конфигурация asa:
-----------------------------------------------------------------
name 192.168.2.2 vsx7000_int description Polycom VSX7000
name 8.3.12.11 vsx7000_ext description vsx7000.domain.com
object-group service TCP_vsx7000 tcp
port-object eq h323
port-object range 3230 3239
object-group service UDP_vsx7000 udp
port-object range 1718 1719
port-object range 3230 3269
access-list outside_in extended permit tcp any host vsx7000_ext object-group TCP_vsx7000
access-list outside_in extended permit udp any host vsx7000_ext object-group UDP_vsx7000
access-list inside_in extended permit tcp host vsx7000_int any
access-list inside_in extended permit udp host vsx7000_int any
static (inside,outside) vsx7000_ext vsx7000_int netmask 255.255.255.255 norandomseq
-----------------------------------------------------------------
конфигурация vsx:
Fixed Ports *
NAT Configuration -> Manual
NAT Outside Address 8.3.12.11-----------------------------------------------------------------
name 192.168.2.2 vsx7000_int description Polycom VSX7000
name 8.3.12.11 vsx7000_ext description vsx7000.domain.com
object-group service TCP_vsx7000 tcp
port-object eq h323
port-object range 3230 3239
object-group service UDP_vsx7000 udp
port-object range 1718 1719
port-object range 3230 3269
access-list outside_in extended permit tcp any host vsx7000_ext object-group TCP_vsx7000
access-list outside_in extended permit udp any host vsx7000_ext object-group UDP_vsx7000
access-list inside_in extended permit tcp host vsx7000_int any
access-list inside_in extended permit udp host vsx7000_int any
static (inside,outside) vsx7000_ext vsx7000_int netmask 255.255.255.255 norandomseq
-----------------------------------------------------------------
конфигурация vsx:
-----------------------------------------------------------------
System > Admin Settings > Network > IP > FirewallFixed Ports *
NAT Configuration -> Manual
NAT is H.323 Compatible - включен для работы через VPN, иначе выключен.
-----------------------------------------------------------------
Комментариев нет:
Отправить комментарий