组网拓扑:PC(
1.1.1.1)-----(1.1.1.2)FW(2.2.2.1)-----Server(2.2.2.2)
配置NAT global-policy,明细的安全策略需要如何放通?
现场配置NAT global-policy
<fw1>display nat global-policy
NAT global-policy information:
Totally 2 NAT global-policy rules.
Rule name: 1
SrcIP address : 1.1.1.1
DestIP address : 1.1.1.10
SNAT action:
Ipv4 address: 2.2.2.20
DNAT action:
IPv4 address: 2.2.2.2
NAT counting : 0
Config status: Active
[fw1]*Aug 20 14:53:59:525 2019 fw1 FILTER/7/PACKET: -COntext=1; The packet is permitted. Src-ZOne=ZongHang, Dst-ZOne=OA;If-In=GigabitEthernet1/0/3(4), If-Out=GigabitEthernet1/0/2(3); Packet Info:Src-IP=2.2.2.20, Dst-IP=2.2.2.2, VPN-Instance=, Src-MacAddr=480f-cf29-90fd,Src-Port=8, Dst-Port=0, Protocol=ICMP(1), Application=ICMP(22742), SecurityPolicy=0, Rule-ID=0.
安全策略中放通的源目地址为nat global-policy中转换后的地址。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作