以er5200g2为网关，外网可连内网。以ak115为网关，外网不能连内网。

这是ak115的配置文件，删除了某些敏感内容，可能导致格式有些变化。

​#

version 7.1.064, Release 9524P33
#
sysname H3C
#
context Admin id 1
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
#
dns proxy enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 3
#
object-group ip address 172.22.42.250
0 network host address 172.22.42.250
#
object-group ip address 192.1.1.250
0 network host address 192.1.1.250
#
object-group ip address 192.1.2.250
0 network host address 192.1.2.250
#
object-group ip address Lsk-Office
0 network host address 172.22.42.123
#
dhcp server ip-pool 172-22-42-X
gateway-list 172.22.42.2
dns-list 114.114.114.114
static-bind ip-address 172.22.42.21 mask 255.255.255.0 hardware-address d0c7-c033-8807
static-bind ip-address 172.22.42.22 mask 255.255.255.0 hardware-address dcfe-18b0-bff1
static-bind ip-address 172.22.42.23 mask 255.255.255.0 hardware-address c061-1805-51bb
static-bind ip-address 172.22.42.24 mask 255.255.255.0 hardware-address f483-cde4-1303
static-bind ip-address 172.22.42.25 mask 255.255.255.0 hardware-address fcd7-33fa-bdc7
static-bind ip-address 172.22.42.27 mask 255.255.255.0 hardware-address 743a-20c7-571c
static-bind ip-address 172.22.42.28 mask 255.255.255.0 hardware-address 18f2-2c1c-a7a6
static-bind ip-address 172.22.42.121 mask 255.255.255.0 hardware-address 309c-2358-45c1
static-bind ip-address 172.22.42.122 mask 255.255.255.0 hardware-address f44d-30b4-b946
static-bind ip-address 172.22.42.126 mask 255.255.255.0 hardware-address 309c-2358-45bb
static-bind ip-address 172.22.42.128 mask 255.255.255.0 hardware-address 7427-eaac-4312
static-bind ip-address 172.22.42.140 mask 255.255.255.0 hardware-address 0023-24d8-8328
static-bind ip-address 172.22.42.142 mask 255.255.255.0 hardware-address 54e1-ad0e-7b4c
static-bind ip-address 172.22.42.146 mask 255.255.255.0 hardware-address 507b-9d35-7887
static-bind ip-address 172.22.42.162 mask 255.255.255.0 hardware-address e865-d4bc-aa90
static-bind ip-address 172.22.42.190 mask 255.255.255.0 hardware-address f44d-30b3-f37f
static-bind ip-address 172.22.42.191 mask 255.255.255.0 hardware-address 1c69-7a28-4e8f
#
dhcp server ip-pool 192-1-1-X
gateway-list 192.1.1.1
network 192.1.1.0 mask 255.255.255.0
dns-list 114.114.114.114
static-bind ip-address 192.1.1.11 mask 255.255.255.0 hardware-address 64ae-f15a-4e88
static-bind ip-address 192.1.1.12 mask 255.255.255.0 hardware-address 64ae-f15a-46d4
static-bind ip-address 192.1.1.13 mask 255.255.255.0 hardware-address 64ae-f15a-4ecc
static-bind ip-address 192.1.1.14 mask 255.255.255.0 hardware-address 64ae-f15a-4e7c
static-bind ip-address 192.1.1.15 mask 255.255.255.0 hardware-address 64ae-f157-ab46
static-bind ip-address 192.1.1.16 mask 255.255.255.0 hardware-address 64ae-f15a-4e75
static-bind ip-address 192.1.1.17 mask 255.255.255.0 hardware-address 64ae-f157-a103
static-bind ip-address 192.1.1.18 mask 255.255.255.0 hardware-address 64ae-f15a-4e79
static-bind ip-address 192.1.1.19 mask 255.255.255.0 hardware-address 64ae-f157-a0ed
static-bind ip-address 192.1.1.20 mask 255.255.255.0 hardware-address 64ae-f15a-44a9
#
dhcp server ip-pool 192-1-2-X
gateway-list 192.1.2.1
network 192.1.2.0 mask 255.255.255.0
dns-list 114.114.114.114
#
dhcp server ip-pool 192-115-109-X
gateway-list 192.115.109.1
network 192.115.109.0 mask 255.255.255.0
dns-list 114.114.114.114
#
nqa template icmp jkjc-sdsbk
#
nqa template icmp jkjc-xtwjw
