
 ip address 172.25.36.1 255.255.255.0 
!
access-list Test_DMZ standard permit host 172.25.36.10 
access-list DMZ2_RemoteTest extended permit ip object-group obj_172.25.36.0_24 object-group TiVo_NT 

access-group DMZ2_RemoteTest in interface DMZ2
route outside 0.0.0.0 0.0.0.0 164.164.95.33 1
route inside 172.25.33.12 255.255.255.255 172.26.72.1 1
route inside 172.25.33.52 255.255.255.255 172.26.72.1 1
route inside 172.25.35.0 255.255.255.0 172.26.72.1 1
route inside 172.26.78.0 255.255.255.0 172.26.72.1 1
route inside 172.26.88.0 255.255.255.0 172.26.72.1 1
route inside 172.26.90.0 255.255.255.0 172.26.72.1 1
route inside 172.26.94.0 255.255.255.0 172.26.72.1 1
route inside 172.26.96.0 255.255.255.0 172.26.72.1 1
route inside 172.26.102.0 255.255.255.0 172.26.72.1 1
route inside 172.26.104.0 255.255.255.0 172.26.72.1 1
route inside 172.26.108.0 255.255.255.0 172.26.72.1 1
route inside 172.26.110.0 255.255.255.0 172.26.72.1 1
route inside 172.26.112.0 255.255.255.0 172.26.72.1 1
route inside 172.26.114.0 255.255.254.0 172.26.72.1 1
route inside 172.26.119.0 255.255.255.0 172.26.72.1 1
route inside 172.26.142.0 255.255.255.0 172.26.72.1 1
route inside 172.26.148.0 255.255.255.0 172.26.72.4 1
route inside 172.26.150.0 255.255.255.0 172.26.72.1 1
route inside 172.26.156.0 255.255.255.0 172.26.72.1 1
route inside 172.26.157.0 255.255.255.0 172.26.72.1 1
route inside 172.26.158.0 255.255.255.0 172.26.72.4 1
route inside 172.26.162.0 255.255.254.0 172.26.72.4 1
route inside 172.26.166.0 255.255.255.0 172.26.72.1 1
route inside 172.26.168.0 255.255.255.0 172.26.72.4 1
route inside 172.26.172.0 255.255.255.0 172.26.72.1 1
route inside 172.26.174.0 255.255.255.0 172.26.72.1 1
route inside 172.26.178.0 255.255.255.0 172.26.72.1 1
route inside 192.168.105.0 255.255.255.0 172.26.72.3 1
route inside 192.168.123.15 255.255.255.255 172.26.72.1 1
route inside 192.168.123.230 255.255.255.255 172.26.72.1 1
route inside 192.168.149.0 255.255.255.0 172.26.72.1 1
0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇通过SSH隧道HTTP请求 下一篇vMX L3 MPLS VPN 路由不在转发表中