interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 1.1.1.2 255.255.255.0
interface Ethernet0/2
nameif guest
security-level 50
ip address 192.168.4.1 255.255.255.0
access-list inside_in extended permit ip any any
access-list outside_in extended permit tcp any host 1.1.1.4 eq www
access-list guest_in extended permit tcp 192.168.4.0 255.255.255.0 host 192.168.3.123 eq www
access-list guest_in extended deny ip 192.168.4.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list guest_in extended permit ip 192.168.4.0 255.255.255.0 any
access-list no_nat_inside extended permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list no_nat_guest extended permit ip 192.168.4.0 255.255.255.0 192.168.3.0 255.255.255.0
nat-control
global (outside) 1 1.1.1.3
global (inside) 1 interface
nat (inside) 0 access-list no_nat_inside
nat (inside) 1 192.168.3.0 255.255.255.0
nat (guest) 0 access-list no_nat_guest
nat (guest) 1 192.168.4.0 255.255.255.0
static (inside,outside) 1.1.1.4 192.168.3.123 netmask 255.255.255.255
static (inside,inside) 1.1.1.4 192.168.3.123 netmask 255.255.255.255
same-security-traffic permit intra-interface
access-group inside_in in interface inside
access-group outside_in in interface outside
access-group guest_in in interface guest
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
|