• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

以er5200g2为网关,外网可连内网。以ak115为网关,外网不能连内网。

  • 0关注
  • 1收藏,1298浏览
粉丝:0人 关注:0人

问题描述:

1、同一个移动宽带光猫(非公网IP),下面连接er5200g2和ak115。

2、测试软件为softether,使用其自带的域名。

3、ak115的安全策略中有源安全域、目标安全域都是any的策略。

4、PC机的网关为ak115时,外网电脑上的softether客户端无法连接内网电脑上的softether服务端;

     PC机的网关为er5200g2时,则可以连接上。



组网及组网描述:





最佳答案

粉丝:167人 关注:1人

1、路由(检查下)

2、NAT(检查下)

3、策略没问题

4、DNS配置在哪里的(检查下)


还是没能解决问题。

zhiliao_TK9rj1 发表时间:2022-05-22 更多>>

DNS为114.114.114.114

zhiliao_TK9rj1 发表时间:2022-05-21

需要上传一下ak115的配置文件吗?

zhiliao_TK9rj1 发表时间:2022-05-21

可以发出来看看

叫我靓仔 发表时间:2022-05-21

已发,谢谢。

zhiliao_TK9rj1 发表时间:2022-05-21

请问,发现哪里有问题了吗?

zhiliao_TK9rj1 发表时间:2022-05-21

还是没能解决问题。

zhiliao_TK9rj1 发表时间:2022-05-22
2 个回答
zhiliao_TK9rj1 知了小白
粉丝:0人 关注:0人

这是ak115的配置文件,删除了某些敏感内容,可能导致格式有些变化。

#

version 7.1.064, Release 9524P33
#
sysname H3C
#
context Admin id 1
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
#
dns proxy enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 3
#
object-group ip address 172.22.42.250
0 network host address 172.22.42.250
#
object-group ip address 192.1.1.250
0 network host address 192.1.1.250
#
object-group ip address 192.1.2.250
0 network host address 192.1.2.250
#
object-group ip address Lsk-Office
0 network host address 172.22.42.123
#
dhcp server ip-pool 172-22-42-X
gateway-list 172.22.42.2
dns-list 114.114.114.114
static-bind ip-address 172.22.42.21 mask 255.255.255.0 hardware-address d0c7-c033-8807
static-bind ip-address 172.22.42.22 mask 255.255.255.0 hardware-address dcfe-18b0-bff1
static-bind ip-address 172.22.42.23 mask 255.255.255.0 hardware-address c061-1805-51bb
static-bind ip-address 172.22.42.24 mask 255.255.255.0 hardware-address f483-cde4-1303
static-bind ip-address 172.22.42.25 mask 255.255.255.0 hardware-address fcd7-33fa-bdc7
static-bind ip-address 172.22.42.27 mask 255.255.255.0 hardware-address 743a-20c7-571c
static-bind ip-address 172.22.42.28 mask 255.255.255.0 hardware-address 18f2-2c1c-a7a6
static-bind ip-address 172.22.42.121 mask 255.255.255.0 hardware-address 309c-2358-45c1
static-bind ip-address 172.22.42.122 mask 255.255.255.0 hardware-address f44d-30b4-b946
static-bind ip-address 172.22.42.126 mask 255.255.255.0 hardware-address 309c-2358-45bb
static-bind ip-address 172.22.42.128 mask 255.255.255.0 hardware-address 7427-eaac-4312
static-bind ip-address 172.22.42.140 mask 255.255.255.0 hardware-address 0023-24d8-8328
static-bind ip-address 172.22.42.142 mask 255.255.255.0 hardware-address 54e1-ad0e-7b4c
static-bind ip-address 172.22.42.146 mask 255.255.255.0 hardware-address 507b-9d35-7887
static-bind ip-address 172.22.42.162 mask 255.255.255.0 hardware-address e865-d4bc-aa90
static-bind ip-address 172.22.42.190 mask 255.255.255.0 hardware-address f44d-30b3-f37f
static-bind ip-address 172.22.42.191 mask 255.255.255.0 hardware-address 1c69-7a28-4e8f
#
dhcp server ip-pool 192-1-1-X
gateway-list 192.1.1.1
network 192.1.1.0 mask 255.255.255.0
dns-list 114.114.114.114
static-bind ip-address 192.1.1.11 mask 255.255.255.0 hardware-address 64ae-f15a-4e88
static-bind ip-address 192.1.1.12 mask 255.255.255.0 hardware-address 64ae-f15a-46d4
static-bind ip-address 192.1.1.13 mask 255.255.255.0 hardware-address 64ae-f15a-4ecc
static-bind ip-address 192.1.1.14 mask 255.255.255.0 hardware-address 64ae-f15a-4e7c
static-bind ip-address 192.1.1.15 mask 255.255.255.0 hardware-address 64ae-f157-ab46
static-bind ip-address 192.1.1.16 mask 255.255.255.0 hardware-address 64ae-f15a-4e75
static-bind ip-address 192.1.1.17 mask 255.255.255.0 hardware-address 64ae-f157-a103
static-bind ip-address 192.1.1.18 mask 255.255.255.0 hardware-address 64ae-f15a-4e79
static-bind ip-address 192.1.1.19 mask 255.255.255.0 hardware-address 64ae-f157-a0ed
static-bind ip-address 192.1.1.20 mask 255.255.255.0 hardware-address 64ae-f15a-44a9
#
dhcp server ip-pool 192-1-2-X
gateway-list 192.1.2.1
network 192.1.2.0 mask 255.255.255.0
dns-list 114.114.114.114
#
dhcp server ip-pool 192-115-109-X
gateway-list 192.115.109.1
network 192.115.109.0 mask 255.255.255.0
dns-list 114.114.114.114
#
nqa template icmp jkjc-sdsbk
#
nqa template icmp jkjc-xtwjw
#
nqa template icmp jkjc-xwky
#
controller Cellular1/0/0
#
interface NULL0
#
interface Vlan-interface1
ip address 192.1.1.1 255.255.255.0
#
interface Vlan-interface2
ip address 192.1.2.1 255.255.255.0
#
interface Vlan-interface3
ip address 172.22.42.2 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
description GuideWan Interface1/0/2
bandwidth 200000
ip address 192.100.86.100 255.255.255.0
nat outbound description GuideNat
undo dhcp select server
gateway 192.100.86.1
#
interface GigabitEthernet1/0/3
port link-mode route
description GuideWan Interface1/0/3
bandwidth 500000
ip address 11.214.0.214 255.255.255.128
nat outbound
undo dhcp select server
gateway 11.214.0.213
#
interface GigabitEthernet1/0/4
port link-mode route
description GuideWan Interface1/0/4
bandwidth 100000
nat outbound
#
interface GigabitEthernet1/0/5
port link-mode route
#
interface GigabitEthernet1/0/6
port link-mode route
#
interface GigabitEthernet1/0/7
port link-mode route
#
interface GigabitEthernet1/0/8
port link-mode route
#
interface GigabitEthernet1/0/9
port link-mode route
description GuideLan Interface1/0/9
ip address 192.115.109.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 to 3 tagged
combo enable copper
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 to 3 tagged
combo enable copper
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface1
