之前公司防火墙上配置了一组公网IP并且部分做了NAT映射,现在新增了一组公网IP,该IP通过单机连接电信入口测试可以上网,想配置在防火墙上,实现以下功能:
映射外部访问此公网IP(1.2.3.4) udp 4500,500,1701端口到内网172.16.100.1 机器的4500,500,1701端口,我做了NAT,发现在外部无法连接。
NAT部分配置是这样的:
ASA5520(config)# object network obj-172.16.100.1-4500
ASA5520(config-network-object)# host 172.16.100.1
nat (inside,outside) static 1.2.3.4 service udp 4500 4500
ASA5520(config)# object network obj-172.16.100.1-500
ASA5520(config-network-object)# host 172.16.100.1
nat (inside,outside) static 1.2.3.4 service udp 4500 500
ASA5520(config)# object network obj-172.16.100.1-1701
ASA5520(config-network-object)# host 172.167.100.1
nat (inside,outside) static 1.2.3.4 service udp 1701 1701
系统软件版本9.1:
# sh ver
Cisco Adaptive Security Appliance Software Version 9.1(7)16
Device Manager Version 7.7(1)151
Compiled on Thu 30-Mar-17 17:39 by builders
System image file is "disk0:/asa917-16-k8.bin"
Config file at boot was "startup-config"
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz,
Internal ATA Compact Flash, 256MB
其它还要配置什么吗?