其他分享
首页 > 其他分享> > 华为防火墙源NAT/Easy_IP配置

华为防火墙源NAT/Easy_IP配置

作者:互联网

实验物理拓扑:

 

实验配置:

FW1:

[FW1]
sysname FW1
#web-manager enable 
interface GigabitEthernet0/0/0   //web管理接口
 undo shutdown
 ip binding vpn-instance default
 ip address 172.16.1.2 255.255.255.0
 service-manage http permit
 service-manage https permit
 service-manage ping permit
 service-manage ssh permit
 service-manage snmp permit
 service-manage telnet permit
 service-manage netconf permit
#
interface GigabitEthernet1/0/0    //trust
 undo shutdown
 ip address 10.1.1.10 255.255.255.0
 service-manage ping permit
#
interface GigabitEthernet1/0/1   //untrust
 undo shutdown
 ip address 202.100.1.10 255.255.255.0
 service-manage ping permit
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet1/0/0
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet1/0/1
#
nat address-group napt 0
 mode no-pat global
 section 0 202.100.1.100 202.100.1.110
#
 multi-interface
  mode proportion-of-weight
#
security-policy
 rule name trust_untrust
  source-zone trust
  destination-zone untrust
  source-address 10.1.1.0 24
  action permit
#
nat-policy
 rule name NAPT
  source-zone trust
  destination-zone untrust
  action nat address-group napt
#
return
[FW1] 


检查测试:

PC>ping 202.100.1.254

Ping 202.100.1.254: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 202.100.1.254: bytes=32 seq=2 ttl=254 time=46 ms
From 202.100.1.254: bytes=32 seq=3 ttl=254 time=16 ms
From 202.100.1.254: bytes=32 seq=4 ttl=254 time=16 ms
From 202.100.1.254: bytes=32 seq=5 ttl=254 time=15 ms

--- 202.100.1.254 ping statistics ---
  5 packet(s) transmitted
  4 packet(s) received
  20.00% packet loss
  round-trip min/avg/max = 0/23/46 ms
[FW1]dis firewall session table 
 icmp  VPN: public --> public  10.1.1.1:27383[202.100.1.100:27383] --> 202.100.1
.254:2048
[FW1]

Easy_IP配置

检查测试:

PC>ping 202.100.1.254

Ping 202.100.1.254: 32 data bytes, Press Ctrl_C to break
From 202.100.1.254: bytes=32 seq=1 ttl=254 time<1 ms
From 202.100.1.254: bytes=32 seq=2 ttl=254 time=16 ms
From 202.100.1.254: bytes=32 seq=3 ttl=254 time<1 ms
From 202.100.1.254: bytes=32 seq=4 ttl=254 time=15 ms
From 202.100.1.254: bytes=32 seq=5 ttl=254 time=16 ms

--- 202.100.1.254 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 0/9/16 ms
[FW1]dis firewall session table 
 Current Total Sessions : 10
 icmp  VPN: public --> public  10.1.1.1:4345[202.100.1.10:2055] --> 202.100.1.25
4:2048
 tcp  VPN: default --> default  172.16.1.1:51477 --> 172.16.1.2:8443
 icmp  VPN: public --> public  10.1.1.1:4857[202.100.1.10:2057] --> 202.100.1.25
4:2048

标签:NAT,IP,permit,bytes,202.100,Easy,32,254,1.254
来源: https://blog.csdn.net/weixin_46503909/article/details/115199914