一.拓撲圖:
二.基本配置
R1:
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 10.1.1.10
R2:
ip address 10.1.1.2 255.255.255.0
ASA:
①接口配置
interface Ethernet0/0
nameif inside
security-level 100
ip address 10.1.1.10 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 202.100.1.10 255.255.255.0
②政策配置
access-list outside extended permit icmp any any
access-list outside extended permit udp any any
access-group outside in interface outside
③ASA8.0動态NAT和靜态PAT配置
access-list 10 extended permit ip host 10.1.1.1 any
access-list 10 extended permit ip host 10.1.1.2 any
nat (inside) 1 access-list 10
global (outside) 1 202.100.1.2
---------動态NAT配置---------
static (inside,outside) udp 202.100.1.2 syslog 10.1.1.1 syslog netmask 255.255.255.255
---------靜态PAT配置---------
===============================
③‘ASA8.4動态NAT和靜态PAT配置
object network insidehost
range 10.1.1.1 10.1.1.2
nat (inside,outside) dynamic 202.100.1.2
object network host1
host 10.1.1.1
nat (inside,outside) static 202.100.1.2 service udp syslog syslog
---------靜态PAT配置---------------
-----如果需要針對具體IP放行syslog,ASA8.0和8.4配置方式有差別:
----ASA8.0:access-list outside extended permit udp any 202.100.1.2
----ASA8.4:access-list outside extended permit udp any object host1
三.效果測試
①R1#ping 202.100.1.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.100.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/35/112 ms
②PC抓包截圖:
③從PC上通過syslog發送工具給202.100.1.2發送syslog:
④可以看到R1上面能收到PC發送過來的syslog包:
R1#debug ip packet
IP packet debugging is on
R1#
*Mar 1 01:15:40.115: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:15:40.115: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar 1 01:15:40.119: IP: tableid=0, s=10.1.1.1 (local), d=202.100.1.100 (FastEthernet0/0), routed via FIB
*Mar 1 01:15:40.119: IP: s=10.1.1.1 (local), d=202.100.1.100 (FastEthernet0/0), len 56, sending
*Mar 1 01:15:40.123: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:15:40.123: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar 1 01:15:40.127: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:15:40.127: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar 1 01:15:40.131: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:15:40.131: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar 1 01:15:40.135: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar 1 01:15:40.135: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:15:40.139: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
*Mar 1 01:15:40.139: IP: tableid=0, s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:15:40.143: IP: s=202.100.1.100 (FastEthernet0/0), d=10.1.1.1 (FastEthernet0/0), len 151, rcvd 3
本文轉自 碧雲天 51CTO部落格,原文連結:http://blog.51cto.com/333234/965213,如需轉載請自行聯系原作者
![Winrunner的一些技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)