https://opennet.ru/openforum/vsluhforumID6/17992.html Добрый день. Помогите. Не могу пустить трафик из outside в inside. <br><br>ASA Version 7.2(1) <br>!<br>hostname ciscoasa<br>domain-name xxx.ru<br>enable password J3QefryiQ9zlWmPY encrypted<br>names<br>dns-guard<br>!<br>interface GigabitEthernet0/0<br> nameif outside<br> security-level 0<br> ip address x.x.12.162 255.255.255.248 <br>!<br>interface GigabitEthernet0/1<br> nameif inside<br> security-level 100<br> ip address 10.2.1.254 255.255.255.0 <br>!<br>interface GigabitEthernet0/2<br> shutdown<br> nameif dmz<br> security-level 50<br> no ip address<br>! <br>interface GigabitEthernet0/3<br> shutdown<br> nameif backup<br> security-level 0<br> no ip address<br>!<br>interface Management0/0<br> shutdown<br> no nameif<br> no security-level<br> no ip address<br> management-only<br>!<br>passwd 2KFQnbNIdI.2KYOU encrypted<br>boot system disk1:/asa721-k8.bin<br>ftp mode passive<br>dns server-group DefaultDNS<br> domain-name xxx.ru<br><br>object-group network local-net<br> network-object 10.2.3.0 255.255.255.0<br> network-object 10.2.6.0 255.255.255.0<br> network-object 10.2.7.0 255.255.255.0<br> network-object 10.2 https://opennet.ru/openforum/vsluhforumID6/17992.html#2 Fri, 16 Jan 2009 12:21:00 GMT Отключи nat-control<br> https://opennet.ru/openforum/vsluhforumID6/17992.html#1 Tue, 13 Jan 2009 07:21:12 GMT может быть в асл out надо указать не адрес из сети 10.0 о которой никто не знает, а адрес из статики? x.x.12.164 <br><br><br>&gt;[оверквотинг удален]<br>&gt;input-line-status: up <br>&gt;output-interface: inside <br>&gt;output-status: up <br>&gt;output-line-status: up <br>&gt;Action: drop <br>&gt;Drop-reason: (acl-drop) Flow is denied by configured rule <br>&gt;<br>&gt;<br>&gt;<br>&gt;<br><br>