Home > Others

Firewall configuration Ten task five, with Nat two interface configuration

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Configuration tasks for Firewalls five

configuration of two interfaces with NAT

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/37/wKioL1T6yMijh5_WAAFhlhZW3Yc242.jpg "title=" 1.PNG " alt= "Wkiol1t6ymijh5_waafhlhzw3yc242.jpg"/>

task topology diagram 5.1

The basic configuration of the 1.inside interface and the outside interface, the interface security level defaults by default.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T6x9qjl_BBAAJfeaGwhDk762.jpg "title=" 2.PNG " alt= "Wkiom1t6x9qjl_bbaajfeagwhdk762.jpg"/>

Figure 5.2

2. tags : Settings can be telnet firewall, host inside network 10.1.1.11/24. tag 2 : Set the local authentication user name to: usercce, password: ccepassword 15. tag three: Local authentication is turned on.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T6yQ2C6nREAAUtPSongRM026.jpg "title=" 3.PNG " alt= "Wkiol1t6yq2c6nreaautpsongrm026.jpg"/>

Figure 5.3

3. turn on logging, send logs to internal host 10.1.1.11, Level 6(informational).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/3B/wKiom1T6yArTsH5zAAHbJbWbzYM128.jpg "title=" 4.PNG " alt= "Wkiom1t6yartsh5zaahbjbwbzym128.jpg"/>

Figure 5.4

4. settings time-out is 600 seconds. and set nat 204.31.17.25-204.31.17.27 255.255.255.0  Span style= "font-family: ' The song Body '; >, consider address overflow, set pnat convert, Internal nat convert all Span style= "font-family: ' Times New Roman ';" >inside network.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/37/wKioL1T6yTfwAD3iAAFuLvOQRk4285.jpg "title=" 5.PNG " alt= "Wkiol1t6ytfwad3iaafulvoqrk4285.jpg"/>

Figure 5.5

5. tag 1: Allow only internal network 10.1.1.0 to external connections. Tag 2: Do not allow other networks to pass.

Tag 3: Apply to the inside interface.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/3B/wKiom1T6yEigTmGEAAVB898OJNw795.jpg "title=" 6.PNG " alt= "Wkiom1t6yeigtmgeaavb898ojnw795.jpg"/>

Figure 5.6

mark Span style= "font-family: ' Times New Roman ';" >1 : Allow only static conversions inside region address 192.168.3.10 to the external outside Span style= "font-family: ' The song Body '; > region 192.159.1.1 web flow.

Tag 2: A Web service thatallows any network access to the internal network host 192.168.1.1 .

Tag 4: Allow all ICMP traffic to traverse the firewall.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/37/wKioL1T6yXeQPxfmAAd2h4rd8qA090.jpg "title=" 7.PNG " alt= "Wkiol1t6yxeqpxfmaad2h4rd8qa090.jpg"/>

Figure 5.7

7.(1) deny host 192.168.3.3 access to the service.

(2) block Java applet traffic on the host 192.168.3.3 Port .

(3) deny host 192.168.3.3 access to Web services.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T6yHvTlV1pAAQqjrWZhmI377.jpg "title=" 8.PNG " alt= "Wkiom1t6yhvtlv1paaqqjrwzhmi377.jpg"/>

Figure 5.8

8. Configure the default route to the external network.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/3B/wKiom1T6yJHSUCCvAABe1bSW4fc532.jpg "title=" 9.PNG " alt= "Wkiom1t6yjhsuccvaabe1bsw4fc532.jpg"/>

Figure 5.9

9. routes configured on the R1 , using rip ver2 to announce direct-connect routes.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/37/wKioL1T6ybnisaXBAAJyWRlF-mo500.jpg "title=" 10.PNG "alt=" Wkiol1t6ybnisaxbaajywrlf-mo500.jpg "/>

Figure 5.10

Use RIP ver 2 on the firewall to announce a direct-connect route and turn off automatic summarization.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/3B/wKiom1T6yLOgNbeKAAFOIBi0dy4130.jpg "title=" 11.PNG "alt=" Wkiom1t6ylognbekaafoibi0dy4130.jpg "/>

Figure 5.11

One, open rip ver2 authentication key for mykey keyID is 1.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/3B/wKiom1T6yMfhIbyNAAK7BhfpKHc786.jpg "title=" 12.PNG "alt=" Wkiom1t6ymfhibynaak7bhfpkhc786.jpg "/>

Figure 5.12

Mark 1: Configure the tacacs + server on the firewall with the server name:tacacs-server Address: 10.1.1.12

Protocol:Tacacs+, application range:inside 10.1.1.0 192.168.3.0

Tag 2: Authenticate DNS traffic to the Internal network 192.168.3.0 .

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/37/wKioL1T6yfTSvs4zAAb3N1ThLbE960.jpg "title=" 13.PNG "alt=" Wkiol1t6yftsvs4zaab3n1thlbe960.jpg "/>

Figure 5.13

All firewall configuration rollup, and tacacs Server configuration Rollup.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/3B/wKiom1T6yO7SdRP1AAYziMX4jBw357.jpg "title=" 14.PNG "alt=" Wkiom1t6yo7sdrp1aayzimx4jbw357.jpg "/>

Figure 5.14


This article is from the "Network" blog, be sure to keep this source http://zznetwork.blog.51cto.com/9398550/1618284

Firewall configuration Ten task five, with Nat two interface configuration

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
iptables linux firewall configuration firewall configuration checklist zyxel firewall configuration asa firewall configuration firewall installation and configuration linux firewall configuration cisco asa firewall configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More