SecPath防火墙nat static的典型配置
一、 组网需求:
用SecPath防火墙实现两次nat static的功能。
二、 组网图
SecPath100F:Version 3.40, ESS 1604;
SecPath1000F:Version 3.40, ESS 1604;
Server:Windows 2003 Server。
三、 配置信息
1. SecPath1000F的主要配置
#
sysname Quidway
#
firewall packet-filter enable
firewall packet-filter default permit
#
nat static inside ip 172.16.1.100 global ip 192.168.1.100 //配置nat static
#
firewall statistic system enable
#
interface GigabitEthernet0/0
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
nat outbound static //接口下启用nat static
#
firewall zone trust
add interface GigabitEthernet0/0
set priority 85
#
firewall zone untrust
add interface GigabitEthernet0/1
set priority 5
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.2
#
2. SecPath100F的主要配置
#
sysname Quidway
#
firewall packet-filter enable
firewall packet-filter default permit
#
nat static inside ip 192.168.1.100 global ip 202.38.1.100 //配置nat static
#
firewall statistic system enable
#
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
#
interface Ethernet1/0
ip address 202.38.1.1 255.255.255.0
nat outbound static //接口下启用nat static
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/0
set priority 5
#
3. PC验证结果
四、 配置关键点
见注释。
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作