#
nqa template icmp jkjc-xwky
#
controller Cellular1/0/0
#
interface NULL0
#
interface Vlan-interface1
ip address 192.1.1.1 255.255.255.0
#
interface Vlan-interface2
ip address 192.1.2.1 255.255.255.0
#
interface Vlan-interface3
ip address 172.22.42.2 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
description GuideWan Interface1/0/2
bandwidth 200000
ip address 192.100.86.100 255.255.255.0
nat outbound description GuideNat
undo dhcp select server
gateway 192.100.86.1
#
interface GigabitEthernet1/0/3
port link-mode route
description GuideWan Interface1/0/3
bandwidth 500000
ip address 11.214.0.214 255.255.255.128
nat outbound
undo dhcp select server
gateway 11.214.0.213
#
interface GigabitEthernet1/0/4
port link-mode route
description GuideWan Interface1/0/4
bandwidth 100000
nat outbound
#
interface GigabitEthernet1/0/5
port link-mode route
#
interface GigabitEthernet1/0/6
port link-mode route
#
interface GigabitEthernet1/0/7
port link-mode route
#
interface GigabitEthernet1/0/8
port link-mode route
#
interface GigabitEthernet1/0/9
port link-mode route
description GuideLan Interface1/0/9
ip address 192.115.109.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 to 3 tagged
combo enable copper
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 to 3 tagged
combo enable copper
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface1
import interface Vlan-interface2
import interface Vlan-interface3
import interface GigabitEthernet1/0/0 vlan 1 to 4094
import interface GigabitEthernet1/0/1 vlan 1 to 4094
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
import interface GigabitEthernet1/0/9
#
security-zone name sdsbkUntrust
import interface GigabitEthernet1/0/4
#
security-zone name wwwUntrust
import interface GigabitEthernet1/0/2
#
security-zone name xtwjwUntrust
import interface GigabitEthernet1/0/3
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
authentication-mode scheme
user-role network-admin
#
line class usb
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-admin
#
ip route-static 0.0.0.0 0 GigabitEthernet1/0/2 192.100.86.1
ip route-static 172.0.0.0 8 Vlan-interface3 172.22.42.1 description 上级IP地址。
#
info-center source FILTER logfile deny
#
ssh server enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$EHUwoexLeBLOUfbI$3PpDlQrLQxnaInghR3sRGim6nnbn22wHQ5QhvfSLg4X0E8ttPdyp/uTqrZ0bYseSrpM689UbIyPFH8LkK5ts+w==
service-type ssh telnet terminal https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
session statistics enable
session top-statistics enable
session synchronization enable
session synchronization http
#
ipsec logging negotiation enable
#
application global statistics enable
#
apr signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
ike logging negotiation enable
#
ip https enable
#
url-filter signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
ips signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
app-profile 0_IPv4
#
app-profile 1_IPv4
#
app-profile 2_IPv4
#
app-profile 3_IPv4
#
app-profile 4_IPv4
#
app-profile 5_IPv4
#
app-profile 6_IPv4
#
app-profile 7_IPv4
#
app-profile 8_IPv4
#
inspect block-source parameter-profile ips_block_default_parameter
#
inspect block-source parameter-profile url_block_default_parameter
#
inspect logging parameter-profile av_logging_default_parameter
#
inspect logging parameter-profile ips_logging_default_parameter
#
loadbalance link-group lianluzu-xtwjw
