在防火墙上与核心交换机互联的内网口直接配置nat server 后面携带 reversible
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 192.168.30.1 255.255.255.0
nat server global 1.1.1.3 inside 192.168.10.1 reversible
nat server global 1.1.1.4 inside 192.168.20.1 reversible
#
debug和测试情况如下:
从192.168.20.1的设备上使用公网地址1.1.1.3telnet登陆192.168.10.1设备:
<192.168.20.1>telnet 1.1.1.3
Trying 1.1.1.3 ...
Press CTRL+K to abort
Connected to 1.1.1.3 ...
Login: admin
Password:
******************************************************************************
* Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<192.168.10.1>
查看防火墙上的debug结果:
<H3C>debugging nat packet
This command is CPU intensive and might affect ongoing services. Are you sure you want to continue? [Y/N]:y
<H3C>t d
The current terminal is enabled to display debugging logs.
<H3C>t m
The current terminal is enabled to display logs.
<H3C>*Apr 15 09:41:11:366 2024 H3C NAT/7/COMMON: -COntext=1;
PACKET: (GigabitEthernet1/0/2-in-config) Protocol: TCP
192.168.20.1:29760 - 1.1.1.3: 23(VPN: 0) ------> //192.168.20.1访问1.1.1.3,目的地址转换成192.168.10.1
192.168.20.1:29760 - 192.168.10.1: 23(VPN: 0)
*Apr 15 09:41:11:366 2024 H3C NAT/7/COMMON: -COntext=1;
PACKET: (GigabitEthernet1/0/2-out-config) Protocol: TCP
192.168.20.1:29760 - 192.168.10.1: 23(VPN: 0) ------> //192.168.20.1访问目的192.168.10.1的时候源地址转换成1.1.1.4.因为匹配了相关的reversible
1.1.1.4:29760 - 192.168.10.1: 23(VPN: 0)
*Apr 15 09:41:11:367 2024 H3C NAT/7/COMMON: -COntext=1;
PACKET: (GigabitEthernet1/0/2-in-session) Protocol: TCP
192.168.10.1: 23 - 1.1.1.4:29760(VPN: 0) ------> //回包地址转换
192.168.10.1: 23 - 192.168.20.1:29760(VPN: 0)
*Apr 15 09:41:11:367 2024 H3C NAT/7/COMMON: -COntext=1;
PACKET: (GigabitEthernet1/0/2-out-session) Protocol: TCP
192.168.10.1: 23 - 192.168.20.1:29760(VPN: 0) ------> //回包地址转换
1.1.1.3: 23 - 192.168.20.1:29760(VPN: 0)
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作