华为防火墙源NAT/Easy_IP配置

2021-03-25 10:59:43 阅读：807 来源： 互联网

标签：NAT IP permit bytes 202.100 Easy 32 254 1.254

实验物理拓扑：

实验配置：

FW1:

[FW1]
sysname FW1
#web-manager enable
interface GigabitEthernet0/0/0 //web管理接口
undo shutdown
ip binding vpn-instance default
ip address 172.16.1.2 255.255.255.0
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage snmp permit
service-manage telnet permit
service-manage netconf permit
#
interface GigabitEthernet1/0/0 //trust
undo shutdown
ip address 10.1.1.10 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/1 //untrust
undo shutdown
ip address 202.100.1.10 255.255.255.0
service-manage ping permit
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
nat address-group napt 0
mode no-pat global
section 0 202.100.1.100 202.100.1.110
#
multi-interface
mode proportion-of-weight
#
security-policy
rule name trust_untrust
source-zone trust
destination-zone untrust
source-address 10.1.1.0 24
action permit
#
nat-policy
rule name NAPT
source-zone trust
destination-zone untrust
action nat address-group napt
#
return
[FW1]

检查测试：

PC>ping 202.100.1.254

Ping 202.100.1.254: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 202.100.1.254: bytes=32 seq=2 ttl=254 time=46 ms
From 202.100.1.254: bytes=32 seq=3 ttl=254 time=16 ms
From 202.100.1.254: bytes=32 seq=4 ttl=254 time=16 ms
From 202.100.1.254: bytes=32 seq=5 ttl=254 time=15 ms

--- 202.100.1.254 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/23/46 ms
[FW1]dis firewall session table
icmp VPN: public --> public 10.1.1.1:27383[202.100.1.100:27383] --> 202.100.1
.254:2048
[FW1]

Easy_IP配置

检查测试：

PC>ping 202.100.1.254

Ping 202.100.1.254: 32 data bytes, Press Ctrl_C to break
From 202.100.1.254: bytes=32 seq=1 ttl=254 time<1 ms
From 202.100.1.254: bytes=32 seq=2 ttl=254 time=16 ms
From 202.100.1.254: bytes=32 seq=3 ttl=254 time<1 ms
From 202.100.1.254: bytes=32 seq=4 ttl=254 time=15 ms
From 202.100.1.254: bytes=32 seq=5 ttl=254 time=16 ms

--- 202.100.1.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 0/9/16 ms
[FW1]dis firewall session table
Current Total Sessions : 10
icmp VPN: public --> public 10.1.1.1:4345[202.100.1.10:2055] --> 202.100.1.25
4:2048
tcp VPN: default --> default 172.16.1.1:51477 --> 172.16.1.2:8443
icmp VPN: public --> public 10.1.1.1:4857[202.100.1.10:2057] --> 202.100.1.25
4:2048

标签：NAT,IP,permit,bytes,202.100,Easy,32,254,1.254
来源： https://blog.csdn.net/weixin_46503909/article/details/115199914

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

ICode9

华为防火墙源NAT/Easy_IP配置