实验 8 防火墙DNAT

实验 8 防火墙DNAT

请将其中的17替换为你自己的

拓扑 DNAT.zip

IP地址表

Client	IP地址	子网掩码	网关
Client1	12.2.2.2	255.255.255.0	12.2.2.1
Client2	192.168.17.254	255.255.255.0	192.168.17.1

Server	IP地址	子网掩码	网关
Server1	10.0.0.254	255.0.0.0	10.0.0.1

AR1	接口	IP地址	掩码长度
AR1	GigabitEthernet0/0/0	17.1.1.2	24
AR1	GigabitEthernet0/0/1	12.2.2.1	24

FW	接口	IP地址	掩码长度
FW1	GigabitEthernet1/0/0	17.1.1.1	24
FW1	GigabitEthernet1/0/1	10.0.0.1	8
FW1	GigabitEthernet1/0/2	192.168.17.1	24

FW

[USG6000V1]firewall zone trust 
[USG6000V1-zone-trust]a i g 1/0/2
[USG6000V1-zone-trust]q
[USG6000V1]firewall zone untrust 
[USG6000V1-zone-untrust]a i g 1/0/0
[USG6000V1-zone-untrust]q
[USG6000V1]firewall zone dmz 
[USG6000V1-zone-dmz]a i g 1/0/1
[USG6000V1-zone-dmz]q
[USG6000V1]ip route-static 0.0.0.0 0 17.1.1.2
[USG6000V1]security-policy
[USG6000V1-policy-security]rule n dmz
[USG6000V1-policy-security-rule-dmz]source-zone trust
[USG6000V1-policy-security-rule-dmz]source-zone untrust
[USG6000V1-policy-security-rule-dmz]destination-zone dmz
[USG6000V1-policy-security-rule-dmz]destination-address 10.0.0.254 32
[USG6000V1-policy-security-rule-dmz]service http
[USG6000V1-policy-security-rule-dmz]act p
[USG6000V1-policy-security-rule-dmz]q
[USG6000V1-policy-security]q
[USG6000V1]nat server xm137 protocol tcp global 17.1.1.254 www inside 10.0.0.254 www