H3C F100 G2防火墙
配置了4口 192.168.76.254 255.255.255.0
我电脑直插在4口
配置IP
192.168.76.16
255.255.255.0
192.168.76.254
为什么电脑ping不通网关192.168.76.254
# interface GigabitEthernet1/0/0
port link-mode route
ip address 192.168.0.1 255.255.255.0
# interface GigabitEthernet1/0/1
port link-mode route
# interface GigabitEthernet1/0/2
port link-mode route
# interface GigabitEthernet1/0/3
port link-mode route description outside
ip address 10.209.50.30 255.255.255.224
ipsec apply policy bhsjy
# interface GigabitEthernet1/0/4
port link-mode route description inside
ip address 192.168.76.254 255.255.255.0
# security-zone name Local
# security-zone name Trust
import interface GigabitEthernet1/0/4
# security-zone name DMZ
# security-zone name Untrust
import interface GigabitEthernet1/0/3
# security-zone name Management
import interface GigabitEthernet1/0/0
# zone-pair security source Any destination Any packet-filter 3500
# zone-pair security source Local destination Trust packet-filter 3500
# zone-pair security source Trust destination Local packet-filter 3500
# zone-pair security source Trust destination Trust
# zone-pair security source Trust destination Untrust
# zone-pair security source Untrust destination Trust
# zone-pair security source Untrust destination Untrust
# security-policy ip
rule 0 name l-t
action pass source-zone Local
destination-zone Trust
rule 1 name t-l
action pass source-zone Trust
destination-zone Local
rule 2 name l-u
action pass source-zone Local
destination-zone Untrust
rule 3 name u-l
action pass source-zone Untrust
destination-zone Local
rule 4 name t-u
action pass source-zone Trust
destination-zone Untrust
rule 5 name u-t
action pass source-zone Untrust
destination-zone Trust
#
(0)
最佳答案
[bhsjy]undo security-policy disable This command will enable the security policy feature and disable the object policy feature. Continue? [Y/N]:y You can use the security-policy switch-from object-policy command to switch current object policy configuration to security policy configuration.
(0)
没看到你acl 3500 的 内容是什么,而且,local是本地域,这个不是用来跑业务的,物理接口加入local域,还真没这样用过,你加入trust域看看
(0)
4口是trust域
# acl advanced 3000 rule 0 permit ip source 192.168.76.0 0.0.0.255 destination 129.200.0.0 0.0.255.255 rule 1 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.100.0 0.0.0.255 rule 2 permit ip source 192.168.76.0 0.0.0.255 destination 192.168.24.0 0.0.0.255 rule 3 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.8.0 0.0.0.255 rule 4 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.31.0 0.0.0.255 # acl advanced 3500 rule 0 permit ip
acl 3500里面的内容是什么
(0)
# acl advanced 3000 rule 0 permit ip source 192.168.76.0 0.0.0.255 destination 129.200.0.0 0.0.255.255 rule 1 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.100.0 0.0.0.255 rule 2 permit ip source 192.168.76.0 0.0.0.255 destination 192.168.24.0 0.0.0.255 rule 3 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.8.0 0.0.0.255 rule 4 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.31.0 0.0.0.255 # acl advanced 3500 rule 0 permit ip
# acl advanced 3000 rule 0 permit ip source 192.168.76.0 0.0.0.255 destination 129.200.0.0 0.0.255.255 rule 1 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.100.0 0.0.0.255 rule 2 permit ip source 192.168.76.0 0.0.0.255 destination 192.168.24.0 0.0.0.255 rule 3 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.8.0 0.0.0.255 rule 4 permit ip source 192.168.76.0 0.0.0.255 destination 129.100.31.0 0.0.0.255 # acl advanced 3500 rule 0 permit ip
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明