6-華爲防火牆:配置基於源IP地址的NAT
1、實驗一:配置No-Pat
一、基本配置略:
二、R1開啓Telnet功能:
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode password ?
<cr>Please press ENTER to execute command
[R1-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):cisco
[R1-ui-vty0-4]user privilege level 15
三、配置Trust到Untrust的Zone間策略:
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy create-mode auto-sort enable
[SRG-policy-interzone-trust-untrust-outbound]policy 5
[SRG-policy-interzone-trust-untrust-outbound-5]policy source 192.168.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-5]policy destination 202.100.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-5]policy service service-set telnet
[SRG-policy-interzone-trust-untrust-outbound-5]policy service service-set icmp
[SRG-policy-interzone-trust-untrust-outbound-5]action permit
四、NAT未部署前地址未轉換:
<R2>telnet 202.100.1.1
Login authentication
Password:cisco後端
五、配置no-pat:
[SRG]nat address-group 1 202.100.1.10 202.100.1.20 //建立地址組
[SRG]nat-policy interzone trust untrust outbound //建立Zone間NAT策略
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 0
[SRG-nat-policy-interzone-trust-untrust-outbound-0]policy source 192.168.1.0 mask 24 //須要轉換的源地址段
[SRG-nat-policy-interzone-trust-untrust-outbound-0]address-group 1 no-pat //轉換後的地址組,而且不轉換到端口
[SRG-nat-policy-interzone-trust-untrust-outbound-0]action source-nat //執行源轉換動做
測試:
<R2>telnet 202.100.1.1session
查看防火牆會話轉換:
[SRG]display firewall session table verbose //源端口50573,轉換後端口依然是50573ide
查看防火牆Map:
[SRG]display firewall server-map測試
二:實驗二:配置PAT,有外部地址池的端口轉換
[SRG-nat-policy-interzone-trust-untrust-outbound-0]undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-0]address-group 1
測試:
<R2>telnet 202.100.1.1
[SRG]display firewall session table verboseui
3、實驗三:配置Easy-IP,轉換192.168.1.2到USG的g0/0/0接口地址
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy 0
[SRG-nat-policy-interzone-trust-untrust-outbound-0]undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-0]easy-ip GigabitEthernet 0/0/0
測試:
[SRG]display firewall session table verboseserver
- 1. 6-華爲防火牆:配置基於源IP地址的NAT
- 2. 華爲防火牆NAT配置
- 3. 華爲防火牆USG6330 NAT 配置
- 4. 華爲USG防火牆 NAT配置
- 5. 華爲eNSP防火牆NAT配置
- 6. 華爲防火牆雙向NAT配置
- 7. 華爲USG防火牆源地址轉換NAT
- 8. 華爲USG防火牆NAT
- 9. 華爲防火牆地址轉換
- 10. 華爲防火牆基礎配置
- 更多相關文章...
- • IP地址分配(靜態分配+動態分配+零配置) - TCP/IP教程
- • IP地址是什麼? - TCP/IP教程
- • ☆基於Java Instrument的Agent實現
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 6-華爲防火牆:配置基於源IP地址的NAT
- 2. 華爲防火牆NAT配置
- 3. 華爲防火牆USG6330 NAT 配置
- 4. 華爲USG防火牆 NAT配置
- 5. 華爲eNSP防火牆NAT配置
- 6. 華爲防火牆雙向NAT配置
- 7. 華爲USG防火牆源地址轉換NAT
- 8. 華爲USG防火牆NAT
- 9. 華爲防火牆地址轉換
- 10. 華爲防火牆基礎配置