中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

6-華為防火墻:配置基于源IP地址的NAT

發布時間:2020-06-13 22:09:22 來源:網絡 閱讀:2119 作者:第七_感 欄目:安全技術

6-華為防火墻:配置基于源IP地址的NAT
一、實驗一:配置No-Pat
1、基本配置略:
2、R1開啟Telnet功能:
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode password ?
<cr>Please press ENTER to execute command
[R1-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):cisco
[R1-ui-vty0-4]user privilege level 15
3、配置Trust到Untrust的Zone間策略:
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy create-mode auto-sort enable
[SRG-policy-interzone-trust-untrust-outbound]policy 5
[SRG-policy-interzone-trust-untrust-outbound-5]policy source 192.168.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-5]policy destination 202.100.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-5]policy service service-set telnet
[SRG-policy-interzone-trust-untrust-outbound-5]policy service service-set icmp
[SRG-policy-interzone-trust-untrust-outbound-5]action permit
4、NAT未部署前地址未轉換:
<R2>telnet 202.100.1.1
Login authentication
Password:cisco

5、配置no-pat:
[SRG]nat address-group 1 202.100.1.10 202.100.1.20 //創建地址組
[SRG]nat-policy interzone trust untrust outbound //創建Zone間NAT策略
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 0
[SRG-nat-policy-interzone-trust-untrust-outbound-0]policy source 192.168.1.0 mask 24 //需要轉換的源地址段
[SRG-nat-policy-interzone-trust-untrust-outbound-0]address-group 1 no-pat //轉換后的地址組,并且不轉換到端口
[SRG-nat-policy-interzone-trust-untrust-outbound-0]action source-nat //執行源轉換動作
測試:
<R2>telnet 202.100.1.1

查看防火墻會話轉換:
[SRG]display firewall session table verbose //源端口50573,轉換后端口依然是50573

查看防火墻Map:
[SRG]display firewall server-map

二:實驗二:配置PAT,有外部地址池的端口轉換
[SRG-nat-policy-interzone-trust-untrust-outbound-0]undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-0]address-group 1
測試:
<R2>telnet 202.100.1.1
[SRG]display firewall session table verbose

三、實驗三:配置Easy-IP,轉換192.168.1.2到USG的g0/0/0接口地址
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy 0
[SRG-nat-policy-interzone-trust-untrust-outbound-0]undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-0]easy-ip GigabitEthernet 0/0/0
測試:
[SRG]display firewall session table verbose

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

刚察县| 诸暨市| 灌南县| 邢台县| 寻甸| 凤阳县| 永仁县| 凉城县| 临沭县| 潜江市| 松阳县| 曲麻莱县| 宜州市| 东平县| 卓资县| 广安市| 荥阳市| 芷江| 河南省| 富川| 红桥区| 兴山县| 沐川县| 滦南县| 濉溪县| 日照市| 武城县| 金坛市| 梁山县| 项城市| 东海县| 神池县| 保定市| 汶川县| 田东县| 汤阴县| 辛集市| 九龙坡区| 兴安县| 高密市| 马尔康县|