NAT \u306f Firewall \u306e\u4e2d\u3067 ACL\u30fb\u30b9\u30c6\u30fc\u30c8\u30d5\u30eb\u3068\u540c\u3058\u304f\u3089\u3044\u91cd\u8981\u306a\u8981\u7d20\u3067\u3059\u3002<\/p>\n\n\n\n
NAT \u306f\u3001\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e \u201c\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP\u201d \u3068 \u201c\u30b0\u30ed\u30fc\u30d0\u30ebIP\u201d \u3092\u5909\u63db\u3057\u3066\u901a\u4fe1\u3055\u305b\u308b\u4ed5\u7d44\u307f\u3002<\/p>\n\n\n\n
Firewall \u306f NAT \u3092\u4f7f\u3063\u3066\uff1a<\/p>\n\n\n\n
\u306a\u3069\u3092\u884c\u3046\u3002<\/p>\n\n\n\n
\u7279\u306b ASA \u306e NAT \u306f\u5f37\u529b\u3067\u8907\u96d1<\/strong>\u3060\u304c\u3001\u30eb\u30fc\u30eb\u3092\u7406\u89e3\u3059\u308c\u3070\u7c21\u5358\u3002<\/p>\n\n\n\n \u300c1\u3064\u306e\u5185\u90e8IP ↔ 1\u3064\u306e\u30b0\u30ed\u30fc\u30d0\u30ebIP\u300d\u3092\u7d10\u4ed8\u3051\u308b\u3002<\/p>\n\n\n\n \u5185\u90e8\u30b5\u30fc\u30d0\u30fc 192.168.1.10 \u3092 ✔ Web\u30b5\u30fc\u30d0\u30fc\u3084\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u516c\u958b\u306b\u4f7f\u3046 \u5185\u90e8\u306e\u8907\u6570\u30e6\u30fc\u30b6\u30fc\u304c\u3001 ASA \u306e\u4f8b\uff1a<\/p>\n\n\n\n ✔ \u5927\u898f\u6a21\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3067\u4f7f\u3046 \u8907\u6570\u306e\u5185\u90e8IP \u2192 1\u3064\u306e\u30b0\u30ed\u30fc\u30d0\u30ebIP \u3092\u5171\u6709<\/strong>\u3059\u308b\u6700\u3082\u4e00\u822c\u7684\u306a NAT\u3002<\/p>\n\n\n\n \u5bb6\u5ead\u7528\u30eb\u30fc\u30bf\u30fc\u3068\u540c\u3058\u4ed5\u7d44\u307f\u3002<\/p>\n\n\n\n \u307e\u305f\u306f\uff1a<\/p>\n\n\n\n ✔ \u6700\u3082\u3088\u304f\u4f7f\u308f\u308c\u308b NAT\uff08\u4f01\u696d\u3067\u3082\u5bb6\u5ead\u3067\u3082\u6a19\u6e96\uff09 \u6761\u4ef6\u4ed8\u304d NAT<\/strong> \u975e\u5e38\u306b\u5f37\u529b\u3067 ASA \u306e\u8c61\u5fb4\u7684\u306a\u6a5f\u80fd\u3002<\/p>\n\n\n\n \u300c\u7279\u5b9a\u306e\u5b9b\u5148\u3078\u901a\u4fe1\u3059\u308b\u3068\u304d\u3060\u3051 NAT \u3092\u5909\u3048\u308b\u300d<\/p>\n\n\n\n ASA\u4f8b\uff1a<\/p>\n\n\n\n ✔ IPsec VPN \u3067\u3088\u304f\u4f7f\u3046\uff08Proxy-ID\u5408\u308f\u305b\uff09 RFC1918\uff1a<\/p>\n\n\n\n \u3053\u308c\u3089\u306f\u5916\u306b\u51fa\u3089\u308c\u306a\u3044 \u2192 NAT \u5fc5\u9808\u3002<\/p>\n\n\n\n \u5916\u90e8\u304b\u3089\u5185\u90e8IP\u304c\u898b\u3048\u306a\u304f\u306a\u308b\u305f\u3081\u3001\u653b\u6483\u306e\u96e3\u6613\u5ea6\u304c\u4e0a\u304c\u308b\u3002<\/p>\n\n\n\n IP\u30a2\u30c9\u30ec\u30b9\u304c\u91cd\u8907\u3059\u308b\u74b0\u5883\u3067\u3082\u3001Twice NAT \u3067\u901a\u4fe1\u3067\u304d\u308b\u3002<\/p>\n\n\n\n ASA \u306f NAT \u5f8c\u306e\u30a2\u30c9\u30ec\u30b9\u3067 ACL \u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b<\/strong> \u4f8b\uff1a<\/p>\n\n\n\n ACL \u306f 203.0.113.50 \u3068\u3057\u3066\u8a55\u4fa1\u3055\u308c\u308b<\/strong>\u3002<\/p>\n\n\n\n NAT \u3067\u5909\u63db\u3055\u308c\u305f\u901a\u4fe1\u306f\u3001\u3059\u3079\u3066 \u63a5\u7d9a\u30c6\u30fc\u30d6\u30eb \u306b\u8a18\u9332\u3055\u308c\u308b<\/strong>\u3002<\/p>\n\n\n\n \u4f8b\uff1a<\/p>\n\n\n\n \u5909\u63db\u5f8c\uff1a<\/p>\n\n\n\n \u30b9\u30c6\u30fc\u30c8\u30d5\u30eb\u306f\uff1a<\/p>\n\n\n\n \u3092\u3059\u3079\u3066\u8a18\u9332\u3059\u308b\u3002<\/p>\n\n\n\n \u3060\u304b\u3089\u623b\u308a\u901a\u4fe1\u3092\u6b63\u78ba\u306b\u5185\u90e8\u3078\u8fd4\u305b\u308b\u3002<\/p>\n\n\n\n ✔ ASA \u306f NAT\u5f8c\u306e\u30a2\u30c9\u30ec\u30b9\u3067 ACL \u3092\u8a55\u4fa1<\/strong> <\/p>\n","protected":false},"excerpt":{"rendered":" NAT \u306f Firewall \u306e\u4e2d\u3067 ACL\u30fb\u30b9\u30c6\u30fc\u30c8\u30d5\u30eb\u3068\u540c\u3058\u304f\u3089\u3044\u91cd\u8981\u306a\u8981\u7d20\u3067\u3059\u3002 NAT \u306f\u3001\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e \u201c\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP\u201d \u3068 \u201c\u30b0\u30ed\u30fc\u30d0\u30ebIP\u201d \u3092\u5909\u63db\u3057\u3066\u901a\u4fe1\u3055\u305b\u308b\u4ed5\u7d44\u307f\u3002 Firewall \u306f N […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1731","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1731"}],"version-history":[{"count":2,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1731\/revisions"}],"predecessor-version":[{"id":1734,"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=\/wp\/v2\/pages\/1731\/revisions\/1734"}],"wp:attachment":[{"href":"https:\/\/mylifeisbeautiful555.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}NAT \u306e\u7a2e\u985e\uff08Firewall \u3067\u4f7f\u3046\u3082\u306e\u3060\u3051\u53b3\u9078\uff09<\/h1>\n\n\n\n
\u2460 Static NAT\uff08\u56fa\u5b9aNAT\uff09<\/strong><\/h2>\n\n\n\n
\u4f8b\uff1a<\/h3>\n\n\n\n
\u5916\u90e8IP 203.0.113.10 \u3068\u5bfe\u5fdc\u3055\u305b\u308b\u3002<\/p>\n\n\n\nobject network WEB\n host 192.168.1.10\n nat (inside,outside) static 203.0.113.10\n<\/code><\/pre>\n\n\n\n
✔ \u30dd\u30fc\u30c8\u756a\u53f7\u306f\u5909\u3048\u306a\u3044\uff081\u5bfe1\u5bfe\u5fdc\uff09<\/p>\n\n\n\n\u2461 Dynamic NAT\uff08\u52d5\u7684NAT\uff09<\/strong><\/h2>\n\n\n\n
\u8907\u6570\u306e\u30b0\u30ed\u30fc\u30d0\u30ebIP\u30d7\u30fc\u30eb\u304b\u30891\u3064\u305a\u3064\u501f\u308a\u3066\u901a\u4fe1\u3059\u308b NAT<\/strong>\u3002<\/p>\n\n\n\n\u4f8b\uff1a<\/h3>\n\n\n\n
192.168.1.0\/24 \u2192 203.0.113.100\u301c203.0.113.110\n<\/code><\/pre>\n\n\n\nobject network OUTPOOL\n range 203.0.113.100 203.0.113.110\nnat (inside,outside) dynamic OUTPOOL\n<\/code><\/pre>\n\n\n\n
✔ IP\u67af\u6e07\u3092\u907f\u3051\u305f\u3044\u5834\u5408<\/p>\n\n\n\n\u2462 PAT\uff08Port Address Translation\uff09<\/strong><\/h2>\n\n\n\n
\u4f8b\uff1a\u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092 203.0.113.50 \u306b\u5909\u63db\u3057\u3066\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3078<\/h3>\n\n\n\n
object network PAT\n host 192.168.1.0\nnat (inside,outside) dynamic interface\n<\/code><\/pre>\n\n\n\nnat (inside,outside) after-auto source dynamic any interface\n<\/code><\/pre>\n\n\n\n
✔ \u6570\u4e07\u4eba\u3067\u30821\u3064\u306e\u30b0\u30ed\u30fc\u30d0\u30ebIP\u3067\u901a\u4fe1\u53ef\u80fd
✔ \u623b\u308a\u901a\u4fe1\u306f\u30dd\u30fc\u30c8\u756a\u53f7\u306b\u3088\u3063\u3066\u8b58\u5225\u3055\u308c\u308b<\/p>\n\n\n\n\u2463 Twice NAT\uff08\u30dd\u30ea\u30b7\u30fcNAT\uff09<\/strong><\/h2>\n\n\n\n
