정보보안 네트워크ASA방화벽 2부

#모든 서비스가 하나의 서버에 있을 경우 config t object network mainserver host 10 10 10 1 nat (dmz,outside) static 1 213 251 50 config t object network mainserver_web host 10 10 10 1 nat (dmz,outside) static 1 213 251 50 config t object network mainserver_mail host 10 10 10 2 nat (dmz,outside) static 1 213 251 50 ---------------------------------------------------- config t no access-list out2in extended permit ip any any no access-list out2in extended permit tcp any any no access-list out2in extended permit udp any any access-group out2in in interface outside [step1] config t access-list out2in extended permit tcp any object mainserver eq www access-group out2in in interface outside [step2] 설정 config t access-list out2in extended permit ip any any access-list out2in extended permit tcp any object mainserver eq www access-group out2in in interface outside 설정해제 config t no access-list out2in extended permit ip any any no access-list out2in extended permit tcp any object mainserver eq www access-group out2in in interface outside [step3] 설정 config t access-list out2in extended permit ip any any access-list out2in extended permit tcp any object mainserver_mail access-list out2in extended permit tcp any object mainserver eq www access-group out2in in interface outside 설정해제 config t access-list out2in extended permit ip any any access-list out2in extended permit tcp any object mainserver_mail access-list out2in extended permit tcp any object mainserver eq www access-group out2in in interface outside 설정해제 config t no access-list out2in extended permit icmp any object mainserver_mail no access-list out2in extended permit ip any object mainserver no access-list out2in extended permit tcp any object mainserver eq www access-group out2in in interface outside 응용 config t access-list out2in extended permit tcp any object mainserver eq smtp access-list out2in extended permit tcp any object mainserver eq pop3 access-group out2in in interface outside