access-list inside extended permit ip 172.30.166.0 255.255.255.0 any
access-list inside extended deny ip any any
access-list outside extended permit ip any 192.168.1.0 255.255.255.0
access-list outside extended permit tcp any host 172.30.166.204 eq https
access-list outsite extended permit ip any host 172.30.166.204
access-list outsite extended deny ip any any
4.アクセスグループ(インターフェイス適用)設定
access-group outside in interface outside
access-group inside in interface inside
確認コマンド
# show xlate
2 in use, 3 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
TCP PAT from management:172.30.166.204 443-443 to outside:192.168.1.1 10443-10443
flags sr idle 0:00:05 timeout 0:00:00
TCP PAT from management:172.30.166.205 443-443 to outside:192.168.1.1 11443-11443
flags sr idle 0:07:47 timeout 0:00:00
# show nat detail
Auto NAT Policies (Section 2)
1 (inside) to (outside) source static TEST_1 interface service tcp https 10443
translate_hits = 0, untranslate_hits = 1348
Source - Origin: 172.30.166.204/32, Translated: 192.168.1.1/24
Service - Protocol: tcp Real: https Mapped: 10443
2 (inside) to (outside) source static TEST_2 interface service tcp https 11443
translate_hits = 0, untranslate_hits = 50
Source - Origin: 172.30.166.205/32, Translated: 192.168.1.1/24
Service - Protocol: tcp Real: https Mapped: 11443
コメント