\uff08\u9001\u4fe1\u5143\uff0b\u5b9b\u5148\u306e\u7d44\u307f\u5408\u308f\u305b\u3092\u898b\u3066 NAT \u3092\u5909\u3048\u308b\uff09<\/p>\n\n\n\n\u4f8b\uff1a<\/h3>\n\n\n\n
source 192.168.1.10 \u304c\ndestination 10.0.0.5 \u306b\u884c\u304f\u3068\u304d\u3060\u3051\n\u9001\u4fe1\u5143\u30a2\u30c9\u30ec\u30b9\u3092 192.168.100.10 \u306b\u5909\u63db\n<\/code><\/pre>\n\n\n\nnat (inside,outside) source static 192.168.1.10 192.168.100.10 \\\n destination static 10.0.0.5 10.0.0.5\n<\/code><\/pre>\n\n\n\n
✔ \u7279\u5b9a\u306e\u901a\u4fe1\u3060\u3051 NAT \u3092\u9069\u7528\u3057\u305f\u3044\u5834\u5408\u306b\u5fc5\u9808
✔ \u901a\u5e38\u306e NAT \u3088\u308a\u512a\u5148\u5ea6\u304c\u9ad8\u3044<\/p>\n\n\n\nNAT \u304c\u5fc5\u8981\u306a\u7406\u7531\uff08FW\u3067\u91cd\u8981\u306a3\u3064\uff09<\/h1>\n\n\n\n
\u2460 \u5185\u90e8IP\u306f\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3067\u4f7f\u3048\u306a\u3044\u305f\u3081<\/strong><\/h2>\n\n\n\n
\n
\u2461 \u5185\u90e8\u69cb\u6210\u3092\u96a0\u3059\uff08\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\uff09<\/strong><\/h2>\n\n\n\n
\u2462 \u8907\u6570LAN\u3092\u63a5\u7d9a\u3059\u308b\u305f\u3081\uff08VPN\/DMZ\uff09<\/strong><\/h2>\n\n\n\n
NAT \u3068 ACL \u306e\u52d5\u4f5c\u9806\u5e8f\uff08ASA\u306f\u3053\u3053\u304c\u96e3\u3057\u3044\uff09<\/h1>\n\n\n\n
\uff08\u3053\u3053\u304c\u30eb\u30fc\u30bf\u3068\u306e\u9055\u3044\uff09<\/p>\n\n\n\n192.168.1.10 \u2192 203.0.113.50 \u306b NAT\n<\/code><\/pre>\n\n\n\nNAT \u3068\u30b9\u30c6\u30fc\u30c8\u30d5\u30eb\u306e\u9023\u643a<\/h1>\n\n\n\n
192.168.1.10:54321 \u2192 203.0.113.50:80\n<\/code><\/pre>\n\n\n\n203.0.113.100:54321 \u2192 203.0.113.50:80\n<\/code><\/pre>\n\n\n\n\n
\u3088\u304f\u4f7f\u3046 NAT \u306e\u5b9f\u4f8b 3\u30d1\u30bf\u30fc\u30f3<\/h1>\n\n\n\n
\u2460 \u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u7528 PAT<\/h2>\n\n\n\n
object network LAN\n subnet 192.168.1.0 255.255.255.0\nnat (inside,outside) dynamic interface<\/code><\/pre>\n\n\n\n\u2461 Web\u30b5\u30fc\u30d0\u30fc\u306e\u516c\u958b\uff08Static NAT\uff09<\/h2>\n\n\n\n
object network WEB\n host 192.168.1.10\nnat (dmz,outside) static 203.0.113.10<\/code><\/pre>\n\n\n\n\u2462 IPsec VPN \u7528\u306e\u7279\u5b9a\u5b9b\u5148\u3060\u3051 NAT (Twice NAT)<\/h2>\n\n\n\n
nat (inside,outside) source static 192.168.1.0 172.16.10.0 \\\n destination static 10.0.0.0 10.0.0.0<\/code><\/pre>\n\n\n\n\u307e\u3068\u3081\uff08\u77ed\u304f\u91cd\u8981\u90e8\u5206\uff09<\/h1>\n\n\n\n
\u7a2e\u985e<\/th> \u7528\u9014<\/th><\/tr><\/thead> Static NAT<\/td> \u30b5\u30fc\u30d0\u30fc\u516c\u958b\uff081\u5bfe1\uff09<\/td><\/tr> Dynamic NAT<\/td> IP\u30d7\u30fc\u30eb\u3067\u5909\u63db\uff08\u8907\u6570IP\u5fc5\u8981\u6642\uff09<\/td><\/tr> PAT<\/td> \u6700\u3082\u4e00\u822c\u7684\u3002\u5185\u90e8\u591a\u6570 \u2192 \u5916\u90e81IP<\/td><\/tr> Twice NAT<\/td> \u6761\u4ef6\u4ed8\u304d\u30fbVPN\u5bfe\u5fdc\u30fb\u6700\u5f37NAT<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
✔ NAT \u3068\u30b9\u30c6\u30fc\u30c8\u30d5\u30eb\u306f\u5bc6\u63a5\u306b\u9023\u52d5
✔ Manual NAT \u304c\u6700\u512a\u5148<\/p>\n\n\n\n