Cisco Cisco ASA for Nexus 1000V Series Switch 기술 매뉴얼

Click Apply for the changes to take effect.

5.

This is the equivalent CLI output for this NAT configuration:

Use this section in order to confirm that your configuration works properly.

The 

 (

 customers only) supports certain show commands. Use the

Cisco CLI Analyzer in order to view an analysis of show command output.

Access a web site via HTTP with a web browser. This example uses a site that is hosted at
198.51.100.100. If the connection is successful, this output can be seen on the ASA CLI.

ASA(config)# show connection address 172.16.11.5

6 in use, 98 most used

TCP outside 198.51.100.100:80 inside 172.16.11.5:58799, idle 0:00:06, bytes 937,

flags UIO

The ASA is a stateful firewall, and return traffic from the web server is allowed back through the
firewall because it matches a connection in the firewall connection table. Traffic that matches a
connection that preexists is allowed through the firewall without being blocked by an interface
ACL.

In the previous output, the client on the inside interface has established a connection to the
198.51.100.100 host off of the outside interface. This connection is made with the TCP protocol
and has been idle for six seconds. The connection flags indicate the current state of this
connection. More information about connection flags can be found in 

.

ASA(config)# show log | in 172.16.11.5

Apr 27 2014 11:31:23: %ASA-6-305011: Built dynamic TCP translation from inside:

172.16.11.5/58799 to outside:203.0.113.2/58799