对于switch0、switch2,如果是三层交换机,则需要写路由,如果为二层交换机,则需要写网关。静态NAT地址转换object network waiwanghost 192.168.1.2nat (inside,outside) static 10.99.121.141 理解为:从inside到outside方向,192.168.1.2这个源地址转换为10.99.121.141这个地址静态NAT地址转换特点:1.数据包从outside进入inside,也就是从低优先级到高优先级的访问,在访问控制列表里要放过 2. host要真是存在 3.首先要考虑会话的发起者,并确定是单向访问,还是双向访问。Static
(inside,outside) 10.99.216.202 192.168.0.2Object
network yelianHost
10.99.216.205Nat
(outside,inside) static 192.168.1.21.数据包从inside进入outside,也就是从高优先级到低优先级的访问,然后从outside到inside返回,理论上在防火墙上有session,数据包从outside到inside能正常返回。但测试的时候,不能ping通192.168.1.2,FTP访问正常。防火墙有一个inspect机制,配置命令:
inspcet icmp。或者在outside端的in方向的访问控制列表放过icmp。官方文档:In routed mode,
hosts on the inside (Business and Home VLANs) count towards the limit only when
they communicate with the outside (Internet VLAN). Internet hosts are not
counted towards the limit. Hosts that initiate traffic between Business and
Home are also not counted towards the limi免费云主机域名t. The interface associated with the
default route is considered to be the Internet interface. If there is no
default route, hosts on all interfaces are counted toward the limit. In
transparent mode, the interface with the lowest number of hosts is counted
towards the host limit. See the show local-host command to view the host
limits.实验总结: 1.在防火墙outside接口配置default-route,那么其他别的接口的主机数将受到限制。2.在防火墙inside接口配置default-route,其他接口的主机数也受到限制。8.2(1)以下的版本相对混乱。(认为是低版本的BUG)3.如果接口不配置默认路由,那么其他接口的主机数不受限制。
这篇文章主要介绍“linux中shell的作用是什么”,在日常操作中,相信很多人在linux中shell的作用是什么问题上存在疑惑,小编查阅了各式资料,整理出简单好用的操作方法,希望对大家解答”linux中shell的作用是什么”的疑惑有所帮助!接下来,请跟着…
免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。
微信扫一扫 
