拓扑:
使外网能访问DMZ服务器
object network dmz-http-server-192.168.1.1
host 192.168.1.1
object network dmz-http-server-192.168.1.1
nat (dmz,outside) static 202.1.1.11 dns
access-list outacl permit tcp any host 192.168.1.1 eq 80
access-group outacl in interface outsides
PC访问DMZ的HTTP服务器(外部地址202.1.1.11)
内网访问外网做PAT端口转换
object network PAT
subnet 10.1.1.0 255.255.255.0
object network PAT
nat (inside,outside) static interface
访问外网地址使用外部接口地址202.1.1.10
当内网访问DMZ服务器时,不做地址转换