transparent enable
success-criteria at-least 1
link lianlu-xtwjw
success-criteria at-least 1
probe jkjc-xtwjw
#
loadbalance link-group lianluzu-xwky
transparent enable
probe jkjc-xwky
success-criteria at-least 1
link lianlu-xwky
success-criteria at-least 1
probe jkjc-xwky
#
loadbalance class lltz-10.10.0.0 type link-generic
match 1 destination ip address 10.10.0.0 16
#
loadbalance class lltz-10.78.0.0 type link-generic
match 1 destination ip address 10.78.0.0 16
#
loadbalance class lltz-11.0.0.0 type link-generic
match 1 destination ip address 11.0.0.0 8
#
loadbalance class lltz-131.252.88.188 type link-generic
match 1 destination ip address 131.252.88.188
#
loadbalance action ##defaultactionforllbipv4##%%autocreatedbyweb%% type link-generic
forward all
#
loadbalance action ob$action$#for#lltz-10.10.0.0 type link-generic
link-group lianluzu-xtwjw
#
loadbalance action ob$action$#for#lltz-10.78.0.0 type link-generic
link-group lianluzu-xtwjw
#
loadbalance action ob$action$#for#lltz-11.0.0.0 type link-generic
link-group lianluzu-xtwjw
#
loadbalance action ob$action$#for#lltz-131.252.88.188 type link-generic
link-group lianluzu-xwky
#
loadbalance policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%% type link-generic
class lltz-10.10.0.0 action ob$action$#for#lltz-10.10.0.0
class lltz-10.78.0.0 action ob$action$#for#lltz-10.78.0.0
class lltz-131.252.88.188 action ob$action$#for#lltz-131.252.88.188
class lltz-11.0.0.0 action ob$action$#for#lltz-11.0.0.0
default-class action ##defaultactionforllbipv4##%%autocreatedbyweb%%
#
virtual-server ##defaultvsforllbipv4##%%autocreatedbyweb%% type link-ip
virtual ip address 0.0.0.0 0
lb-policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%%
service enable
bandwidth busy-protection enable
bandwidth interface statistics enable
#
loadbalance isp file flash:/lbispinfo_v1.5.tp
#
loadbalance link lianlu-xtwjw
router ip 11.214.0.213
success-criteria at-least 1
probe jkjc-xtwjw
#
loadbalance link lianlu-xwky
router ip 172.22.42.1
success-criteria at-least 1
probe jkjc-xwky
#
traffic-policy
rule 3 name 视频会议设备
action qos profile 50m速度
source-address address-set 视频会议设备
destination-zone wwwUntrust
destination-zone wwwUntrust
profile name 10m速度
bandwidth downstream maximum 10000
bandwidth upstream maximum 10000
profile name 20m速度
bandwidth downstream maximum 20000
bandwidth upstream maximum 20000
profile name 30m速度
bandwidth downstream maximum 30000
bandwidth upstream maximum 30000
profile name 50m速度
bandwidth downstream maximum 50000
bandwidth upstream maximum 50000
profile name 5m速度
bandwidth downstream maximum 5000
bandwidth upstream maximum 5000
profile name 不限速
bandwidth downstream maximum 100000
bandwidth upstream maximum 100000
profile name 不允许
bandwidth downstream maximum 8
bandwidth upstream maximum 8
#
security-policy ip
rule 3 name GuideSecPolicy3
action pass
rule 1 name GuideSecPolicy
action pass
source-zone Local
source-zone Trust
destination-zone Untrust
destination-zone DMZ
destination-zone Trust
destination-zone Local
rule 2 name GuideSecPolicy-1
action pass
source-zone Local
source-zone Trust
destination-zone sdsbkUntrust
destination-zone wwwUntrust
destination-zone xtwjwUntrust
#
ips logging parameter-profile ips_logging_default_parameter
#
anti-virus signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
anti-virus logging parameter-profile av_logging_default_parameter
#

return​

服务器和终端是相同网段？服务器插在哪里的？