SecPath F100-C-AI SecPath F100-C-G Nat Server请教
- 0关注
- 1收藏,3339浏览
问题描述:
前级设备为 SecPath F100-C-AI 后级设备为 SecPath F100-C-G 请问怎样设置才能在 后级设备上实现NAT SERVER功能?
- 2017-07-14提问
- 举报
-
(0)
最佳答案
SecPath F100-C-AI充当拨号设备,Ethernet0/0端口连接外部动态IP线路。Ethernet0/2端口下接 SecPath F100-C-G 设备的GigabitEthernet0/0端口,SecPath F100-C-G设置为UTM运行模式,该设备负责子网划分和DHCP功能。由于有两条外网线路,所以还做了路由策略。
问题:在SecPath F100-C-AI上设置服务器NAT不能成功。不知道是什么原因。能否在SecPath F100-C-G上设置NAT SERVER ?
谢谢
#
version 5.20, Release 2209P26
#
sysname H3C
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 218.85.157.99
dns server 218.85.152.99
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
port-security enable
#
ip http enable
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dar protocol-group 1
protocol BitTorrent
protocol eMule/eDonkey
protocol MSN
protocol Yahoo Message
#
traffic classifier p2plimit operator or
if-match protocol-group 1
#
traffic behavior behaviorfordeny
filter deny
#
qos policy PolicyLimitOut
classifier p2plimit behavior behaviorfordeny
#
dhcp server ip-pool 192.168.0.1
network 192.168.0.0 mask 255.255.255.0
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.90.34 192.168.90.38
network mask 255.255.255.248
gateway-list 192.168.90.33
dns-list 218.85.157.99 218.85.152.99
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$uDGtFFtWMQH6VTGbBg3tVMT/trZ6uslt
authorization-attribute level 3
service-type telnet
service-type web
#
wlan rrm
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
cwmp
undo cwmp enable
#
attack-defense policy 1
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
qos apply policy PolicyLimitOut outbound
attack-defense apply policy 1
dar enable
#
interface Dialer10
nat outbound
link-protocol ppp
ppp chap user 059190385968
ppp chap password cipher $c$3$CN/WT2J1rPM9KWabay9FODTPI32lheBRAA==
ppp pap local-user 059190385968 password cipher $c$3$2/OKjwA6AvUAfpajNmWCAWw3KDd1uZ5FMA==
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1492
ip address ppp-negotiate
tcp mss 1024
dialer user username
dialer-group 10
dialer bundle 10
#
interface Ethernet0/0
port link-mode route
nat outbound
nat server 1 protocol tcp global current-interface 9090 inside 192.168.90.35 9090
pppoe-client dial-bundle-number 10
dar enable
qos apply policy PolicyLimitOut outbound
attack-defense apply policy 1
ip flow-ordering external
#
interface Ethernet0/1
port link-mode route
ip address 192.168.0.1 255.255.255.0
dar enable
qos apply policy PolicyLimitOut outbound
attack-defense apply policy 1
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.90.33 255.255.255.248
dhcp server apply ip-pool vlan1
nat outbound static
attack-defense apply policy 1
ip flow-ordering internal
#
interface Ethernet0/2
port link-mode bridge
#
interface Ethernet0/3
port link-mode bridge
#
interface Ethernet0/4
port link-mode bridge
#
interface Ethernet0/5
port link-mode bridge
#
interface WLAN-Radio2/0
#
ip route-static 0.0.0.0 0.0.0.0 Dialer10
ip route-static 192.168.0.0 255.255.0.0 Vlan-interface1 192.168.90.34
#
dhcp enable
#
dialer-rule 10 ip permit
#
nms primary monitor-interface Dialer10
#
ip flow-ordering stat-interval 10
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
- 2017-07-14回答
- 评论(4)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
F100-C-AI Ethernet0/0端口就是连接外网线路,并且连接模式是虚拟拨号。至于Cellular0/0端口设备面板上也没有啊。方便加个QQ看下吗?431643221