1.console登录,配置接口
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
2.配置地址
ip address outside 172.19.1.249 255.255.255.0 【隐藏】
ip address inside 172.28.10.201 255.255.255.0 【隐藏】
3.NAT
global (outside) 1 172.19.1.246 【显示】
nat (inside) 1 172.28.10.0 255.255.255.0 0 0
4.静态NAT
static (inside,outside) 172.19.1.202 172.28.10.202 netmask 255.255.255.255 0 0 【隐藏】
static (inside,outside) 172.19.1.185 172.28.10.210 netmask 255.255.255.255 0 0 【隐藏】
5.设置访问控制列表
access-group outside in interface outside
access-list outside permit ip any any
6.设置与静态NAT对应的管道
conduit permit icmp any any
conduit permit tcp host 172.19.1.202 eq www any
conduit permit udp host 172.19.1.202 eq domain any
conduit permit tcp host 172.19.1.202 eq telnet any
conduit permit tcp host 172.19.1.202 eq 3389 any
conduit permit udp host 172.19.1.202 eq 3389 any
conduit permit tcp host 172.19.1.185 eq 3389 any
conduit permit udp host 172.19.1.185 eq 3389 any
conduit permit udp host 172.19.1.185 eq 23 any
conduit permit tcp host 172.19.1.185 eq telnet any
7.设置指向网管的路由
route outside 0.0.0.0 0.0.0.0 172.19.1.254 1
8.设置远程登录
telnet 172.28.10.0 255.255.255.0 inside