13nash 发表于 2017-6-9 10:11
在inspect 里加上icmp
已经加过了,包括ACL放心icmp
access-list Test2 extended permit tcp any host 192.168.1.99 eq 3389
access-list Test2 extended permit tcp any host 172.17.20.253 eq www
access-list Test2 extended permit icmp any any
access-list Test2 extended permit tcp any host 172.17.20.253 eq 8861
access-list Test2 extended permit tcp any host 172.17.20.253 range 8000 8090
access-group Test2 in interface outside
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp