ASA相同公网IP，基于源和基于目标地址转换测试

一.拓扑图：
 
二.基本配置

R1:
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 no shut
ip route 0.0.0.0 0.0.0.0 10.1.1.10

R2:
interface FastEthernet0/0
 ip address 10.1.1.2 255.255.255.0
 no shut
ip route 0.0.0.0 0.0.0.0 10.1.1.10

ASA:
①接口配置
interface Ethernet0/0
 nameif inside
 security-level 100
 ip address 10.1.1.10 255.255.255.0 
 no shut
interface Ethernet0/1
 nameif outside
 security-level 0
 ip address 202.100.1.10 255.255.255.0 
 no shut
②策略配置
access-list outside extended permit icmp any any
access-list outside extended permit udp any any
access-group outside in interface outside
③ASA8.0动态NAT和静态PAT配置
access-list 10 extended permit ip host 10.1.1.1 any 
access-list 10 extended permit ip host 10.1.1.2 any 
nat (inside) 1 access-list 10
global (outside) 1 202.100.1.2
---------动态NAT配置---------
static (inside,outside) udp 202.100.1.2 syslog 10.1.1.1 syslog netmask 255.255.255.255
---------静态PAT配置---------
===============================
③‘ASA8.4动态NAT和静态PAT配置
object network insidehost
 range 10.1.1.1 10.1.1.2
 nat (inside,outside) dynamic 202.100.1.2
---------动态NAT配置---------
object network host1
 host 10.1.1.1
  nat (inside,outside) static 202.100.1.2 service udp syslog syslog 
---------静态PAT配置---------------

-----如果需要针对具体IP放行syslog，ASA8.0和8.4配置方式有区别：
----ASA8.0:access-list outside extended permit udp any 202.100.1.2 
----ASA8.4:access-list outside extended permit udp any object host1 

三.效果测试

①R1#ping 202.100.1.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.100.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/35/112 ms

②PC抓包截图：
 
③从PC上通过syslog发送工具给202.100.1.2发送syslog：
 
④可以看到R1上面能收到PC发送过来的syslog包：
R1#debug ip packet 
IP packet debugging is on
R1#
*Mar  1 01:15:40.115: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.115: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar  1 01:15:40.119: IP: tableid=0, s=10.1.1.1 (local), d=202.100.1.100 (FastEthernet0/0), routed via FIB
*Mar  1 01:15:40.119: IP: s=10.1.1.1 (local), d=202.100.1.100 (FastEthernet0/0), len 56, sending
*Mar  1 01:15:40.123: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.123: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar  1 01:15:40.127: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.127: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar  1 01:15:40.131: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.131: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar  1 01:15:40.131: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.135: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar  1 01:15:40.135: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.139: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar  1 01:15:40.139: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar  1 01:15:40.143: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
 

本文转自 碧云天 51CTO博客，原文链接：http://blog.51cto.com/333234/965213，如需转载请自行联系原作者