import interface Vlan-interface2
import interface Vlan-interface3
import interface GigabitEthernet1/0/0 vlan 1 to 4094
import interface GigabitEthernet1/0/1 vlan 1 to 4094
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
import interface GigabitEthernet1/0/9
#
security-zone name sdsbkUntrust
import interface GigabitEthernet1/0/4
#
security-zone name wwwUntrust
import interface GigabitEthernet1/0/2
#
security-zone name xtwjwUntrust
import interface GigabitEthernet1/0/3
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
authentication-mode scheme
user-role network-admin
#
line class usb
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-admin
#
ip route-static 0.0.0.0 0 GigabitEthernet1/0/2 192.100.86.1
ip route-static 172.0.0.0 8 Vlan-interface3 172.22.42.1 description 上级IP地址。
#
info-center source FILTER logfile deny
#
ssh server enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$EHUwoexLeBLOUfbI$3PpDlQrLQxnaInghR3sRGim6nnbn22wHQ5QhvfSLg4X0E8ttPdyp/uTqrZ0bYseSrpM689UbIyPFH8LkK5ts+w==
service-type ssh telnet terminal https
authorization-attribute user-role level-3
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
session statistics enable
session top-statistics enable
session synchronization enable
session synchronization http
#
ipsec logging negotiation enable
#
application global statistics enable
#
apr signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
ike logging negotiation enable
#
ip https enable
#
url-filter signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
ips signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
app-profile 0_IPv4
#
app-profile 1_IPv4
#
app-profile 2_IPv4
#
app-profile 3_IPv4
#
app-profile 4_IPv4
#
app-profile 5_IPv4
#
app-profile 6_IPv4
#
app-profile 7_IPv4
#
app-profile 8_IPv4
#
inspect block-source parameter-profile ips_block_default_parameter
#
inspect block-source parameter-profile url_block_default_parameter
#
inspect logging parameter-profile av_logging_default_parameter
#
inspect logging parameter-profile ips_logging_default_parameter
#
loadbalance link-group lianluzu-xtwjw
transparent enable
success-criteria at-least 1
link lianlu-xtwjw
success-criteria at-least 1
probe jkjc-xtwjw
#
loadbalance link-group lianluzu-xwky
transparent enable
probe jkjc-xwky
success-criteria at-least 1
link lianlu-xwky
success-criteria at-least 1
probe jkjc-xwky
#
loadbalance class lltz-10.10.0.0 type link-generic
match 1 destination ip address 10.10.0.0 16
#
loadbalance class lltz-10.78.0.0 type link-generic
match 1 destination ip address 10.78.0.0 16
#
loadbalance class lltz-11.0.0.0 type link-generic
match 1 destination ip address 11.0.0.0 8
#
loadbalance class lltz-131.252.88.188 type link-generic
match 1 destination ip address 131.252.88.188
#
loadbalance action ##defaultactionforllbipv4##%%autocreatedbyweb%% type link-generic
forward all
#
loadbalance action ob$action$#for#lltz-10.10.0.0 type link-generic
link-group lianluzu-xtwjw
#
loadbalance action ob$action$#for#lltz-10.78.0.0 type link-generic
link-group lianluzu-xtwjw
#
loadbalance action ob$action$#for#lltz-11.0.0.0 type link-generic
link-group lianluzu-xtwjw
#
loadbalance action ob$action$#for#lltz-131.252.88.188 type link-generic
link-group lianluzu-xwky
#
loadbalance policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%% type link-generic
class lltz-10.10.0.0 action ob$action$#for#lltz-10.10.0.0
class lltz-10.78.0.0 action ob$action$#for#lltz-10.78.0.0
class lltz-131.252.88.188 action ob$action$#for#lltz-131.252.88.188
class lltz-11.0.0.0 action ob$action$#for#lltz-11.0.0.0
default-class action ##defaultactionforllbipv4##%%autocreatedbyweb%%
#
virtual-server ##defaultvsforllbipv4##%%autocreatedbyweb%% type link-ip
virtual ip address 0.0.0.0 0
lb-policy ##defaultpolicyforllbipv4##%%autocreatedbyweb%%
service enable
bandwidth busy-protection enable
bandwidth interface statistics enable
#
loadbalance isp file flash:/lbispinfo_v1.5.tp
#
loadbalance link lianlu-xtwjw
router ip 11.214.0.213
success-criteria at-least 1
probe jkjc-xtwjw
#
loadbalance link lianlu-xwky
router ip 172.22.42.1
success-criteria at-least 1
probe jkjc-xwky
#
traffic-policy
rule 3 name 视频会议设备
action qos profile 50m速度
source-address address-set 视频会议设备
destination-zone wwwUntrust
destination-zone wwwUntrust
profile name 10m速度
bandwidth downstream maximum 10000
bandwidth upstream maximum 10000
profile name 20m速度
bandwidth downstream maximum 20000
bandwidth upstream maximum 20000
profile name 30m速度
bandwidth downstream maximum 30000
bandwidth upstream maximum 30000
profile name 50m速度
bandwidth downstream maximum 50000
bandwidth upstream maximum 50000
profile name 5m速度
bandwidth downstream maximum 5000
bandwidth upstream maximum 5000
profile name 不限速
bandwidth downstream maximum 100000
bandwidth upstream maximum 100000
profile name 不允许
bandwidth downstream maximum 8
bandwidth upstream maximum 8
#
security-policy ip
rule 3 name GuideSecPolicy3
action pass
rule 1 name GuideSecPolicy
action pass
source-zone Local
source-zone Trust
destination-zone Untrust
destination-zone DMZ
destination-zone Trust
destination-zone Local
rule 2 name GuideSecPolicy-1
action pass
source-zone Local
source-zone Trust
destination-zone sdsbkUntrust
destination-zone wwwUntrust
destination-zone xtwjwUntrust
#
ips logging parameter-profile ips_logging_default_parameter
#
anti-virus signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
anti-virus logging parameter-profile av_logging_default_parameter
#

return​

回复叫我靓仔:

有什么解决办法吗?谢谢。

zhiliao_TK9rj1 发表时间:2022-05-22 更多>>

防火墙和路由器互联接口地址多少

叫我靓仔 发表时间:2022-05-21

192.100.86.X

zhiliao_TK9rj1 发表时间:2022-05-21
回复叫我靓仔:

有什么解决办法吗?谢谢。

zhiliao_TK9rj1 发表时间:2022-05-22
粉丝:98人 关注:1人

服务器和终端是相同网段?服务器插在哪里的?

请高手们指点,谢谢。

zhiliao_TK9rj1 发表时间:2022-05-23 更多>>

服务器和终端不是相同网段。服务器其实就是一台电脑,安装了softether的服务器端。

zhiliao_TK9rj1 发表时间:2022-05-21

检查路由

IT钟点工 发表时间:2022-05-21
回复IT钟点工:

现在是softether客户端连不上服务端,和路由有关系吗?

zhiliao_TK9rj1 发表时间:2022-05-21
回复IT钟点工:

接在AK115下面的电脑,上网等都很正常。

zhiliao_TK9rj1 发表时间:2022-05-21
回复IT钟点工:

对了,用向日葵远控软件,可以连上AK115下面的电脑。

zhiliao_TK9rj1 发表时间:2022-05-21

发现哪里有问题了吗?

zhiliao_TK9rj1 发表时间:2022-05-22

期待。

zhiliao_TK9rj1 发表时间:2022-05-22

请高手们指点,谢谢。

zhiliao_TK9rj1 发表时间:2022-05-23

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明