地址解析错误
一台防火墙,下面接两台服务器,中间没有别的设备,防火墙做了域间策略和nat映射,具体配置如下,望各位大神帮我看一下
<H3C>dis cu
vlan 1
#
vlan 10
#
object-group ip address win1
0 network host address 192.168.10.1
#
object-group ip address win2
0 network host address 192.168.10.2
# object-group service yuancheng
0 service tcp destination eq 3389
10 service tcp destination eq 15000
20 service tcp destination eq 16000
#
interface Vlan-interface10
ip address 192.168.10.254 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-mode route
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode route
ip address 58.16.10.70 255.255.255.0
ip address 58.16.10.74 255.255.255.0 sub
dns server 221.13.30.242
dns server 221.13.28.234
nat server protocol tcp global 58.16.10.70 80 inside 192.168.10.2 80
nat server protocol tcp global 58.16.10.70 8080 inside 192.168.10.2 8080
nat server protocol tcp global 58.16.10.74 80 inside 192.168.10.1 80
nat server protocol tcp global 58.16.10.74 8080 inside 192.168.10.1 8080
nat server protocol tcp global 58.16.10.74 15000 inside 192.168.10.1 3389
nat server protocol tcp global 58.16.10.74 16000 inside 192.168.10.2 3389
#
security-zone name Local
#
security-zone name Trust
import interface Vlan-interface10
import interface GigabitEthernet1/0/14 vlan 10
import interface GigabitEthernet1/0/15 vlan 10
#
security-zone name DMZ
#
security-zone name Untrust
import interface GigabitEthernet1/0/1
#
security-zone name Management
import interface GigabitEthernet1/0/0
#
ip route-static 0.0.0.0 0 58.16.10.1
#
ssh server enable
#
acl basic 2000
rule 0 permit source 192.168.10.0 0.0.0.255
#
ip https enable
webui log enable
#
security-policy ip
rule 1 name 1
action pass
source-zone Local
destination-zone Trust
rule 2 name 2
action pass
source-zone Trust
destination-zone Local
rule 3 name 3
action pass
source-zone Trust
destination-zone Untrust
rule 4 name 4
action pass
source-zone Untrust
destination-zone Trust
destination-ip win1
destination-ip win2
service yuancheng
rule 5 name 5
action pass
source-zone Untrust
destination-zone Trust
destination-ip win1
destination-ip win2
service http
rule 6 name 6
action pass
source-zone Untrust
destination-zone Trust
destination-ip win2
destination-ip win1
service https
rule 7 name 7
action pass
source-zone Untrust
destination-zone Trust
destination-ip win1
destination-ip win2
service dns-tcp
service dns-udp
#
return <H3C>
(0)
最佳答案
没看到有附件啊 是从哪个安全域访问哪个安全域页面打不开啊,安全策略配置通了吗,接口是否加入了安全域
(0)
上传不了,我写在问题里面了
是从哪个地址访问哪个地址,哪个安全域访问哪个安全域啊
我配了远程登录服务器3389的端口,按道理策略是没问题的
我一直是用外网地址远程服务器的
需要的话,我可以给你看截图
服务器是从interface Vlan-interface10过来的流量吗
对
现在可以了,我加了一个nat静态转换
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
老哥,我还有一个问题,我在防火墙上配的DNS有用吗,为什么我配了还要在服务器上加个dns