H3C防火墙F1020

DEVICE_NAME : SecPath F1020 DEVICE_SERIAL_NUMBER : 210235A1FSH178000274 VENDOR_NAME : H3C 已配置安全域与本地互联策略，但是本地vlan1下带的15.172.101.2终端，无法访问到出口网关172.20.221.154，但可以ping通接口IP：172.20.221.153 具体配置如下： interface Vlan-interface1 ip address 15.172.101.1 255.255.255.0 interface GigabitEthernet1/0/2 port link-mode route ip address 172.20.221.153 255.255.255.252 # interface Tunnel0 mode gre ip address 172.38.6.126 255.255.255.252 source 172.20.221.153 destination 100.69.255.118 # interface Tunnel1 mode gre ip address 192.171.38.70 255.255.255.252 source 172.20.221.153 destination 100.71.255.114 # object-policy ip Local-Local rule 0 pass # object-policy ip Local-Trust rule 0 pass # object-policy ip Trust-Local rule 0 pass # object-policy ip Trust-Trust rule 0 pass # security-zone name Trust import interface GigabitEthernet1/0/2 import interface LoopBack0 import interface Tunnel0 import interface Tunnel1 import interface Vlan-interface1 import interface GigabitEthernet1/0/1 vlan 1 to 4094 import interface GigabitEthernet1/0/3 vlan 1 to 4094 import interface GigabitEthernet1/0/4 vlan 1 to 4094 import interface GigabitEthernet1/0/5 vlan 1 to 4094 # zone-pair security source Local destination Local object-policy apply ip Local-Local # zone-pair security source Local destination Trust object-policy apply ip Local-Trust # zone-pair security source Management destination Local packet-filter 2000 # zone-pair security source Trust destination Local object-policy apply ip Trust-Local # zone-pair security source Trust destination Trust object-policy apply ip Trust-Trust # ip route-static 10.9.20.0 24 Tunnel1 ip route-static 10.9.21.0 24 Tunnel0 ip route-static 100.69.255.118 32 172.20.221.154 ip route-static 100.71.255.114 32 172.20.221.154 MAC_ADDRESS : 38AD-BEA1-547F MANUFACTURING_DATE : 2017-08-31 VENDOR_NAME : H3C

通过出口路由模式，服务器本地网通过使用GRE隧道进行访问物联网卡设备网络。