从内访问映射后的外网地址 X.X.X.X:8090
!
object service 8090
service tcp destination eq 8090
nat (inside,inside) source static 192.168.200.0 70.70.70.0 destination static X.X.X.X 192.168.200.202 service 8090 8090
!
从外访问映射后的内网地址 X.X.X.X:8090
!
object network 192.168.200.202_8090
nat (inside,outside) static interface service tcp 8090 8090
access-list outside_int extended permit tcp any host 192.168.200.202 eq 8090
access-group outside_int in interface outside
测试验证:
packet-tracer input inside tcp 192.168.200.203 50 x.x.x.x 8090
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside,inside) source static 192.168.200.0 70.70.70.0 destination static x.x.x.x192.168.200.202 service 8090 8090
Additional Information:
NAT divert to egress interface inside
Untranslate x.x.x.x/8090 to 192.168.200.202/8090
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group 100 in interface inside
access-list 100 extended permit ip any any
Additional Information:
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,inside) source static 192.168.200.0 70.70.70.0 destination static x.x.x.x 192.168.200.202 service 8090 8090
Additional Information:
Static translate 192.168.200.203/50 to 70.70.70.203/50
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,inside) source static 192.168.200.0 70.70.70.0 destination static x.x.x.x 192.168.200.202 service 8090 8090
Additional Information:
Phase: 7
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 9275189, packet dispatched to next module
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow