架构图如下,需求192.168.25.0/24 访问
配置如下
interface GigabitEthernet1/1
nameif emc
security-level 100
ip address 192.168.25.2 255.255.255.0
!
interface GigabitEthernet1/3
nameif sfc
security-level 0
ip address 172.21.96.10 255.255.254.0
object-group network emc-inside
network-object 192.168.25.0 255.255.255.0
access-list sfc-acl extended permit icmp any any
access-list sfc-acl extended permit ip any any
access-list emc-acl extended permit icmp any any
access-list emc-acl extended permit ip any any
nat (emc,sfc) source dynamic emc-inside interface
access-group emc-acl in interface emc
access-group sfc-acl in interface sfc
route Management 0.0.0.0 0.0.0.0 10.67.7.1 1
route emc 10.169.211.0 255.255.255.192 192.168.25.1 1
route emc 10.169.211.32 255.255.255.255 192.168.25.1 1
route sfc 172.0.0.0 255.0.0.0 172.21.96.1 1
现在用192.168.25.1ping不通 172.21.96.1和96.9.telnet端口也不通,找不到原因