已知 一台设备 5020 防火墙 做NAT 转换
需要在ACL3002 使用策略 允许源 110.16.0.0-110.16.16.0/24 访问 12.34.56.9-10
这个命令咋写来着。。一对一 我会,批量就怕错了
(0)
最佳答案
你是为了简化ACL规则吧。源 110.16.0.0-110.16.16.0/24不在一个子网掩码概括段里,
但源地址你可以写:110.16.0.0 0.0.15.255、110.16.16.0 0.0.0.255
(0)
谢谢
NB啊 NB
参考ACL命令如下:
acl ad 3000
rule 0 permit ip source 110.16.0.0 0.0.0.255 destination 12.34.56.9 0
rule 1 permit ip source 110.16.1.0 0.0.0.255 destination 12.34.56.9 0
rule 2 permit ip source 110.16.2.0 0.0.0.255 destination 12.34.56.9 0
rule 3 permit ip source 110.16.3.0 0.0.0.255 destination 12.34.56.9 0
rule 4 permit ip source 110.16.4.0 0.0.0.255 destination 12.34.56.9 0
rule 5 permit ip source 110.16.5.0 0.0.0.255 destination 12.34.56.9 0
rule 6 permit ip source 110.16.6.0 0.0.0.255 destination 12.34.56.9 0
rule 7 permit ip source 110.16.7.0 0.0.0.255 destination 12.34.56.9 0
rule 8 permit ip source 110.16.8.0 0.0.0.255 destination 12.34.56.9 0
rule 9 permit ip source 110.16.9.0 0.0.0.255 destination 12.34.56.9 0
rule 10 permit ip source 110.16.10.0 0.0.0.255 destination 12.34.56.9 0
rule 11 permit ip source 110.16.11.0 0.0.0.255 destination 12.34.56.9 0
rule 12 permit ip source 110.16.12.0 0.0.0.255 destination 12.34.56.9 0
rule 13 permit ip source 110.16.13.0 0.0.0.255 destination 12.34.56.9 0
rule 14 permit ip source 110.16.14.0 0.0.0.255 destination 12.34.56.9 0
rule 16 permit ip source 110.16.15.0 0.0.0.255 destination 12.34.56.9 0
rule 17 permit ip source 110.16.16.0 0.0.0.255 destination 12.34.56.9 0
rule 20 permit ip source 110.16.0.0 0.0.0.255 destination 12.34.56.10 0
rule 21 permit ip source 110.16.1.0 0.0.0.255 destination 12.34.56.10 0
rule 22 permit ip source 110.16.2.0 0.0.0.255 destination 12.34.56.10 0
rule 23 permit ip source 110.16.3.0 0.0.0.255 destination 12.34.56.10 0
rule 24 permit ip source 110.16.4.0 0.0.0.255 destination 12.34.56.10 0
rule 25 permit ip source 110.16.5.0 0.0.0.255 destination 12.34.56.10 0
rule 26 permit ip source 110.16.6.0 0.0.0.255 destination 12.34.56.10 0
rule 27 permit ip source 110.16.7.0 0.0.0.255 destination 12.34.56.10 0
rule 28 permit ip source 110.16.8.0 0.0.0.255 destination 12.34.56.19 0
rule 29 permit ip source 110.16.9.0 0.0.0.255 destination 12.34.56.9 0
rule 30 permit ip source 110.16.10.0 0.0.0.255 destination 12.34.56.10 0
rule 31 permit ip source 110.16.11.0 0.0.0.255 destination 12.34.56.10 0
rule 32 permit ip source 110.16.12.0 0.0.0.255 destination 12.34.56.10 0
rule 33 permit ip source 110.16.13.0 0.0.0.255 destination 12.34.56.10 0
rule 34 permit ip source 110.16.14.0 0.0.0.255 destination 12.34.56.10 0
rule 36 permit ip source 110.16.15.0 0.0.0.255 destination 12.34.56.10 0
rule 37 permit ip source 110.16.16.0 0.0.0.255 destination 12.34.56.10 0
quit
(0)
你这个是允许从外到内,直接在防火墙的域间策略里配就行了
(0)
要求在3002 下面做。。
要求在3002 下面做。。
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
NB啊 NB