Author: network Gong Ji Lao Zheng
link: https: //zhuanlan.zhihu.com/p/35151482
Source: know almost
copyrighted by the author. For commercial reprints, please contact the author for authorization. For non-commercial reprints, please indicate the source.
This is the 390th serial article in the growth diary of a network engineer. It records every bit of the network engineer industry and makes friends with people in the IT industry.
After receiving a quick call, we quickly arrived at the bus station and got on the bus to Shangnan
The scenery along the road is so beautiful!
I saw a lot of scenery that I haven't seen before, a lot of stone mountains
The project destination is a bureau in Shangnan County, Shangluo City, and the project task is the installation and commissioning of ASA5505 equipment.
We arrived at the destination at 7 o'clock in the evening. The one who received us was a 30-year-old man. After chatting with him, I felt pretty good.
After eating together, we arranged for us to stay in the nearest hotel.
Early the next morning, we went to the project site
There are a lot of equipment on a rack in a corner of a room
After a closer look, 5 Huawei switches and a small D-LINK broadband router were introduced into the intranet
Then a single-mode transceiver converts the fiber port into an Ethernet port and connects to D-LINK.
Their request is to add ASA5505 to this network and remove D-LINK,
This takes advantage of the routing capabilities of the ASA.
Next, we will disassemble the brand new ASA5505, and connect the line from the transceiver to e0 of the ASA (that is, outside)
The line from the switch is connected to e1 of the ASA (that is, inside).
Then connect the control cable to configure with HyperTerminal.
First, configure the IP addresses of e0 and e1, and then use NAT to define the internal network IP address to be converted into the external network
Use GLOBAL to define the converted external network IP address, and then write a default route to the external network gateway.
In principle, this is fine, but in this way, our door can ping through the external network on the ASA, but the internal network host cannot ping, indicating that there is no available GLOBAL.
But we checked the configured NAT and GLOBAL, and there was no configuration error. We also called a few experienced engineers and they all said there was no problem!
But now it just doesn't work~~~ depressed.
Due to time constraints, we should go back, but the ASA has not yet been adjusted.
So it’s a bit embarrassing. On the way back, I kept thinking about this question. What went wrong?
It was confirmed later that there was no problem with the configuration, but there was a problem with the hardware of this ASA, and sometimes the command was not displayed in show run!