防火墙USG做NAT产生路由环路及解决方法(防火墙nat技术)

网友投稿 360 2022-10-10


防火墙USG做NAT产生路由环路及解决方法(防火墙nat技术)

接口地址interface GigabitEthernet0/0/0alias GE0/MGMTip address 192.168.1.254 255.255.255.0

interface GigabitEthernet0/0/1ip address 192.168.2.254 255.255.255.0

interface GigabitEthernet0/0/2ip address 200.1.1.1 255.255.255.0

接口加入到区域firewall zone trustadd interface GigabitEthernet0/0/0

firewall zone untrustadd interface GigabitEthernet0/0/2

firewall zone dmzadd interface GigabitEthernet0/0/1

要求三先放行出去在ICMP流量policy interzone trust untrust outboundpolicy 1action permitpolicy service service-set icmp创建地址池,[SRG]nat address-group 0 pool1 200.100.100.1 200.100.100.10创建NAT策略[SRG]nat-policy interzone trust untrust outbound [SRG-nat-policy-interzone-trust-untrust-outbound]policy 1 [SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source any

[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy destination any[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat[SRG-nat-policy-interzone-trust-untrust-outbound-1]address-group pool1 [SRG-nat-policy-interzone-trust-untrust-outbound-1]q[SRG ]ip roue-static 0.0.0.0 0.0.0.0 200.1.1.2

地址池路由汇总200.100.100.00000001200.100.100.00001010200.100.100.0/28

我的课程首页http://edu./lecturer/1025688.html加群学习讨论:32307012


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

标签:接口
上一篇:Cisco ASA firewall Active/Standby failover(cisco交换机)
下一篇:Java日常练习题,每天进步一点点(13)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~